Mafia Boss Secures His Data with Caesar Cipher
This is just too funny not to blog about it...You might have heard that the mafia boss Bernardo Provenzano has been arrested recently. Now people found out that he used some "cryptography" in his...
View ArticlePodsploiting
The RedTeam, a penetration testing group, has released two security advisories which explain security holes in two podcast clients (podcatchers).Both exploits are possible because the input of the...
View ArticleClik here to view.
Google Earth for Linux - Beta
OK, so Goole has finally released a first version of Google Earth for Linux (beta, of course).Well, maybe this time they really mean it when they say "beta"... Here's some quick observations:Of course,...
View ArticleAnonymous Google Earth over Tor
I'm probably not the first one to notice this, but you can actually use Google Earth anonymously (upon first glance at least) over Tor. It seems all the traffic (downloads of maps and textures etc.)...
View ArticleScatterChat - secure, anonymous, free, cross-platform Instant Messaging client
ScatterChat is a new cross-platform IM client announced by the Cult of the Dead Cow / Hacktivismo (during the HOPE conference, it seems).From the website: ScatterChat is a HACKTIVIST WEAPON designed to...
View ArticleClik here to view.
Testing stuff with QEMU - Part 1: SELinux support in Debian unstable [Update]
Update: "Testing stuff with QEMU"-articles published so far:Part 3: Debian GNU/kFreeBSDPart 2: MenuetOS, a tiny OS written in 100% assembly languagePart 1: SELinux support in Debian unstableHere's a...
View ArticleClik here to view.
User-friendly SELinux policy editing in vim or Eclipse (using SLIDE)
After you have installed a minimum SELinux setup in QEMU, you might want to tweak and edit the policy to fit your needs.A nice, graphical method to do so is to use SLIDE, written by Tresys (and...
View ArticleWhy voting machines suck and undermine democracy [Update]
If there are electronic voting machines where you live, and you've ever considered using one of those... well, you should probably reconsider.In this CNN report (M4V video, 13 MB) Avi Rubin explains...
View ArticleClik here to view.
SELinux by Example - Using Security Enhanced Linux
Recently in my (physical) mailbox: SELinux by Example by Frank Mayer, Karl MacMillan, David Caplan. The most recent and up-to-date book about SELinux I know about, written by some of the most involved...
View ArticleTowards a moderately paranoid Debian laptop setup [Update]
I was planning to set up my laptop from scratch for a while now... so I did.PreparationFirst, go home. No, really! Do all of this at home in a non-hostile, firewalled network. You don't want to be in a...
View ArticleNVIDIA Binary Graphics Driver Root Exploit
A security advisory was released today which warns about a severe security issue in the binary-only NVIDIA drivers: The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that...
View ArticleFamous Unsolved Codes and Ciphers
Here's a nice list of Famous Unsolved Codes and Ciphers.Makes an interesting read for a rainy day... Or if you want to give one of the codes a try and solve it, go ahead, and let us know the results...
View ArticleSerious remotely exploitable hole in GnuPG
Just in case you haven't heard of this yet: GnuPG<= 1.4.5 contains a remotely exploitable security issue which has been fixed in 1.4.6.You should really upgrade ASAP, as this problem can...
View ArticleOpenOffice / OpenDocument and MS Office 2007 / Open XML security
Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)Not too surprising when you come to think of it, there are tons of...
View ArticleClik here to view.
LinuxBIOS talk video recording from FOSDEM 2007
Highly recommended for anybody who might be even remotely interested in LinuxBIOS:There's a video recording (OGG, 234 MB) of the LinuxBIOS talk at FOSDEM 2007 by LinuxBIOS-founder Ron Minnich.The talk...
View ArticleRAID5 + dm-crypt + LVM + ext3 Debian install and benchmarks
OK, so I've setup a RAID5 at home because I'm getting tired of failed disk drives and data losses.Some notes:The system consists of 3 x 300 GB IDE drives in software RAID5 (standard Linux kernel and...
View ArticleLest We Remember: Cold Boot Attacks on Encryption Keys
Just in case you haven't already read about this... Some researchers from Princeton have published a paper about methods which can be used to attack full-disk-encryption (FDE) schemes.They have...
View ArticleResizing a dm-crypt / LVM / ext3 partition
I've bought a new hard drive for my laptop recently, because I finally got fed up with my constantly-full disk. Having to browse around in $HOME looking for stuff which can be safely deleted just...
View ArticleClik here to view.
Speed up Linux crypto operations on the One A110 laptop with VIA Padlock
OK, so I've been hacking on and testing my shiny new One A110 mini-laptop during the last few days and I must say I'm very happy with it. I'll write up some more details later (check the wiki if you're...
View ArticleDIY secure pseudo-DDNS setup using ssh
Here's a quick HOWTO for setting up your own secure pseudo-dynamic DNS (DDNS) server.It's not a "real" DDNS service, i.e. you won't be able to use standard DNS tools or protocols to talk to the server,...
View Article