Walker<p>When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?</p><p>Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore? </p><p>With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past. </p><p><a href="https://infosec.exchange/tags/zerotrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zerotrust</span></a> <a href="https://infosec.exchange/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apt</span></a> <a href="https://infosec.exchange/tags/scriptkiddie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scriptkiddie</span></a> <a href="https://infosec.exchange/tags/networksecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecurity</span></a> <a href="https://infosec.exchange/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudflare</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
265active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#geoblocking
0 posts · 0 participants · 0 posts today
Veza85UE<p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> My proposal for unlocking the potential of one particular 🇪🇺 creative industry (one we invented in Europe) is to smack Ruben Östlund and all politicians he's lobbied for <a href="https://eupolicy.social/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> over the head with the Consolidated version of The Treaty on the Functioning of the European Union open at Article 101 until they stop blocking Europeans from learning about each other and entertaining each other with 🇪🇺 popculture. </p><p><a href="https://eupolicy.social/@Veza85UE/111574381900505708" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eupolicy.social/@Veza85UE/1115</span><span class="invisible">74381900505708</span></a></p><p><a href="https://eupolicy.social/tags/cinema" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cinema</span></a> <a href="https://eupolicy.social/tags/eurocultura" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eurocultura</span></a> <a href="https://eupolicy.social/tags/MyOwnPersonalJihad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MyOwnPersonalJihad</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.jp/@landley" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>landley</span></a></span> <span class="h-card" translate="no"><a href="https://mstdn.social/@jschauma" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jschauma</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@ryanc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ryanc</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xabad1dea</span></a></span> yeah, the exhaustion problem would've been shoved back with a <a href="https://infosec.space/tags/64bit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>64bit</span></a> or sufficiently delayed by a 40bit number.</p><p>Unless we also hate <a href="https://infosec.space/tags/NAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NAT</span></a> and expect every device to have a unique static <a href="https://infosec.space/tags/IP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IP</span></a> (which is a <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> nightmare at best that <em>"<a href="https://infosec.space/tags/PrivacyExtensions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyExtensions</span></a>"</em> barely fixed.) </p><ul><li>I mean they could've also gone the <a href="https://infosec.space/tags/DECnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DECnet</span></a> approach and use the <a href="https://infosec.space/tags/EUI48" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EUI48</span></a> / <a href="https://infosec.space/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a>-Address (or <a href="https://infosec.space/tags/EUI64" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EUI64</span></a>) as static addressing system, but that would've made <a href="https://infosec.space/tags/vendors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vendors</span></a> and not <a href="https://infosec.space/tags/ISPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISPs</span></a> the powerful forces of allocation. (Similar to how technically the <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICCID</span></a> dictates <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GSM</span></a> / <a href="https://infosec.space/tags/4G" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4G</span></a> / <a href="https://infosec.space/tags/5G" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>5G</span></a> access and not the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IMEI</span></a> unless places like Australia ban imported devices.</li></ul> <p>I guess using a <a href="https://infosec.space/tags/128bit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>128bit</span></a> address space was inspired by <a href="https://infosec.space/tags/ZFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZFS</span></a> doing the same <em>before</em>, as the folks who designed both wanted to design a solution that clearly will outlive them (<em>way harder</em> than COBOL has outlived Grace Hopper)...</p><ul><li>Personally I've only had headaches with <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv6</span></a> because not only do I only have <a href="https://infosec.space/tags/IPv4only" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv4only</span></a> <a href="https://infosec.space/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Internet</span></a> but my <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISP</span></a> refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv4</span></a>'s in with my contract!)and stuff like <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HurricaneElectric</span></a> / <a href="https://infosec.space/tags/HEnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HEnet</span></a>'s <a href="https://infosec.space/tags/Tunnelbroker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tunnelbroker</span></a> fail face first due to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> and the fact that <a href="https://infosec.space/tags/ASNs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASNs</span></a> get geolocated, not their <a href="https://infosec.space/tags/PoPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoPs</span></a>... </li></ul><p>If I was <span class="h-card" translate="no"><a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BNetzA</span></a></span> I would've mandated <a href="https://infosec.space/tags/DualStack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DualStack</span></a> and banned <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CGNAT</span></a> (or at least the use of CGNAT in <a href="https://infosec.space/tags/RFC1918" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RFC1918</span></a> address spaces) as well as <a href="https://infosec.space/tags/DualStackLite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DualStackLite</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@shoppingtonz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shoppingtonz</span></a></span> <span class="h-card" translate="no"><a href="https://mas.to/@alternativeto" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alternativeto</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> also every <a href="https://infosec.space/tags/Tunneling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tunneling</span></a> - regardless if <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> or <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> or whatever - will inevitably introduce <a href="https://infosec.space/tags/latency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>latency</span></a> (unless you happen to be customer of a shitty <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISP</span></a> with horrible <a href="https://infosec.space/tags/peering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>peering</span></a> and thus can cut down on hops needed, which is AFAIK only a theoretical scenario)...