DNScrypt - most glaring security hole in public internet browsing finally patched

http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/

When browsing, our DNS requests are not encrypted and are highly
susceptible to man in the middle attack or dns poisoning. When used
with openDNS, DNScrypt encrypts your DNS traffic finally putting an
end to this glaring flaw

managing cisco ASA using vpn client

Cisco ASA remote management via VPN
February 14th, 2011
By default, remote access VPN users aren't able to manage a Cisco ASA
firewall on the inside interface using any kind of management protocol
(SSH, telnet, HTTPS).
You can enable remote management by specifying the management-access
interface. You can specify the interface via the CLI or via the Cisco
Adaptive Security Device Manager (ASDM). Both methods are specified
below.
CLI
fw01/booches.nl/act# configure terminal
fw01/booches.nl/act(config)# management-access inside
ASDM

When using the Management Access feature with remote VPN connections
(IPSec or SSL VPN) don't forget to add the VPN pool to the
corresponding management access protocols on the interface you
specified as management access interface

Taken from http://www.booches.nl/2011/02/cisco-asa-remote-management-via-vpn/

Replacement RSA token

If u got one of this for more than 6 months, throw them away and get replacement token(s) from your bank/it department. They are compromised

ASA 8.3.1 proxy arp

Whose brilliant idea is it anyway to change a sysopt setting between
minor releases?
And yeah 8.2 to 8.3 is a dot release hence a minor release.

By default, proxy arp is disabled starting from 8.3.1. I know i know
proxy ARP on the outside interface is a security risk, but most
network admin knows this already and would have disabled them if
needed.
What if you have a cross connect link with your ISP on the outside
interface that makes the security risk moot?

Found this the hard way when enabling a static nat on the outside
interface that nothing works. SYN packets are sent but SYN-ACK are
never received.
Firewall do not block anything, no debugging message in ASDM, packet
tracer shows nothing is wrong...
Wireshark shows that ARP request by the ISP PE are ignored with no
notification from the ASA.... Ughhhh Brilliant.

Enabling proxy arp by no sysopt noproxyarp PRODUCTIONINTERFACE or
entering a static ARP entry will fix this problem...

Brilliant move cisco, brilliant...

Osaka day 2 - Dotonburi Ichiran Ramen

Was looking for ichiran ramen at dotonburi, and was getting lost a lot...
Had to refuel on takoyakis before continuing, fortunately these are the best I've had. The dough is very light and juicy and the octopus are crispy inside. It's the perfect second degree burn from Osaka ;)
Finally found the ramen joint, and it sure didn't dissapoint :)
Most balanced tonkotsu ramen I've had so far.
Wish you could try this too LJ

Osaka day 2 - organic cake shop

On the way back from the nissin museum to the nearest railway station, we stumbled upon this awesome organic cake shop.
Just look at the creation they have on display.  Was tempted to buy one each even though I'm not usually a big fan of dessert.
Truly a work of art

Osaka day 2 - nissin museum

What a beautiful crisp osaka morning. I'm in a good mood.
We decided to head to mamofuku ando's museum. He was the creator of instant noodle and the founder of the nissin empire. At the end I made my own instant noodle cup

Arrived at osaka airport for the start of my japan trip 2011

It sure is cold but I'm excited. Unfortunately, jetstar's delay due to some fuel report inconsistencies cost us 2 hours. My butt were aching by the time we got off the plane

Osaka airport finally

After a long day of delays and plane ride, finally arrived at osaka airport. All i wanna do is get some sleep now. Too excited the night before, felt like a zombie all day