Security's archive
Posted in January 6th, 2012
Web Filtering On Squid 3 With QuintoLabs Content Security 1.4 And
Windows Active Directory Integration
This HOWTO will show you how to set up a Squid proxy server deployed on CentOS
or RedHat 6 Linux with web and content filtering done by Qui…
read more from this topic.....
Posted in January 4th, 2012
[Andrew Robinson] and his co-workers are lucky enough to have a Keurig coffee maker in their office, though they have a hard time keeping track of who owes what to the community coffee fund. Since K-Cups are more expensive than bulk coffee, [Andrew] decided that they needed a better way to log everyone’s drinking habits [...]
read more from this topic.....
Posted in December 23rd, 2011
Configuring CAS On Ubuntu For Two-Factor Authentication With WiKID
Single sign-on is a great technology. Requiring users to login to
multiple applications is huge hassle, encourages password reuse and
simple passwords. Security needs to focus on …
read more from this topic.....
Posted in December 8th, 2011
How To Encrypt Mails With SSL Certificates (S/MIME)
This article is about how to use the S/MIME encryption function of
common e-mail clients to sign and/or encrypt your mails safely. S/MIME
uses SSL certificates which you can either create yourself or…
read more from this topic.....
Posted in December 5th, 2011
DARPA’s Shredder Challenge, a contest to reconstruct documents from a slurry of shredded paper, has been solved, suggesting that my grandmother may be barking up the wrong tree when she shreds the Campmor catalog. Two scientists with experience in computer vision and mobile technology, Otavio Good and Keith Walker, scanned each chunk for unique characteristics that allowed them to reconstruct the documents automatically on screen. They then put the pages back together by hand.
Their team won a $50,000 prize.
read more from this topic.....
Posted in November 23rd, 2011
Stronghenge Application Firewall
Stronghenge is an Out-of-Band Application Firewall that can inspect both HTTP
and HTTPS traffic for attacks against your web applications. Since Stronghenge’s
detection engine is based off of the most widely deployed…
read more from this topic.....
Posted in November 14th, 2011
Imagine this: you’re sitting in your local coffee shop sucking down
your morning caffeine fix before heading into the office. You catch
up on your work e-mail, you check Facebook and you upload…
read more from this topic.....
Posted in November 13th, 2011
How To Password-Protect Directories With mod_auth_mysql On Apache2 (Debian Squeeze)
This guide explains how to password-protect web directories (with users from a MySQL database) with mod_auth_mysql
on Apache2 on a Debian Squeeze server. It is an al…
read more from this topic.....
Posted in November 10th, 2011
Locks are always temporary hindrances. After deciding to open the RFID-secured lock in his department, [Tixlegeek] built a device to read and spoof RFID tags (French, Google translate here). The system is built around an ATMega32 microcontroller with a 16×2 LCD display. A commercial RFID reader module takes care of all the sniffing/cloning duties, and [...]
read more from this topic.....
Posted in November 4th, 2011
The crew at the Milwaukee Hackerspace are pretty serious about their beer. They used to have a fridge filled with cans, available to all at the hackerspace, but they decided to beef things up and create a secured beer dispensing system. Like many others we have seen, their kegerator is built into an old refrigerator, [...]
read more from this topic.....
Posted in October 11th, 2011
It seems that [pppd] is always rushing out of his apartment to catch the bus, and he finds himself frequently questioning whether or not he remembered to lock the door. He often doubles back to check, and while he has never actually forgotten to lock the door, he would rather not deal with the worry. [...]
read more from this topic.....
Posted in September 25th, 2011
Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal)
FTP is a very insecure protocol because all passwords and all data
are transferred in clear text. By using TLS, the whole communication can
be encrypted, thus making FTP much more secure. Thi…
read more from this topic.....
Posted in September 20th, 2011
Mounting Remote Directories With SSHFS On Debian Squeeze
This tutorial explains how you can mount a directory from a remote server on the local server securely using SSHFS. SSHFS (Secure SHell FileSystem)
is a filesystem that serves files/directori…
read more from this topic.....
Posted in September 16th, 2011
Tiny Web Proxy And Content Filtering Appliance On CentOS 6 (Version 1.4)
This small HOWTO will show you how to set up a small virtual machine to speed
up and secure your home / small enterprise web surfing network using CentOS 6,
Squid 3.1 and Q…
read more from this topic.....
