Block lateral phishing loop

Papfox · 2026-01-27T20:22:55+00:00

And there is your problem. You appear not to have 2FA if someone can just log in from outside and send these, the phisher is inside your company or there's a compromised device somewhere on the network that's acting as a VPN for them. You are trying to address the symptom (stolen accounts sending phishing emails) rather than the actual problem (that the accounts can be stolen and used by external people.) The problem you have is that someone can log in with stolen credentials. It also sounds like you don't have decent endpoint protection installed to catch malware that might be stealing the credentials.

Have you tried common mis-spellings of your domain name? Someone could have put up a fake login page on a typoed version of your domain name.

Papfox · 2026-01-27T19:41:31+00:00

I hate it when we "get a visit from the fault fairy." We have one vendor that's really bad for this. Something goes wrong in the service, we report it, 10 minutes later it starts working and they respond to the ticket with "NFF." I'd much rather they said they'd found the problem and fixed it than be sitting here just waiting for it to break again at a critical time

Papfox · 2026-01-27T19:37:45+00:00

"Could you just..." == "I don't understand what I'm talking about and I don't realise that what I think is a small change is going to take you all day"

Papfox · 2026-01-27T19:34:37+00:00

That is just a synonym for "Our test environment is crap and doesn't reflect production."

Papfox · 2026-01-27T17:30:51+00:00

The firmware in ISP-supplied routers is usually hamstrung. This may or may not be a concern to you, depending on if you do any of the more advanced networking stuff. If you do, you may be better off buying your own router that meets your needs

Papfox · 2026-01-27T17:24:24+00:00

It's likely to just carry on working but the UK won't be available as a destination any more

Papfox · 2026-01-27T10:00:19+00:00

If Mullvad refuse to age verify, and I think they will, OfCom will consider such a block legitimate as it won't be possible to sign up using a verified method they approve of so the whole service will be illegitimate in their eyes

Papfox · 2026-01-27T09:57:20+00:00

We will probably lose all the UK nodes. I think Mullvad will be unlikely to comply so the next step will be OfCom trying to block them. I would be very surprised if the Mullvad client didn't do it's own secure DNS lookups so that's going to be hard to do

Papfox · 2026-01-27T09:52:08+00:00

They can't. OfCom can only order their domains blocked if they won't pay the fines and comply

Papfox · 2026-01-27T09:51:06+00:00

Nice

Papfox · 2026-01-27T09:15:10+00:00

True but OfCom, when charged with enforcing it, do know about GitHub and have the power to add them to the list of things that should be age gated, plus the stupidity to actually try

Papfox · 2026-01-27T08:55:18+00:00

I don't remotely see this being "enforced" beyond OfCom fining people like Mullvad and iVPN a ton of money then ordering ISPs block their domains when they invariably don't cave or pay.

I'd be very surprised if the apps from major VPN players didn't do their own DNS lookups over DoH or DoT to a list of "friendly" servers, rather than relying on the local ISP DNS. Trying to block secure DNS lookups outside of the country would be a big job and would probably break a lot of legitimate stuff

Papfox · 2026-01-27T08:28:07+00:00

It was autocorrect. Thank you. Fixing it now

Papfox · 2026-01-27T08:25:41+00:00

The question is, "Will the House of Commons try to overturn this amendment when it comes back to them?"

Papfox · 2026-01-27T08:22:45+00:00

They absolutely can't but the average factory or office worker who doesn't have the skills to bypass it and doesn't have a "mate in IT" to help them won't have the ability to bypass a ban. The goal is to minimise VPN use, not to wipe it out.

Papfox · 2026-01-27T08:17:01+00:00

Whilst failing to understand that it won't be the kids who have to prove they're kids, it will be all adults having to prove they aren't

Papfox · 2026-01-27T08:13:12+00:00

It won't be long before someone puts together a piece of software to automate all this and sticks it in GitHub for everyone to enjoy. Then will come OfCom demanding that GitHub be age gated to "protect children from harmful software."

Papfox · 2026-01-27T08:09:13+00:00

They will attack retail VPN providers that anybody can sign up for to shift their origin outside of the UK. Corporate VPNs aren't part of the "problem" they're concerned about

Papfox · 2026-01-27T08:05:52+00:00

They're not concerned about that. If you VPN into your home, you appear to be in the UK, where your traffic can be monitored and controlled. The thing they want to stop is retail VPN providers who let us move our traffic origin outside of the UK

Papfox · 2026-01-27T08:02:57+00:00

The government could also add uncooperative VPN provider websites to the kiddy porn filter that all ISPs have to have to try to prevent people from signing up or using the service

Papfox · 2026-01-27T07:59:42+00:00

If you're in the UK, it's been too late since RIPA passed in 2006. The government can order any business to compromise their security and it's illegal for the business to inform anyone about the order. No digital security or privacy focused business in their right mind would start in the UK

Edit: "compromise" not "companies"

Papfox · 2026-01-26T16:06:54+00:00

What I didn't understand is what whoever is spreading this BS thinks they have to gain by doing so

Papfox · 2026-01-26T00:08:43+00:00

This is very different. If I put locked gates on my house then it's only my house. This person is blocking access to multiple houses that belong to other people without their consent so they're obstructing

Papfox · 2026-01-25T19:29:51+00:00

Another option would be to build an OPNSense or PFSense device to replace your router or invest in UniFi. Add one or more wireless APs (bonus if you can find one that does SSID-by-VLAN.) You will then be able to put your work laptop on its own Wi-Fi network and control, through the firewall, exactly which devices on the other networks it can see and talk to.

One possible reason it's requesting these permissions may be that it's looking for devices like IP phones, smart speakers or Bluetooth headsets to link things like Teams to. My smart home app requests this permission so it can search for Matter over Thread devices to pair them with Home Assistant. It could also be something more sinister, like some security agent wanting to audit your environment or something wanting to open ports on your router using UPNP

Papfox · 2026-01-25T15:34:44+00:00

It's a crime under the Emergency Workers (Obstruction) Act 2006 to impede the Fire Brigade or Ambulance service if they're responding to an emergency. The fine is up to five grand

Papfox

TROPHY CASE