Setting up Yingwa

Just a simple “how-to” on getting started with Yingwa [1] and shadowsocks [2]. As far as I know the software appears to be “clean” from malware – but always be careful, nonetheless.

Here’s how the client looks:


Yingwa will work as a shell over shadowsocks-go and Privoxy.

You’ll want to install shadowsocks as well, I prefer the Go [3] derivative in place of the Python [4] one.

Read the relevant installation instructions for either of these and find out which one is more suitable for you: it’s all very easy to set up – even for a person with only limited *nix skills. All you need is a virtual private server [5] that preferably has multiple locations; see the previous reference for several ones that I can wholeheartedly recommend.

Once you’ve set up shadowsocks/go on your virtual private server you’ll need to just fill out the relevant details in the Yingwa client:

Server Port: THIS MUST BE ‘server_port’ and not ‘local_port’ as per shadowsocks configuration

You needn’t configure anything else. Try visiting something like ipinfo.io and you’ll be see the details of whatever your VPS provides, for me it would look something like this:

That’s pretty much it, there’s not much else to it really


A Package from Sucuri Security

Today a package arrived from ‘Sucuri Security’ (https://sucuri.net/):


It contained several t-shirts, but I only took photographs of this one:



As you can tell, they’re quite nice. I masqueraded my face because there’s enough photographs of me on the Internet, there needn’t be any more 

Thanks a lot to Sucuri Security for sending them to me! I appreciate it.

About Sucuri Security

Sucuri, Inc. is a Delaware Corporation, with our team spread across four continents and over 8 countries. The company was founded by two highly passionate members of the Information Security (InfoSec) domain, both focusing on two very distinct areas – Defensive/Preventive and Awareness.
Sucuri’s inception was in 2008 in the bedroom of our founder, but the idea of tackling the web-based malware problem first came to us in 2004. You can find distant cousins of our engine under the name of Owl, version .1, and WIGS (Web Information Gathering System). Both open-source projects were offered to the masses for free. It was through this process that we built the knowledge we required to understand what end-users really need.

Sucuri, the brand, rose from the rivers of the Brazilian Amazon in 2009, making its first sale in 2010, and incorporating in the USA later that year. The product was developed as a cost-effective solution that would help any web site recover from a malware compromise and protect them to stay secure moving forward.

Visit them: https://sucuri.net/


An Update About #ResetTheNet

I received the following e-mail today from the FFTF team, bearing the title ‘Reset the Net today’. I will quote the contents of this e-mail below:


Today is the day. The largest websites on the Internet have joined us, and we’re literally blocking dragnet government surveillance on a significant portion of the web. Now it’s your turn. If we do this right, it could be the biggest thing we’ve ever done together.

No more waiting. It’s time for each and every one of us to take the first step toward a better Internet and a better world. Politicians won’t protect our privacy. It’s up to us.

Protect yourself now —  get the Reset the Net privacy pack for your computer, accounts, phones, more: https://pack.resetthenet.org

Privacy isn’t about whether we have something to hide, it’s about our ability to be ourselves. It’s about whether or not we want to live in a world with freedom of speech. It’s about whether or not we care about the future of democracy in the world.

Privacy also isn’t only for tech geeks and geniuses. The free, open source apps that we’re suggesting in the Reset the Net privacy pack are easy enough for everyone to use. Heck, send them to your technically challenged parents. The more of us that use these tools the safer we all are, not only from the NSA, but from any government, company, or bad actor that wants to invade our privacy.

No idea where to start? No problem. Click here learn about the easy tools we’re recommending.

Today we begin the largest collective effort in human history to secure the Internet and directly interfere with dragnet spying. Reset the Net is not a single day of action — it’s a coordinated, long term effort that will actually work. It’s already workin g. Just today the pressure we’ve created pushed major sites like WordPress, Tumblr, Dropbox, Twitter, and Mozilla to take real, meaningful steps that will make suspicionless spying much tougher.

But this isn’t about them. It’s about all of us. Today is our day. It’s a day we can feel proud to be internet users, and a day that governments and companies won’t soon forget.

And, it’s only the beginning.

For the Internet,

-Evan, Tiffiniy, Holmes, and the whole FFTF team

P.S. Remember how we kicked some serious but on net neutrality? Fight for the Future is leading the charge to keep the Internet free, but we can’t do it without you.


#OpTrollIsrael: 3k Websites And 2k Emails Hacked

#OpTrollIsrael by Anonghost Team is continuing with success. Apparently the man behind these defacements are Moroccan [1], his message on the defaced websites read like this:

We are AnonGhost and we are everywhere! There is no israel in this map, no one recognize you because it is Palestine. We are coming soon.

In September the Anonghost team hacked 5k Israeli bank accounts:

Operation #OpTrollIsrael appears to have been a huge success so far, totalling 3k rooted websites along with some 2k email accounts [2]. Here is part III posted on pastebin.com 20.11.13:

Source: http://pastebin.com/sfsD3nFJ

What do I think? Simply: Good, good


And no, that isn’t me on the above photograph, but it’s a nice photograph. I found it from somebody I follow on Twitter (@PegalauNegri).


1. #OpTrollIsrael: 65 Israel Websites Hacked by AnonGhost
2. Anonymous Hack More than 3,000 “Israeli’ Websites and 20343 Government Emails #OpTrollIsrael


Google Launches ‘Project Shield’

Google launched their DDoS mitigation service which bears an interesting description:

Project Shield is an initiative launched by Google Ideas to use Google’s own Distributed Denial of Service (DDoS) attack mitigation technology to protect free expression online. The service allows other websites to serve their content through Google’s infrastructure without having to move their hosting location.

I requested an invite for one of my projects (or clients, rather). I cannot disclose whom they are, but I’m interested to hear what Google might say. Probably a generic decline as an answer if they’re uncomfortable with my client’s right to adequate protection of their ‘freedom of expression’ online

In any case, this might be good. Always interesting with ‘new’ stuff.


See https://projectshield.withgoogle.com/about/


A Phone in my taste – QSAlpha Quasar IV

QSAlpha Quasar IV QSAlpha Quasar IV

The QSAlpha Quasar IV is a phone wholly designed with security and privacy in mind. The operative system is called QuaOS which uses Android 4.3 as the base, and according to the project managers QuaOS will be open source. It is powered by a powerful Quad-core processor.
It sports encrypted local storage and encrypted cloud storage. Android OS with an encryption layer. A unique digital signature and key computation methodology to protect the user’s digital identity. It goes into production in March 2014 and you can have it already in June.
The project is crowdfunded via Indiegogo and has 116 funders and only raised two percent of its $3,200,000 goal — despite this, the Quasar IV will still be produced.
Certainly this is a very interesting product for those who favours security and privacy.


For further information see the QSAlpha web page at qsalpha.com