<p>I’ve blogged about <a href="https://www.lonecpluspluscoder.com/2019/12/27/building-an-openbsd-wireguard-server/">putting together a WireGuard server using OpenBSD a couple of years back</a>. The main purpose of the server was to ensure a slightly more secure connection when I was on hotel WiFi. Of course thanks to the pandemic, I have barely travelled in the past couple of years so the server was mostly dormant. In fact, I kept VM turned off for most of the time. The VPN server was set…

<p>In <a href="https://www.lonecpluspluscoder.com/2020/01/16/building-an-openbsd-wireguard-vpn-server-part-2-unbound-dns-setup/">part 2</a>, I reconfigured my WireGuard VPN to use an Unbound DNS server on the VPN server rather than rely on a third party server I had used for the original quick and dirty configuration. It was important for me to set up a validating DNS server, which I did in that part.</p>

<p>In the <a href="https://www.lonecpluspluscoder.com/2019/12/27/building-an-openbsd-wireguard-server/">first part</a>, I described how I set up the basic OpenBSD WireGuard VPN server. I also hinted that I wanted to set up my own validating, filtering DNS server. With a little bit of spare time during the holidays I decided now was a good time as any.</p>

<p>In my <a href="https://www.lonecpluspluscoder.com/2019/11/27/looks-like-i-get-to-redo-my-wireguard-vpn-server/">previous post</a>, I mentioned that I somehow ended up with a corrupted filesystem on the WireGuard server <a href="https://www.lonecpluspluscoder.com/2019/01/21/setting-up-my-own-vpn-server-on-vultr-with-centos-7-and-wireguard/">I had set up earlier this year</a>. That iteration of my VPN server was built on Linux as I expected I would get better performance using the kernel-based…

<p>As an IT consultant, I travel a lot. I mean, <em>a lot</em>. Part of the pleasure is having to deal with day-to-day online life on open, potentially free-for-all hotel and conference WiFi. In other words, the type of networks you really want to do your online banking, ecommerce and other potentially sensitive operations on. After seeing one too many ads for VPN services on bad late night TV I finally decided I needed to do something about it. Ideally I intended to this on the cheap and learn…

<p>I <a href="https://www.lonecpluspluscoder.com/2015/08/05/smartphones-computers-need-regular-patching/">recently</a> blogged about Google and Samsung starting to offer regular security patches for their Android devices.</p>

<p>Some security researchers from UCSD <a href="http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/">showed a proof of concept exploit via one of the dongles</a> that appears to be also used by car insurance companies to monitor your driving “to give you discounts for good driving”. I’m not really a fully paid up subscriber of the tin foil hat brigade but stuff like this makes me glad that I’m still opting for the old-fashioned way of paying…

<p>tl;dr - avast’s web shield functionality appears to insert itself into SSL connections using a self signed trusted root certificate and a simple kind of man-in-the middle “attack” on SSL. I would recommend you turn off web shield’s https scanning or choose another virus scanner.</p>