dns-blocklists
AMDSEV
dns-blocklists | AMDSEV | |
---|---|---|
22 | 1 | |
793 | 269 | |
5.3% | 1.1% | |
8.2 | 2.1 | |
9 days ago | 28 days ago | |
Shell | Shell | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dns-blocklists
-
I work at a apartment/hotel complex and my YouTube was logged into someone's TV??
Please anybody using public wifi networks, protect yourself as much as possible. You can use encrypted dns on all of your devices. iPhone / Mac users download one of the profiles. Android users : choose the dns blocking level you want and enter the corresponding address in “private dns” on most Android devices in the network settings. My preference is dns over tls but dns over https is good too. TLS is just one additional layer of encryption. (Encrypts packets between your device and router) or just use a vpn or both.
-
Mullvad: Moving our Encrypted DNS servers to run in RAM
Mullvad encrypted DNS is also available to all - whether paying for VPN services or not.
In addition they also support optional content blocking[1] via blocklists, just set the desired TLS/HTTPS DNS server.
[1] https://github.com/mullvad/dns-blocklists
-
Privacy configuration for Google Chrome Manifest V3
Option for ads and tracker block DNS: 1. https://github.com/mullvad/dns-blocklists 2. https://nextdns.io 3. https://adguard-dns.io/en/public-dns.html
-
What is your browser score in https://d3ward.github.io/toolz/adblock.html ?
Not sure isit helpful, you can checkout mullvad dns https://github.com/mullvad/dns-blocklists or nextdns. They do offer free dns and block ads on dns level
-
DoH on Android or DNS for Adblock?
I found that 100.64.0.31 is good, I got it from here
-
Can someone tell me what is Mullvad's public DNS servers (IPv4 and IPv6)? I remember writing it down in a notepad somewhere but lost it now.
You can find more info here https://github.com/mullvad/dns-blocklists
-
Ad and tracking protection for Android?
I use Mullvad's adblock DNS and it works fine. Just go to 'Advanced' and under DNS put in the DNS combination you want from their list at https://github.com/mullvad/dns-blocklists
- Apple mobile configuration DNS over TLS is showing not using Mullvad DNS after outtage
- Adblock DNS filter list update
- Mullvad app.
AMDSEV
-
Mullvad: Moving our Encrypted DNS servers to run in RAM
Okay, if we are switching the topic now to AMD's memory encryption, I'll bite, too.
First: Only Ryzen PRO or EPYC models support it, which kind of kicks out all mobile or laptop systems already. Then, only Zen3 CPUs work, because previous generations have a boot freeze bug, which wasn't fixed and upstream linux 5.15 as a result disabled the mem encrypt flag by default.
Second: Before you switch topic to SEV, that's only supported for EPYC models, see here [2]
Regarding attacks: At least AMD had an injection attack problem where SEV in EPYC 7xxx and 3xxx processors was confirmed to be affected without AMD confirming the vulnerability (yet...). It was a master thesis iirc from a guy in luebeck.
There are also known sidechannel attacks which void RAM encryption in practice, like Hertzbleed which used frequency scaling to decrypt ECDSA and PIKE SIDH (which is meanwhile known to be unsecure, at least for PIKE). [3]
Google also did an audit on Intel's TDX where they found bugs in loop boundaries, off by one errors and similar feasible attack methods (which haven't been published as a PoC yet, so I grant you that). [4]
So I would still argue that with these very narrow set of available processors (Intel Pro 13th generation for TME and EPYC 7xxx that have both SME and SEV) is highly limited in its availability and also not available for laptop hardware due to them being server CPUs.
Additionally there's been a lot of attack surfaces that have been proven to have access to SME or SEV stored keys in the CPU and there have been other sidechannel attacks which conceptionally are very unlikely to be fixed anytime soon.
So I would still argue that memory encryption in practice is unreliable.
[1] https://lists.freedesktop.org/archives/amd-gfx/2021-October/...
[2] https://github.com/AMDESE/AMDSEV/issues/1
[3] https://www.hertzbleed.com/
[4] https://services.google.com/fh/files/misc/intel_tdx_-_full_r...
Edit: found the AMD injection attack thesis:
[01] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...
Another attack on SEV, which was confirmed by others since the USENIX conference. Both of the techniques rely heavily on pattern matching to find the decryption oracles though, and around 16 bytes for their OpenSSH demonstrations.
[02] https://www.its.uni-luebeck.de/fileadmin/files/theses/MA_Luc...
[02]
What are some alternatives?
NextDNS-Config - Setup guide for NextDNS, a DoH proxy with advanced capabilities.
stboot - Mirror only. Official repository at https://git.glasklar.is/system-transparency/core/stboot
hblock - Improve your security and privacy by blocking ads, tracking and malware domains.
The Blocklist Project - These lists were created because the founder of the project wanted something with a little more control over what is being blocked. Many lists out there are all or nothing. We set out to create lists with more control over what is being blocked and believe that we have accomplished that.
accomplist - ACCOMPLIST - List Compiler
Pi-hole - A black hole for Internet advertisements
FilterLists - :shield: The independent, comprehensive directory of filter and host lists for advertisements, trackers, malware, and annoyances.