Semantic search

Jump to: navigation, search


MasterPassword
Most password managers are password vaults: they let you store or generate a strong password for your services and then encrypt that key and store it for later retrieval. This approach presents many problems, in particular in the modern mobile age, that result in many frustrations: * Vault availability: If your vault is not available, you cannot use any of your services. * Added risk of identity loss: If you lose (eg. HDD failure/house fire) your vault, you instantly lose your entire online identity. * Force of law: Many countries have laws that require you to divulge the encryption key if a lawful search discovers your vault. Some password vaults implement features to try and address these issues, such as Internet sync, cloud-based vaults or backups and self-destructing vaults. These features all work around issues inherent to the solution and bring their own set of issues: * Network sync: Keeping data secure in transit is non-trivial and adds security risks. * Backups: Requires that you keep multiple locations secure from loss and theft, as well as the vault in transit. * Cloud-based services: Requires you to trust an external party and sacrifices transparency and freedom. * Defensive destruction: Reliability issues and again, risk total identity loss. Master Password is a completely different approach to passwords. The core issue that brings forth these problems is the vault used to store passwords. Master Password removes the vault from the solution by being a stateless solution, thus avoiding each of these issues. Master Password works by being an offline and stateless algorithm used to calculate your site passwords on-demand. Your passwords exist only as long as you need them and then disappear from disk and memory. Passwords are calculated based on a master password and the user's full name, combined with the name of the site. Calculation is based on strong, known and understood cryptographic hashes. Hash-based password generation is not new, but Master Password is a careful implementation that avoids many issues that other hash-based password managers suffer from. Cryptography is not easy and upon inspection, the security of most hash-based password generators completely falls apart. Master Password uses scrypt combined with hmac-sha256 and salting to prevent all known attack vectors.
Mod security
'Mod_security' is an intrusion detection and prevention module for Apache Web servers. Its purpose is to protect vulnerable applications by detecting and (optionally) rejecting attacks. In addition to request filtering (using regex), it can create Web application audit logs. Unlike other similar projects, Mod_security can analyse POST payloads.
MongooseIM
MongooseIM is aimed at large, complex enterprise level projects where real-time communication is critical for business success. It provides high availability, ease of deployment, development and reliability in production. The MongooseIM platform includes server-side components and client libraries. It has also contributed to open source third party XMPP libraries: Smack for Android and XMPP framework for iOS. Built around proven technologies XMPP/Jabber, it adds a simple client/server REST API for front-end and back-end integration.
NSBD
Not-So-Bad Distribution is an automated Web-based distribution system designed for distributing free software on the internet, where users cannot trust the network and cannot entirely trust the software maintainers. NSBD authenticates packages with GNU Privacy Guard (GnuPG) or "Pretty Good(Tm) Privacy" (PGP(Tm)) digital signatures so users can be assured that packages have not been tampered with, and it limits the maintainer to only update selected files and directories on the user's computer. NSBD's focus is on security, leaving as much control as is practical in the users' hands. NSBD handles automated updates by supplying a means of checking for updates to packages and automatically downloading and installing the updates. This "automated pull" style of distribution has the same effect as the "push" style of distribution, but gives more control to the user. A direct "push" style is also supported, which is especially appropriate for situations where there are multiple contributors to a shared server (for example, a shared web-page server). NSBD can "pull" directly over http or by using rsync to minimize network usage.
NetCube
NetCube (a.k.a. Jeff's version of The Spinning Cube of Potential Doom) is a python utility for visualizing network traffic in a 3d simulation. The x, y, and z axes correspond to the source IP address, the port number, and the destination IP address, respectively. This applies only to TCP and UDP traffic, of course, but that's the bulk of the traffic out there! Why bother? Well for one, visualization seems to help humans in identifying port scans and the like. See the original The Spinning Cube of Potential Doom page for more info.
