Why you should release your Crypto under GPL

I'm not a Lawyer, the view expressed below is my own.

We see everyday new Crypto software. From IM Applications to Secure Storage programs, and many more. Crypto now a days is a vital part of our time spent in front of a PC Monitor.

Almost every site you visit on your Browser and App you use on your Smartphone use (or should use) Strong Cryptography because Crypto is not a crime

But, with Crypto also comes Trust. It's easier to trust an Open-Source, Audited software that a Proprietary one. (Stay away from self-proclamed "Military-Grade Cryptography" and "Snake oil")

So I will explain why in my opinion is better license Crypto Software under GPL.

Read more »

Intercepting Android traffic using Charles

When testing for Application Security, sometimes A PenTester need to Analyze the network connections that some Application makes, like how uses APIs, what data transfer over the Web and if it uses HTTPS!

In this Post I want to cover the Configuration of the Proxy Connection, if you don't know how to use Charles read the Charles Website.

If you want to use OWASP ZAP read Intercepting Android traffic using OWASP ZAP

If you want more Deep Packet Inspection, you can:

Read more »

Intercepting Android traffic using OWASP ZAP

When testing for Application Security, sometimes A PenTester need to Analyze the network connections that some Application makes, like how uses APIs, what data transfer over the Web and if it uses HTTPS!

In this Post I want to cover the Configuration of the Proxy Connection, if you don't know how to use ZAP read the OWASP ZAP PAGE.

If you want to use Charles Proxy read Intercepting Android traffic using Charles

If you want more Deep Packet Inspection, you can:

Read more »

Let's Encrypt SSL(HTTPS) Certificate

From now on, this website have an HTTPS version with a Let's Encrypt certificate.

If you visit the HTTPS site form Modern Browser like Firefox, Chrome, ecc. you may have a Certificate Error,
Just see the Certificate and check this information:

Released to: Common Name (CN): thezero.org
From: Organization (O): Let's Encrypt

SHA256-Fingerprint: 55:7E:B1:7C:10:9B:04:3E:3D:F7:8C:9F:3C:00:DF:85:77:3D:50:F3:01:56:42:25:26:24:1A:64:9B:7E:08:2E

And below I explain how to make your own Let's Encrypt SSL Certificate on Nginx

Read more »

Is up that HiddenService?

I have started a new simple webapp last week.
I have call it "Is up that HiddenService?"

IS-HS-UP is a simple web application written in Node.js that can establish if a Tor hidden service is online or not.

Read more »

I'm a Rubyist

Conglaturation!
You are visiting a Rubyist's site (what?)

I really like Ruby. It's a nice language. (really? we had not realized that before)

I'm at the beginning, but I wanted to celebrate my 2 gem on rubygems.org.

They aren't Documented and they have some bug, remember that you can contibute on github with issues and pull requests!

Read more »

Node ThePirateBay proxy

Personally I love Open Source, I love Torrent, and I love Copyleft, so I wanted to make a proxy for ThePirateBay (the link is offline in some country).

It's a simple mirror proxy made with Node.js.

There are a few bug and sometime the connection gives a Timeout, but it simply works :D

Read more »

My Hidden Service

As you can see I have a Tor Hidden Service.

Why?

Because I want to Freely express myself and the Web isn't so free as we all think. So I think that TOR should be a good alternative.

In this page you can see how I made this: How I made my Hidden Service

Shellshock Update!

Shellshock CVE-2014-6271

In these days, the news about ShellShock have scared many Linux-Sysadmin, but what is exactly ShellShock?
Shellshock (CVE-2014-6271 and CVE-2014-7169) is an vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system.

Read more »

Jekyll Intro

I used Jekyll since it wasn't mainstream.

My website now is a full-feature blog powered by Jekyll and Lambda-theme :)

I'm Italian (almost proud) but I will write english so everybody can read me easily.

Good Reading. TLDR;

TheZero.