Skip Navigation
Access home server from anywhere
  • Hmm do a traceroute and see where it's dying. Can you ping inside IP of the tunnel on the wireguard server? What about outside?

    What did you deploy in docker, firezone or basic wireguard?

    Does your phone say connected and you see both incoming and outgoing packets? Is there a firewall in place on the wireguard host (ufw maybe)?

    If you have nmap available you can also check port status.

  • Access home server from anywhere
  • Good thing about wireguard is it's really simple. Google should get it done, if you get stuck send me a DM. I started with basic wireguard, I now run firezone in docker as I like the frontend.

  • Bluetooth security flaws reveals all devices launched after 2014 can be hacked
  • It means they can impersonate the Bluetooth device connected. Input devices are particularly concerning (keyboards and mice) as well as BT IoT devices which already historically lack good security controls. A lot of vehicles have Bluetooth integrated as well these days.

  • Hacking @lemmy.ml bless @lemmy.world
    Bluetooth security flaws reveals all devices launched after 2014 can be hacked

    Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

    The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

    Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

    Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

    Github: https://github.com/francozappa/bluffs

    CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    0
    Bluetooth security flaws reveals all devices launched after 2014 can be hacked

    Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

    The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

    Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

    Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

    Github: https://github.com/francozappa/bluffs

    CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    5
    Access home server from anywhere
  • I would go with wireguard VPN or something like cloudflare tunnels or tailscale. With wireguard you'll need to open up an external port and forward to your VPN host, but wireguard uses UDP so no one can probe it for responses. CF tunnels and tailscale you don't have to open up holes in your firewall which is nice.

    You also have the option of using a proxy and opening up 443 publicly on your firewall, but unless you know what you're doing I'd leave that closed until you learn more.

  • Bluetooth security flaws reveals all devices launched after 2014 can be hacked
    • Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

    • The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

    • Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

    Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

    Github: https://github.com/francozappa/bluffs

    CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

    1
    Setup a DNS server on a dynamic public ip
  • I would get a domain name and use ddns to update your rotating IP. Then I would setup wireguard VPN in split tunnel and have your parents network tunnel back to your piholes for dns resolution.

    I use cloudflare API for ddns updates but there are plenty of choices for that. If you're using cloudflare for DNS just keep in mind you can't proxy the DNS entry for the ip for your VPN host as CF only forwards traffic over certain ports and they are not configurable (on free plan anyway not sure about paid).

  • The Microsoft Security Adoption Framework (SAF) is live
    learn.microsoft.com Security Adoption Resources - Security documentation

    Guiding organizations through security program modernization with reference strategies built on Zero Trust principles

    Security Adoption Resources - Security documentation
    0
    The Microsoft Security Adoption Framework (SAF) is live
    learn.microsoft.com Security Adoption Resources - Security documentation

    Guiding organizations through security program modernization with reference strategies built on Zero Trust principles

    Security Adoption Resources - Security documentation
    0
    Deleted
    Can you give me some hints? I have problems with Docker install
  • The error is telling you you already have something listening on port 80 so docker is unable to bind to 80 again until that is released. Try disabling nginx and apache as you stated.

    You can run

    netstat -pln

    to show you what's running on what port on your host is you want to verify

  • I’m about to throw my entire Pihole out the window
  • For infrastructure critical services I recommend reservations on the DHCP server and then set static assignment on the device for the IP reserved in DHCP. This way if the device ever fails over to DHCP for any reason the IP will not change. I'll usually also leave some small address space outside the DHCP scope available for static assignment if needed, usually at the front and usually around 20 IPs max as it's easier to let DHCP do the heavy lifting.

    Static IPs are important on infra critical devices if you ever find yourself in a situation where the DHCP services are not available, you don't want them to be a single point of failure.

    Just my 2 cents.

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)BL
    bless @lemmy.world
    Posts 6
    Comments 28