NextTypes
NextTypes is a standards based information storage, processing and transmission system that integrates the characteristics of other systems such as databases, programming languages, communication protocols, file systems, document managers, operating systems, frameworks, file formats and hardware in a single tightly integrated system using a common data types system. NextTypes is a relational/network/objects/files hybrid database system with high level SQL interface, extensive primitive types list, JSON/JSON-LD/XML/Smile/WebDAV/CalDAV/iCalendar/RSS data access, REST interface, customizable MVC architecture, optimistic concurrency control, HTML5/CSS3/SVG/Javascript responsive graphical interface, multilanguage, UTF-8 encoding, syntax highlighting or WYSIWYG editors, robots.txt and sitemap management, text extraction/fulltext search, document management, virus scanning, DoS/SQL injection/CSRF/XSS protection, passwords/X.509 certificates authentication, logging and backup system.
OnionShare
What is OnionShare? OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you. How to Use Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL. This is the secret URL that can be used to download the file you're sharing. Send this URL to the person you're sending the files to. If the files you're sending aren't secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you're sending secret files then it's important to send this URL securely. The person who is receiving the files doesn't need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.\
OpenVPN
OpenVPN lets you to treat a collection of remote machines as though they are on the same network. The connections on this new, virtual network are secured by TLS/SSL. One machine acts as the network server, the others as clients. OpenVPN can also be a component in a TLS tunnel, where the client connects only to the OpenVPN server, which makes additional connections on the client's behalf.
Pica Pica Messenger
Pica Pica is a project aimed to create and support distributed decentralized secure instant messaging system. Pica Pica network consists of nodes and clients. Nodes are hosted by volunteers on their computers. Nodes connect to each other and exchange info about other nodes and online clients, transfer encrypted data between clients. All data transferred between clients is protected by end-to-end encryption using TLS 1.2 protocol. Users are identified by unique SHA224 hash of their certificate which is generated during account creation.
Pound
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests. Pound proxies HTTO _and HTTPS requests simultaneously. In addition, it knows about failed back-end servers and can redirect requests according to their availability. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading the certificate file on start, if required, and the pid file) and should thus pose no security threat to any machine. It needs at least the configuration file (read-only) and, optionally, the HTTPS server certificate (read-only).
Privacy Redirect
Redirects Twitter, YouTube, Instagram, Google Maps and Reddit requests to privacy friendly alternatives such as Nitter, Invidious, Bibliogram and OpenStreetMap. Allows for setting custom instances or random choice, toggling all redirects on/off and more.
Privoxy
Privoxy is a Web proxy based on Internet Junkbuster with advanced filtering capabilities for protecting privacy, filtering Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk. It is useful for both stand-alone systems and multi-user networks.
Protector
'Protector' is a low maintenance e-mail virus blockade system that runs under Sendmail. It runs on e-mail servers that handle in-bound messages, checks incoming e-mail for attachments that could contain viruses, worms, etc., and replaces the offending attachments with standard warning messages (or modifies them to remove the dangerous parts) before passing them on to their intended recipients. The original "dangerous" attachment is saved in a directory that only the system administrator can access.
PyBitmessage
PyBitmessage is the official instant messaging client designed for Bitmessage(a P2P encrypted decentralised communication protocol).
Red Matrix
Originally authored by Mike Macgirvin (also the original author of Friendica), the RedMatrix is a super network created from a huge number of smaller independent and autonomous websites - which are linked together into a cooperative publishing and social platform. It consists of an open source webapp providing a complete multi-user decentralised publishing, sharing, and communications system - known as a "hub". Each hub provides communications (private messaging, chat, blogging, forums, and social networking), along with media management (photos, events, files, web pages, shareable apps) for its members; all in a feature-rich platform. These hubs automatically reach out and connect with each other and the rest of the matrix. Privacy and content ownership always remain under the direct personal control of the individual; and permission to access any item can be granted or denied to anybody in the entire matrix. What makes the RedMatrix unique is what we call "magic authentication" - which is based on our groundbreaking work in decentralised identity services. No other platform provides this ability. Within the matrix the boundaries between different hubs are blurred or seemingly non-existent. Identity in the matrix is considered transient and potentially nomadic. "Who you are" has nothing to do with "what computer you're connected to", and website content can adapt itself according to who is viewing it. You have the ability to "clone" your identity to other hubs; which allows you to continue to communicate with your friends seamlessly if your primary hub is ever disabled (temporarily or permanently). The RedMatrix is ideal for communities of any size, from private individuals and families to online forums, business websites, and organisations. It can be used by anybody who has communications or web content that they wish to share, but where they desire complete control of whom they share it with.