</p><ul><li>Outside of circumventing <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> and bypassing <a href="https://infosec.space/tags/IP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IP</span></a>-based <a href="https://infosec.space/tags/Banning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banning</span></a> (i.e. for <a href="https://infosec.space/tags/Cheating" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cheating</span></a>) I've not seen any use-cases.</li></ul><p>In fact I stopped using <a href="https://infosec.space/tags/HEnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HEnet</span></a> <a href="https://infosec.space/tags/Tunnelbroker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tunnelbroker</span></a> and <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv6</span></a>-<a href="https://infosec.space/tags/GIF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GIF</span></a>-Tunneling because it created more issued than it solved on my <a href="https://infosec.space/tags/IPv4only" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv4only</span></a> <a href="https://infosec.space/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Internet</span></a> connection…</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.space/@fennix" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fennix</span></a></span> TBH, I think those bs claims should be illegal.</p><p>The only valid claims I've seen is that it enables people to circumvent <a href="https://infosec.space/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> and potentially <a href="https://infosec.space/tags/InternetCensorship" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetCensorship</span></a> as well as <a href="https://infosec.space/tags/TrafficDiscrimination" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrafficDiscrimination</span></a> due to lack of <a href="https://infosec.space/tags/NetNeutrality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetNeutrality</span></a>, but those are always to be taken with a truckload of salt!</p><p>Most certsinly, there are no <em>"<a href="https://infosec.space/tags/loglessVPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>loglessVPN</span></a>|s"</em> and no <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> provider will <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">risk jailtime for any.client</a>…</p>
Spruwel<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xabad1dea</span></a></span> </p><p>I'm pretty sure there weren't <a href="https://chaos.social/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> in 1985.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@kubikpixel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kubikpixel</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@malwaretech" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malwaretech</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@tomscott" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tomscott</span></a></span> or to put it into perspective:</p><p>I worked at a telco, and whilst clients were above-average in terns of bahaviour, one does get a high single digit or low double-digit amount of LEA requests per day per x million customers.</p><p>Now imagine the average <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> has similar utilization as a <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CGNAT</span></a>, so easily they'll have <a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LawfulInterception</span></a> going on 24/7 because <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">logless VPNs are a lie</a> and besides circumventing <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> they don't do anything else...</p><ul><li>In fact I'd argue it'll be more privacy friendly to self-host a VPN on-demand with flexible hoster or just having a fixed IP at home, simply because those usually have a higher bar for getting surveillance approved.</li></ul><p>TLDR: Just get <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails_live</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tails</span></a> and good.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@wmd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wmd</span></a></span> <span class="h-card" translate="no"><a href="https://denden.world/@miqokin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>miqokin</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> there is a shitton of information.</p><ul><li>Check out the <a href="https://infosec.space/tags/documentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>documentation</span></a> by <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>guardianproject</span></a></span> (and yes you can simply choose on a per-connection basis to use <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> or not woth <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Orbot</span></a>).</li></ul><p><a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a>|s only work great to circumvent <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> and they <em>won't protect users against prosecution and surveillance</em>!</p><ul><li>You'd know that if you read <span class="h-card" translate="no"><a href="https://infosec.exchange/@thegrugq" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thegrugq@infosec.exchange</span></a></span> / <span class="h-card" translate="no"><a href="https://social.librem.one/@thegrugq" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thegrugq@librem.one</span></a></span> 's original post and the linked <a href="https://infosec.space/tags/case" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>case</span></a> against someone abusing a VPN.</li></ul><p>Whereas with Tor that doesn't work that well...</p><ul><li>And people who have the time, money and means to get a custom <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> tunnel to some <a href="https://infosec.space/tags/VPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPS</span></a> setup are not the average users...</li></ul><p>Whereas I can get someone started on <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Orbot</span></a> + <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> within minutes.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@wmd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wmd</span></a></span> <span class="h-card" translate="no"><a href="https://denden.world/@miqokin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>miqokin</span></a></span> <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a>|s are - for the most part and with the exception of circumventing <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> - a <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> catering towards <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a>.</p><p><a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2022011202</span><span class="invisible">0000/https://twitter.com/thegrugq/status/1085614812581715968</span></a></p><p><a href="https://infosec.space/tags/TLDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLDR</span></a>:</p><ul><li>Use <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> or GTFO!</li></ul>
