Cybersecurity

StrongVPN decided to delete the log mentioned above for security reasons. However attached is I hope a version that is sufficiently anonymised.

In a nutshell, StrongVPN is a cert. based VPN rather than password/key, and so while they have numbers of servers, you have to download a new cert. when changing. Each time I changed server openvpn failed to connect twice before making the connection (with the same errors) openvpn though connecting first time thereafter. I experienced the mouse cursor jumping from the password text input box to the clear text login name box and of its own accord shortly after this, which I take as a MITM attack of some sort (same one website, repeated - namely delicious login).

I'm taking the opportunity to make a quick test post (experimenting with browsers - I am always without fail hacked on this page!) while bringing this log up to date. I've taken the problem over to a thread on the Fedora SELInux forum which can be found here:

mouse pointer stuck in browser sandbox window

I also moved from SL6 over to Fedora 15 to try a current browser version out (SL6 is still using FF 3.X releases). The same bugs result though.

In a nutshell, with an install that should not have (at least in theory) been breached by an attacker gaining direct access to the keyboard, hackers can still hack the browser (running in a SELInux sandbox) -- but they don't seem to be able to hack the webpages so the encrypted VPN connection seems to be holding out - it is hacks like locking the mouse in the sandbox window, and crashing flash, that are getting through (I am fairly well sure at this stage that these are hacks).

For anyone interested I have continued this over on MozillaZine Firefox bugs forum:

VPN encryption not broken, but FF hacked? • mozillaZine Forums