Remcage
RemCage is an accounts simple manager to set them to access through SFTP in jailed directories (chrooted). Useful for fileservers and public webservers. You can expand directory sharing through all networks without SMB/CIFS, and throw away unsecure FTP protocol from webservers.
SILC Client
SILC (Secure Internet Live Conferencing) is a protocol which provides secure Internet conferencing services over insecure channels. It superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic, and all messages are encrypted and authenticated. The SILC also supports secure file transferring. There is the SILC Client for end users, the SILC Server for system administrators, and the SILC Toolkit for application developers.
SILC Toolkit
SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. SILC uses strong cryptographic methods to secure all traffic; it encrypts and authenticates all messages. It also supports secure file transferring. The SILC is delivered as SILC Client for end users, SILC Server for system administrators, and SILC Toolkit for application developers.
SNORT
Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.
Seafile
Seafile provides the full facilities to replace proprietary cloud storage and file syncing solutions. It offers the ability to self-host the server on your own hardware as well as make use of commercial services that host it for you. It offers a desktop client for all major operating systems. Major features include:
  • File syncing
  • File version control
  • Client side encryption
  • Public share linking
  • Group and Organisation collaboration
Seafile Community Edition may be used as a free software replacement for Dropbox, Spideroak, Wuala and similar proprietary programs and services. Seafile Professional Edition is not free software as per the license outlined here: https://manual.seafile.com/deploy_pro/seafile_professional_sdition_software_license_agreement/
Send (file sharing)
Send is a self-hosted tool that allows sending files with encryption. It's a community fork of Firefox Send, a discontinued service by Mozilla. Files are encrypted in the browser before being uploaded to the server. Files are stored for 24 hours then deleted from the server. ffsend is a CLI client for Send. A list of available instances can be found here.
Sesele
SeSeLe is a command-line wizard to create and manage X.509 certificates in two ways: Self-signed certificates + Certification Authority, and Let's Encrypt certificates. Letsencrypt management is intended to call ACME-client for certificates renewal and files redistribution to unprivileged hosts (those that can't attend TCP/443 port). Generated certificates are useful for most TLS secured services such as HTTPs, IMAPs, POP3s, SMTPs, etc. For self-signed files, the only thing you will need to remember are passphrases.
Silky
Silky is an easy-to-use graphical SILC client. The aim of this project is to create a simple and easy to use graphical, os-independent SILC client. Silky contains, or will eventually contain, all necessary features of a SILC client. The user interface will be kept as simple and clean as possible. SILC is a protocol which provides secure conferencing services in the Internet over insecure channel. The biggest similarity between SILC and IRC is that they both provide conferencing services and that SILC has almost same commands as IRC. However, internally they are very different.
SilverTunnel-NG
SilverTunnel-NG is a Java library that implements and encapsulates all the complex network protocol stuff needed for anonymous communication over the Tor anonymity network. SilverTunnel-NG Netlib can be easily integrated in almost every existing and new Java application. The library requires Java 1.6/Java SE 6 or a newer version. This is a fork of silvertunnel (https://silvertunnel.org)
Sshdo
sshdo provides an easily configurable way of controlling which commands may be executed via incoming ssh connections.
Tanne
'tanne' is a small, secure session-management solution for HTTP. It replaces common sessions with a system consisting of PIN and TANs, well known from online banking. It's main purpose is to enable programmers of Web applications to have real secure sessions without cookies or session-ids.
Taskenizer
Taskenizer aims to be a legendary web-based personal organization tool. It helps you organize your TODOs, periodic tasks, notes and lists. It has extra security features. Protects not only against network attacks and data-at-rest attacks but even server compromise. It has extremely optimized bandwidth usage. On a slow mobile connection that can't even load most modern web pages, it will load in seconds. It has features for secure sharing of data with other users. It is Free Software, which means it respects your rights as a computer user. Now the technical details. Taskenizer is: Written in Python3 Designed to run behind NGINX using uWSGI Licenced under the GNU Affero General Public License
Tcptrack
'tcptrack' is a packet sniffer. It passively watches for connections on a specified network interface, tracks their states, and lists them in a manner similar to the Unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage. The filter expression is a standard pcap filter expression (identical to the expressions used by tcpdump) which can filter down the characteristics of TCP connections that tcptrack will see.
