Quantcast
Browsing latest articles
Browse All 30 View Live

Mafia Boss Secures His Data with Caesar Cipher

This is just too funny not to blog about it...You might have heard that the mafia boss Bernardo Provenzano has been arrested recently. Now people found out that he used some "cryptography" in his...

View Article


Podsploiting

The RedTeam, a penetration testing group, has released two security advisories which explain security holes in two podcast clients (podcatchers).Both exploits are possible because the input of the...

View Article


Image may be NSFW.
Clik here to view.

Google Earth for Linux - Beta

OK, so Goole has finally released a first version of Google Earth for Linux (beta, of course).Well, maybe this time they really mean it when they say "beta"... Here's some quick observations:Of course,...

View Article

Anonymous Google Earth over Tor

I'm probably not the first one to notice this, but you can actually use Google Earth anonymously (upon first glance at least) over Tor. It seems all the traffic (downloads of maps and textures etc.)...

View Article

ScatterChat - secure, anonymous, free, cross-platform Instant Messaging client

ScatterChat is a new cross-platform IM client announced by the Cult of the Dead Cow / Hacktivismo (during the HOPE conference, it seems).From the website: ScatterChat is a HACKTIVIST WEAPON designed to...

View Article


Image may be NSFW.
Clik here to view.

Testing stuff with QEMU - Part 1: SELinux support in Debian unstable [Update]

Update: "Testing stuff with QEMU"-articles published so far:Part 3: Debian GNU/kFreeBSDPart 2: MenuetOS, a tiny OS written in 100% assembly languagePart 1: SELinux support in Debian unstableHere's a...

View Article

Image may be NSFW.
Clik here to view.

User-friendly SELinux policy editing in vim or Eclipse (using SLIDE)

After you have installed a minimum SELinux setup in QEMU, you might want to tweak and edit the policy to fit your needs.A nice, graphical method to do so is to use SLIDE, written by Tresys (and...

View Article

Why voting machines suck and undermine democracy [Update]

If there are electronic voting machines where you live, and you've ever considered using one of those... well, you should probably reconsider.In this CNN report (M4V video, 13 MB) Avi Rubin explains...

View Article


Image may be NSFW.
Clik here to view.

SELinux by Example - Using Security Enhanced Linux

Recently in my (physical) mailbox: SELinux by Example by Frank Mayer, Karl MacMillan, David Caplan. The most recent and up-to-date book about SELinux I know about, written by some of the most involved...

View Article


Towards a moderately paranoid Debian laptop setup [Update]

I was planning to set up my laptop from scratch for a while now... so I did.PreparationFirst, go home. No, really! Do all of this at home in a non-hostile, firewalled network. You don't want to be in a...

View Article

NVIDIA Binary Graphics Driver Root Exploit

A security advisory was released today which warns about a severe security issue in the binary-only NVIDIA drivers: The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that...

View Article

Famous Unsolved Codes and Ciphers

Here's a nice list of Famous Unsolved Codes and Ciphers.Makes an interesting read for a rainy day... Or if you want to give one of the codes a try and solve it, go ahead, and let us know the results...

View Article

Serious remotely exploitable hole in GnuPG

Just in case you haven't heard of this yet: GnuPG<= 1.4.5 contains a remotely exploitable security issue which has been fixed in 1.4.6.You should really upgrade ASAP, as this problem can...

View Article


OpenOffice / OpenDocument and MS Office 2007 / Open XML security

Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)Not too surprising when you come to think of it, there are tons of...

View Article

Image may be NSFW.
Clik here to view.

LinuxBIOS talk video recording from FOSDEM 2007

Highly recommended for anybody who might be even remotely interested in LinuxBIOS:There's a video recording (OGG, 234 MB) of the LinuxBIOS talk at FOSDEM 2007 by LinuxBIOS-founder Ron Minnich.The talk...

View Article


RAID5 + dm-crypt + LVM + ext3 Debian install and benchmarks

OK, so I've setup a RAID5 at home because I'm getting tired of failed disk drives and data losses.Some notes:The system consists of 3 x 300 GB IDE drives in software RAID5 (standard Linux kernel and...