Posted in September 11th, 2011
How To Set Up SSL Vhosts Under Nginx + SNI Support (Ubuntu 11.04/Debian Squeeze)
This article explains how you can set up SSL vhosts under nginx on
Ubuntu 11.04 and Debian Squeeze so that you can access the vhost over
HTTPS (port 443). SSL is short …
read more from this topic.....
Posted in September 4th, 2011
Restricting Users To SFTP Plus Setting Up Chrooted SSH/SFTP (Debian Squeeze)
This tutorial describes how to give users chrooted SSH and/or
chrooted SFTP access on Debian Squeeze. With this setup, you can give
your users shell access without having …
read more from this topic.....
Posted in August 22nd, 2011
Using scponly To Allow SCP/SFTP Logins And Disable SSH Logins On Debian Squeeze
scponly
is an alternate shell that restricts users to SCP and SFTP logins, but
disallows SSH logins. It is a wrapper to the OpenSSH suite of
applications. With the hel…
read more from this topic.....
Posted in August 20th, 2011
They’re out there. Be afraid. They could be anywhere, everywhere, anyone. They are shadowy, deadly, mysterious, guided by intellects vast and cool and unsympathetic. Security consultants and antivirus firms whisper legends of them to their clients to scare them straight. They’re the Voldemort of online security, except that everyone is all too eager to say their name: the Advanced Persistent Threat. Hide your children! You cannot stop them!
…well, actually you probably could, and pretty easily too, but apparently most folks can’t be bothered.
Vanity Fair just wrote breathlessly about “Operation Shady RAT”, which featured, quote, “a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.” Military-industrial standard-bearer Northrop Grumman is “constantly under attack by cyber-gangs.” A few months ago Security firm RSA’s SecurID systems were the victim of “an advanced persistent threat, a slow and consistent attack used by hackers to obtain specific information.” The Pentagon is alive to the APT threat, and says it is beginning to focus more on deterrence than on defence, because “each year, a volume of intellectual property exceeding the size of the Library of Congress is stolen from U.S. government and private-sector networks.” Why, just this week, San Francisco’s government-owned BART system was hacked by -
…waaaaaait a minute.
read more from this topic.....
Posted in August 18th, 2011
A pair of security researchers have recently unveiled an interesting new keylogging method (PDF Research Paper) that makes use of a very unlikely smartphone component, your gyroscope. Most smart phones now come equipped with gyroscopes, which can be accessed by any application at any time. [Hao Chen and Lian Cai] were able to use an Android phone’s [...]
read more from this topic.....
Posted in August 18th, 2011
Xtables-Addons On Centos 6 & Iptables GeoIP Filtering
This tutorial will explain how to install aditional modules for the
kernel to use with iptables rules sets (netfilter modules).
Xtables-addons is the successor to patch-o-matic(-ng). Likewis…
read more from this topic.....
Posted in August 17th, 2011
Setting Up ProFTPd + TLS On Debian Squeeze
FTP is a very insecure protocol because all passwords and all data
are transferred in clear text. By using TLS, the whole communication can
be encrypted, thus making FTP much more secure. This article expl…
read more from this topic.....
Posted in August 8th, 2011
Tales is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in August 8th, 2011
Tails is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in August 8th, 2011
Tails is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in August 8th, 2011
Tails is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in August 8th, 2011
Tails is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in August 8th, 2011
Tails is a live media Linux distro designed boot into a highly secure desktop environment. You may remember that we looked at a US government distro with similar aims a few months ago, but Tails…
read more from this topic.....
Posted in July 24th, 2011
How To Encrypt Directories/Partitions With eCryptfs On Debian Squeeze
eCryptfs
is a POSIX-compliant enterprise-class stacked cryptographic filesystem
for Linux. You can use it to encrypt partitions and also directories
that don’t use a partition o…
read more from this topic.....
Posted in July 23rd, 2011
When you think about hacking laptops, it’s highly unlikely that you would ever consider the battery as a viable attack vector. Security researcher [Charlie Miller] however, has been hard at work showing just how big a vulnerability they can be. As we have been discussing recently, the care and feeding of many batteries, big and [...]
read more from this topic.....
Posted in July 15th, 2011
[John Boxall] of Little Bird Electronics was thinking about combination locks, and how one might improve or at least change the way these locks work. Traditional combo locks can be implemented in a variety of ways, most of which we are all familiar with. Standard rotary padlock and keypad-based electronic safes work just fine, but [...]
read more from this topic.....