Terms of Service; Didn’t Read
Terms of Service; Didn't Read (ToS;DR) is a community project and browser plugin which aims to analyze and grade the terms of service (TOS) and privacy policies of major Internet sites and services. Each aspect of a TOS or privacy policy is assessed as positive, negative, or neutral. Services are graded from A (best) to E (worst).
Textmail
Mail filter to replace proprietary/binary formatting and attachments such as MS Word/HTML attachments with plain text
Tox
Tox is a peer-to-peer, encrypted instant messaging and video calling library that provides APIs for clients, including toxcore, toxav, and toxdns API libraries. This is the page about the Tox core, not a particular Tox client. Tox itself is not an instant messaging client.
Transconnect
TransConnect is a program to allow you almost complete access to the internet through all HTTP proxies that allow https CONNECT (squid, for example).
Twhttpd
TrustWall HTTP Proxy protects your internal Web server by acting as an inbound proxy (like a reserve Squid proxy). It can also work as a secure outbound proxy to protect your browser client. You can inspect almost every detail of the HTTP protocol headers, including the URL request line, the server version, user-agent, referrer, cookie, query, etc., in an easy-to-use script-like configuration file. As per the author the program is for experts only; you will need knowledge of the HTTP protocol to configure the proxy properly.
UBlock Origin
µBlock Origin (µBO, pronounced micro-block origin) is a wide-spectrum blocker for browsers with a simple point-and-click interface to allow users to filter and block server requests, domains, scripts, and more. By default it blocks ads, trackers and malware sites. Users should note that uBlock Origin and uBlock, while they have some history, are now distinct programs whose code base has diverged form each other for some time, with uBlock Origin being the more actively developed and better maintained of the two.
UMatrix
uMatrix (stylized µMatrix) is a point-and-click matrix-based firewall, with many privacy-enhancing tools. Point & click to forbid/allow any class of requests made by your browser. Use it to block scripts, iframes, ads, facebook, etc.
Ublock-origin
uBlock Origin (or uBlock) is not an ad blocker; it's a general-purpose blocker. uBlock blocks ads through its support of the Adblock Plus filter syntax. uBlock extends the syntax and is designed to work with custom rules and filters. Furthermore, advanced mode allows uBlock to work in default-deny mode, which mode will cause all 3rd-party network requests to be blocked by default, unless allowed by the user. That said, it's important to note that using a blocker is NOT theft. Don't fall for this creepy idea. The ultimate logical consequence of blocking = theft is the criminalisation of the inalienable right to privacy. Ads, "unintrusive" or not, are just the visible portions of privacy-invading apparatus entering your browser when you visit most sites nowadays. uBlock₀'s main goal is to help users neutralize such privacy-invading apparatus — in a way that welcomes those users who don't wish to use more technical, involved means (such as µMatrix). EasyList, Peter Lowe's Adservers, EasyPrivacy and Malware domains are enabled by default when you install uBlock₀. Many more lists are readily available to block trackers, analytics, and more. Hosts files are also supported. Once you install uBlock₀, you may easily un-select any of the pre-selected filter lists if you think uBlock₀ blocks too much. For reference, Adblock Plus installs with only EasyList enabled by default.
Vulture
Vulture is an HTTP reverse proxy. It does many security checks (authentication, rewriting, filtering) before proxying request from Internet to your web applications. With authentication enabled, vulture will open flows only to authenticated users. It also allows to your users to use only one password to access many different applications by learning and forwarding their different accounts.