Maximilian Henning<p>The European Court of Auditors published an interesting report on <a href="https://darmstadt.social/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> in the <a href="https://darmstadt.social/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> yesterday. The EU is supposed to have a common market, where goods, services and money flow freely – but this report shows that in the digital world, that often isn’t the case.</p><p><a href="https://www.eca.europa.eu/en/publications/SR-2025-03" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">eca.europa.eu/en/publications/</span><span class="invisible">SR-2025-03</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@jetsoft" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jetsoft</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@hanse_mina" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hanse_mina</span></a></span> <a href="https://infosec.space/tags/Funfact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Funfact</span></a>, i worked at several firms where <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> alongside <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>China</span></a> and <a href="https://infosec.space/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> was part of their <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> protocol simply because otherwise they'd constantly get <a href="https://infosec.space/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DDoS</span></a>'d or face hacking attempts.</p><ul><li><a href="https://infosec.space/tags/BGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BGP</span></a>-<a href="https://infosec.space/tags/Blackholing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Blackholing</span></a> traffic from entire ASNs helped <em>a lot</em>!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.jsteuernagel.de/@jana" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jana</span></a></span> what if my <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISP</span></a> refuses to allocate me even a /64 and <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> makes using <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HurricaneElectric</span></a>'s <a href="https://tunnelbroker.net" rel="nofollow noopener noreferrer" target="_blank">Tunnelbroker</a> useless cuz some idiots decided to <a href="https://infosec.space/tags/Geolocate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geolocate</span></a> based off <a href="https://infosec.space/tags/ASN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASN</span></a> not location...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://techhub.social/@leeloo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>leeloo</span></a></span> Until regulators like <span class="h-card" translate="no"><a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BNetzA</span></a></span> get their shit together and mandate a /64 of <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv6</span></a> to be supplied to <em>every <a href="https://infosec.space/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>internet</span></a> connection</em> with no exceptioms or charges <em>and</em> mandates services and devices to support it as well, we'll not he above to get rid of <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv4</span></a>.</p><ul><li>Worse is only <a href="https://infosec.space/tags/DualStackLite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DualStackLite</span></a> and having to do unreliable (due to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a>) hacks like <a href="https://infosec.space/tags/6in4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>6in4</span></a> / <a href="https://infosec.space/tags/6over4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>6over4</span></a> with <a href="https://tunnelbroker.net" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">tunnelbroker.net</span><span class="invisible"></span></a> ...</li></ul><p>Meanwhile it would be cheaper and easier for me to literally get my own private /24 of IPv4s than to convince my ISP to offer me even a single /48 of IPv6s...</p>
Chuck Darwin<p>European Commission and national authorities call on <a href="https://c.im/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> to stop geo-blocking practices on Apple Media Services</p><p>Today, following a coordinated investigation at European level, <br>the Consumer Protection Cooperation (CPC) Network of national consumer authorities and the European Commission notified Apple of <br>several potentially prohibited geo-blocking practices <br>that the CPC Network has identified on certain Apple Media Services, <br>namely App Store, Apple Arcade, Music, iTunes Store, Books and Podcasts. <br>The network requested Apple to align their practices with the EU's anti-geo-blocking rules.<br><a href="https://c.im/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> <br><a href="https://ec.europa.eu/commission/presscorner/detail/en/ip_24_5727" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ec.europa.eu/commission/pressc</span><span class="invisible">orner/detail/en/ip_24_5727</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.sdf.org/@kline" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kline</span></a></span> sadly no, as my <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ISP</span></a> refuses to allocate me even a single /64 of <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv6</span></a>, but happily gives me a /28 of <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPv4</span></a>|s at no extra charge.</p><ul><li><p>Yes, I do put that to good use, <span class="h-card" translate="no"><a href="https://mastodon.social/@ripencc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ripencc</span></a></span> can calm down.