View Article

Lest We Remember: Cold Boot Attacks on Encryption Keys

Just in case you haven't already read about this... Some researchers from Princeton have published a paper about methods which can be used to attack full-disk-encryption (FDE) schemes.They have...

View Article


Resizing a dm-crypt / LVM / ext3 partition

I've bought a new hard drive for my laptop recently, because I finally got fed up with my constantly-full disk. Having to browse around in $HOME looking for stuff which can be safely deleted just...

View Article

Image may be NSFW.
Clik here to view.

Speed up Linux crypto operations on the One A110 laptop with VIA Padlock

OK, so I've been hacking on and testing my shiny new One A110 mini-laptop during the last few days and I must say I'm very happy with it. I'll write up some more details later (check the wiki if you're...

View Article

DIY secure pseudo-DDNS setup using ssh

Here's a quick HOWTO for setting up your own secure pseudo-dynamic DNS (DDNS) server.It's not a "real" DDNS service, i.e. you won't be able to use standard DNS tools or protocols to talk to the server,...

View Article

Image may be NSFW.
Clik here to view.

Configure Firefox/Iceweasel 3 to be more secure / usable / bearable

Today seems to be Firefox/Iceweasel 3 Bashing Day on Planet Debian, so let me join the fun :)I agree with most other people that the default Firefox/Iceweasel 3 config is not ideal, so here's what I...

View Article


Image may be NSFW.
Clik here to view.

Underhanded C Contest 2008: Leaky Redaction

This year's Underhanded C Contest has been announced. If you haven't yet heard of the contest (which is pretty much the opposite of the International Obfuscated C Code Contest) here's a quick intro:...

View Article


Updated DIY Dynamic DNS solution HOWTO

I've just updated my DIY secure pseudo-DDNS setup using ssh article/HOWTO a bit, in order to make it simpler to set up (no more extra scripts required) and a bit more secure (by using command= and...

View Article

Creating 32768 bit RSA keys for fun and profit

Have you ever wondered how long it would take to create a 32768 bit RSA key with ssh-keygen? Well, I did. $ time ssh-keygen -t rsa -b 32768 -f ~/.ssh/tmp32768 -N foobar -q real 244m31.259s user...

View Article

Image may be NSFW.
Clik here to view.

Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation...

This is part 1 of a series on articles about the Firewire security issues mentioned below.For many years now, attacks via Firewire / i.LINK / IEEE 1394 have been a known security issue. Basically, if...

View Article


Dear virus/worm/rootkit/botnet writer...

...next time you write such a piece of malware, how about making it do something useful (instead of nefarious) for a change, say, have your botnet zombies become Tor exit nodes? kthxbye.

View Article

Falling on your back for fun and profit -- human airbag device

Fun stuff I just stumbled over: a personal/human airbag from Japan, supposedly meant for elderly people who might fall and injure themselves.Watch a video of the airbag in action on Youtube (no need...

View Article

Image may be NSFW.
Clik here to view.

Google Tech Talks: coreboot (aka LinuxBIOS): The Free/Open-Source x86 Firmware

Here's a nice opportunity for everyone to learn more about coreboot, a Free Software / Open Source firmware/BIOS for x86 PCs.Ron Minnich, founder of the LinuxBIOS (now called coreboot) project, Peter...

View Article

Note to self: Missing lvm2 and cryptsetup packages lead to non-working initrd...

I recently almost died from a heart attack because after a really horrible crash (don't ask), Debian unstable on my laptop wouldn't boot anymore. The system hung at "Waiting for root filesystem...",...

View Article



How to setup an encrypted USB-disk software-RAID-1 on Debian GNU/Linux using...

This is what I set up for backups recently using a cheap USB-enclosure which can house 2 SATA disks and shows them as 2 USB mass-storage devices to my system (using only one USB cable). Without any...

View Article
Browsing latest articles
Browse All 30 View Live