Vulture includes :
  • Authentication (SSL, LDAP/AD, SQL, Radius)
  • Authentication forwarding (SSO)
  • HTTP headers modification on the fly
  • Flow encryption
  • Content filtering
  • URL Rewriting
  • Load balancing
Web Adjuster
Web Adjuster is a Tornado-based, domain-rewriting proxy for applying custom processing to Web pages. It is particularly meant for users of smartphones etc as these might not support browser extensions. It is self-contained in a single python file. Web Adjuster can:
  • Add a custom stylesheet to change size, layout and colours
  • Add custom Javascript to all pages, allowing many desktop browser extensions to work as-is on a smartphone or tablet
  • Supply default values of cookies for site preferences etc
  • Run a custom program to change the markup, or to change or annotate text for language tools (see for example Annotator Generator)
  • Render images for a language or text size not supported by the browser (this function requires the Python Imaging Library and suitable fonts)
  • Down-sample MP3 audio to save bandwidth, and add plain text versions of PDF and EPUB files (helper programs are required for these functions)
  • Remove problematic markup from pages
Web-FTP
Web-FTP provides quick, easy, and (with an SSL-enhanced Web server) more secure access to your FTP server. Designed with file management in mind, it supports uploads, downloads, and all the usual tasks. No spool directories are used; file transfers are relayed directly from the server to the client and vice versa. Multiple file and recursive directory downloads are supported by generating a tar file on the fly. It can also serve as an FTP client, allowing FTP access to clients behind a firewall. You may view and edit files as well. Web-FTP also has rudimentary CryptoCard support, for CryptoCard protected servers.
Wire
Depends on Electron and has trademark policies and licensing restrictions related to server interaction and software behavior that interfere with software freedom. Adfeno (talk) 08:56, 31 March 2020 (EDT) Wire is a modern communication tool with full end-to-end encryption. Its current features are audio conferencing with up to 10 people, and 1-to-1 video conferences, as well as other minor features.
Wireguard
WireGuard is a virtual private network software. It is built in to the Linux (and linux-libre) kernel by default. It intends to be faster and simpler than IPSec and OpenVPN. While initially released for the Linux kernel, it is now a cross-platform project. Some users consider WireGuard to already be the most secure and easiest to use among all of the VPN solutions.
WormScan
WormScan reports attempted attacks on your Apache Web server. It was written to be able to support an unlimited number of worms. It is, however, very extendable, and can be configured to search and report on just about anything in your Web server's log files. The program currently supports the Common Log Format (the default Apache format) and has out of the box detection for Code Red, Code Red II, and Nimda worm attacks. The reports themselves can be modified to suit your needs, and are generated in HTML so you don't need additional software to read them. They can be sorted by date, host, hostname, worm, and number of attacks, and optionally compressed with gzip. Numerous configuration options let you tweak performance and output.
X-Road
X-Road is a standardised, cohesive, collaborative, interoperable, and secure data exchange layer that gives service providers an entirely new opportunity to make themselves visible in services directed at citizens, businesses, and civil servants. Creating entities that combine many different services and data sources is easy and cost-efficient.
Xinetd
xinetd is a replacement for inetd, the internet services daemon. Anybody can use it to start servers that don't require privileged ports because xinetd does not require that the services in its configuration file be listed in /etc/services. It can do access control on all services (multi-threaded or single-threaded, and for both TCP and UDP protocols) based on the address of the remote host and time of access. It supports internal access control, the use of the libwrap library, and IPv6 with access control.
Yafc
YAFC is quite a powerful FTP client. It is a console interface to the FTP protocol. Some of the features are recursive transfers, nohup transfers, colored ls, cached directory listings, autologin and bookmarks, powerful aliases and extensive tab completion. It also has support for Kerberos authentication.
Yarl
This library provides ways for a Python script to make an URL object and only get its parameters, encoded or not.
Yunohost
YunoHost is an operating system aiming for the simplest administration of a server, and therefore democratize self-hosting, while making sure it stays reliable, secure, ethical and lightweight. It is a copylefted libre software project maintained exclusively by volunteers. Technically, it can be seen as a distribution based on Debian GNU/Linux and can be installed on many kinds of hardware.
ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.
Zibawa
Zibawa integrates other free software to create a full stack IoT system, including device management, mqtt message intepreter and enrichment, stack management and monitoring, test messaging and stack configuration. Works with mqtt, amqp and http protocols. Currently interfaces with rabbitmq, influxDB, Grafana dashboards, openLDAP.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.

Retrieved from "https://directory.fsf.org/wiki/Special:Ask"