</p></li><li><p>No, <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HurricaneElectric</span></a>'s <a href="https://infosec.space/tags/Tunnelbroker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tunnelbroker</span></a> at <a href="https://tunnelbroker.net" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">tunnelbroker.net</span><span class="invisible"></span></a> doesn't help due to it being geolocated wrongly in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a> by virtue of it's <a href="https://infosec.space/tags/ASN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASN</span></a> despite choosing <a href="https://infosec.space/tags/FFM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FFM</span></a> as exit, so most stuff just doesn't work through the <a href="https://infosec.space/tags/GIF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GIF</span></a>-tunnel thanks to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a>!</p></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@steevmi1" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>steevmi1</span></a></span> <span class="h-card" translate="no"><a href="https://hackers.town/@thegibson" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thegibson</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@hrbrmstr" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hrbrmstr</span></a></span> personally, I consider all <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> that isn't a connection to your own business/home network to a <a href="https://infosec.space/tags/Snakeoil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snakeoil</span></a> except when it comes to circumventing <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> and/or <a href="https://infosec.space/tags/InternetCensorship" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetCensorship</span></a> and accessing sites & content!</p><p>That's why <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> don't offer a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> (They could easily buy that as a white-label/ <em>"Managed Service for Reselling"</em> or shove some stuff in a datacenter and callit a day.</p><ul><li>for <a href="https://infosec.space/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> you're way better off using <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>, espechally since <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">they can't rat you out like any telco (incl. VPNs) <em>MUST BE ABLE TO DO</em></a>…</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@shaknais" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shaknais</span></a></span> I tried GIF-Tunneling with <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HurricaneElectric</span></a> and while they offer static subnets (I got a /48 & /64) this isn't workibg reliably and causes issues due to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> despite choosibg their PoP in Frankfurt am Main.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xabad1dea</span></a></span> I don't think the security argument is the point, cuz most sites that do <a href="https://infosec.space/tags/geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblocking</span></a> select only few nations they can clearly say they don't want clients from (i.e. PRC & Russia to avoid carding, North Korea.due to nalware)...</p><ul><li>In fact, most sites I've seen from the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a> that do <a href="https://infosec.space/tags/geoblock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>geoblock</span></a> me from <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a> do so because they don:t wajt to comply with <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> and instead vomit thousands (!!!) of <a href="https://infosec.space/tags/tracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tracking</span></a> <a href="https://infosec.space/tags/cookies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cookies</span></a> on me at every visit.</li></ul><p>I mean it's not as if any gun dealer from Germany would be able to sent a costly C&D to SilencerCo for not disclosing the need for a purchase permit in Germany (like with all guns and -parts regulated) when they don't even accept overseas customer <em>at all</em> to buy directly from them...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://sfba.social/@mvilain" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mvilain</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.online/@standev" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>standev</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerry</span></a></span> well, <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> doesn't offer a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> cuz setting up such a service comes with a shitload of issues <em>and</em> besides circumventing <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> there isn't any reason to use <a href="https://infosec.space/tags/VPNs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPNs</span></a> over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.online/@standev" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>standev</span></a></span> <span class="h-card" translate="no"><a href="https://sfba.social/@mvilain" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mvilain</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerry</span></a></span> That's propably because of that.</p><ul><li>I know companies that'll instantly block any domain registered or adminitrated or linked to <a href="https://infosec.space/tags/GoDaddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoDaddy</span></a>, <a href="https://infosec.space/tags/NameCheap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NameCheap</span></a>, <a href="https://infosec.space/tags/NiceNIc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NiceNIc</span></a>, <a href="https://infosec.space/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudFlare</span></a> or <a href="https://infosec.space/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProtonMail</span></a> due to rampant <a href="https://infosec.space/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a>, <a href="https://infosec.space/tags/scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scams</span></a> and abuse by <a href="https://infosec.space/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> groups. </li></ul><p>In fact I did that - alongside <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geoblocking</span></a> - to prevent and deter <a href="https://infosec.space/tags/carding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>carding</span></a> attempts at a fmr. employer.</p><ul><li>And like many modern sites, attempts of registering an account would just get <a href="https://infosec.space/tags/blackholed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blackholed</span></a> without any notification and said IPs [the entire block allocation as per WHOIS!] temporarily blocklisted for 24 hours.</li></ul><p>Granted this wasn't my decision but basically what the CLO & CFO saw fit as "cybersecurity and risk avoidance strategy" towards regulatory pressure by <span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> & <span class="h-card" translate="no"><a href="https://social.bund.de/@BaFin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BaFin</span></a></span> ...</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload