c0t0d0s0.org - Security

c0t0d0s0.org - Security http://www.c0t0d0s0.org/ the sun in a lighthungry universe en Serendipity 1.5.5 - http://www.s9y.org/ Protecting your data with two factors and ZFS dataset encryption http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/7lBdS1fDUlc/7055-Protecting-your-data-with-two-factors-and-ZFS-dataset-encryption.html English Security Solaris http://www.c0t0d0s0.org/archives/7055-Protecting-your-data-with-two-factors-and-ZFS-dataset-encryption.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=7055 3 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=7055 nospam@example.com (Joerg Moellenkamp) Continue reading "Protecting your data with two factors and ZFS dataset encryption" ]]> Tue, 23 Nov 2010 08:01:05 +0100 http://www.c0t0d0s0.org/archives/7055-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/7055-Protecting-your-data-with-two-factors-and-ZFS-dataset-encryption.html Darren Moffat about the internals of ZFS encryption http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/O-UFxLi8FYM/7052-Darren-Moffat-about-the-internals-of-ZFS-encryption.html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/7052-Darren-Moffat-about-the-internals-of-ZFS-encryption.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=7052 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=7052 nospam@example.com (Joerg Moellenkamp) "ZFS encryption what is on disk ?":

This article is about what is and isn't stored encrypted on disk for ZFS datasets that are encrypted and how we do the actual encryption. It does require some understanding of Solaris and ZFS debugging tools.

]]> Fri, 19 Nov 2010 22:22:31 +0100 http://www.c0t0d0s0.org/archives/7052-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/7052-Darren-Moffat-about-the-internals-of-ZFS-encryption.html Darren Moffat about ZFS encryption http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/bwnIuhXUZek/7034-Darren-Moffat-about-ZFS-encryption.html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/7034-Darren-Moffat-about-ZFS-encryption.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=7034 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=7034 nospam@example.com (Joerg Moellenkamp) Introducing ZFS Crypto in Oracle Solaris 11 Express. This blog entry gives you a first overview how to use encryption for ZFS datasets. The second one titled "Assured delete with ZFS dataset encryption" explains how you can use the encryption feature to implement assured deletion with the "throwing the keys away" technique. Last but not least the article "Having my secured cake and Cloning it too (aka Encryption + Dedup with ZFS)" explains how deduplication and encryption work together in Solaris 11 Express. ]]> Tue, 16 Nov 2010 08:50:43 +0100 http://www.c0t0d0s0.org/archives/7034-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/7034-Darren-Moffat-about-ZFS-encryption.html Performance Impact of kssl http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/bB73UPOZA-Q/6926-Performance-Impact-of-kssl.html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/6926-Performance-Impact-of-kssl.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6926 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6926 nospam@example.com (Joerg Moellenkamp) tutorial about it. For the uninitiated: It's a in-kernel SSL proxy. Why should you put this in the kernel. Well, especially when you use a SSL-accelerator you have to jump from user space to kernel space and back several times as the SSL library (OpenSSL e.g) is in user space and the driver for the card is in kernel space. That jumping costs you a lot of time. There is an interesting article about Weblogic SSL performance in the BestPerf blog.

When you just want to take one thing out of this whole article, then just look at the first chart at the red and the blue line: Red is the system configured to provide SSL via kssl, blue is the system configured to provide SSL via Weblogic itself. Both systems are using the SSL hardware. I don't know how you would call it, but the difference is pretty significant. A good example, why kssl is such a nice tool. And it's just there in Solaris 10. ]]> Fri, 24 Sep 2010 21:50:49 +0200 http://www.c0t0d0s0.org/archives/6926-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6926-Performance-Impact-of-kssl.html Tracking via Bluetooth http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/Rt6y85tmVII/6440-Tracking-via-Bluetooth.html Aviation English Privacy Security http://www.c0t0d0s0.org/archives/6440-Tracking-via-Bluetooth.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6440 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6440 nospam@example.com (Joerg Moellenkamp) "Anonymous Bluetooth Probes for Measuring Airport Security Screening Passage Time: The Indianapolis Pilot Deployment".

An interesting concept: Anybody who just start the Bluetooth scan on her/his notebook knows that there are several mobile phones on almost any given location with a large audience propagating a unique id to the world by their MAC address. Using this information to derive some useful facts from it (for example: Duration of the average TSA massage) looks like as one of the more worthy targets for tradeoffs on privacy vs. useful services in favor to the second one. Especially as it's really easy to evade from this data collection: Just switch off the bluetooth function of your mobile.

PS: I would like a bluetooth scanner in the aircraft itself ... it's really interesting how many mobile phones are running inflight. Such a scanner could send a vcard containing "Just switch off your fscking mobile phone". Did that once a few minutes before takeoff ... that was very effective

]]> Wed, 24 Mar 2010 23:02:46 +0100 http://www.c0t0d0s0.org/archives/6440-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6440-Tracking-via-Bluetooth.html Somewhat paranoid. http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/8oLM7ljvLZE/6351-Somewhat-paranoid..html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/6351-Somewhat-paranoid..html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6351 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6351 nospam@example.com (Joerg Moellenkamp) Continue reading "Somewhat paranoid." ]]> Sun, 07 Feb 2010 07:51:28 +0100 http://www.c0t0d0s0.org/archives/6351-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6351-Somewhat-paranoid..html Scientist fools nude scanner http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/1STwOV34FGc/6278-Scientist-fools-nude-scanner.html English Privacy Security http://www.c0t0d0s0.org/archives/6278-Scientist-fools-nude-scanner.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6278 5 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6278 nospam@example.com (Joerg Moellenkamp) this video available in the ZDF mediathek (an public broadcasting network in Germany). Despite being scanned they are not able to find the thermite the scientist is carrying. The guy demoing the scanner doesn't look amused as well as Mr. Bosbach, a german politician who thinks that we should use such scanners, if they are able to protect the privacy of the scanned peoples. ]]> Thu, 14 Jan 2010 19:40:45 +0100 http://www.c0t0d0s0.org/archives/6278-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6278-Scientist-fools-nude-scanner.html Apropos nude scanning and the media http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/gbJJSbweCXI/6253-Apropos-nude-scanning-and-the-media.html English Security http://www.c0t0d0s0.org/archives/6253-Apropos-nude-scanning-and-the-media.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6253 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6253 nospam@example.com (Joerg Moellenkamp) "Kehraus 2009" that this newspaper just used a "Negative" plugin of their favorite photo alteration application to create such photos from a cd containing photos of a nude woman... ]]> Mon, 04 Jan 2010 12:59:07 +0100 http://www.c0t0d0s0.org/archives/6253-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6253-Apropos-nude-scanning-and-the-media.html Nude scanners revisited - again http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/0GoBhqxEK8s/6252-Nude-scanners-revisited-again.html English policy of ... Security http://www.c0t0d0s0.org/archives/6252-Nude-scanners-revisited-again.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6252 6 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6252 nospam@example.com (Joerg Moellenkamp) about it in 2005 after Bruce Schneier wrote about it. My thought at this moment was "Okay, they will need an aircraft blown out of the sky to force this into the public".

Personally i think the this is lobby at work at the moment. It's a big business to implement backscatter at all airports in germany alone. Just think about the central security area in Hamburg.10 entries ... ka-ching .... and Hamburg is a relatively small airport.

At first: I have no problem with backscatter scanning. Technically the current metal detectors look through my clothing as well. So if a backscatter scanner makes no images and instead just make "boink" (as we all know, scientific progress goes "boink") and then get a TSA massage, i'm fine with that.

I'm not fine with high resolution nude photos of every one just want to fly, i'm not fine with spending millions for back scatter scanners, while the people at security can decide to flip burgers or searching people at almost the same wage, i'm not fine with dumbed down version of this scanners with software to protect the privacy as the bad-guys will find ways to use this dumbing-down to fool this device (i want just simple logic .. there is something else than your leather underpants or your latex bra under your clothing .... "boink" -> TSA massage). I'm not fine with with maximal invasive security counter measures, that just helps against past attacks, but not against future attacks.

The same politicians that force us into this back scatter scannings will be the first ones that will cry when the "Bild Zeitung" will publish the length of their private parts. Who prevents someone who can flip burgers for the same wage to get bribed for not seeing a bomb in his or her shift or for writing down interesting information about prominent people. In former times we used well-paid public servant for this task to reduce this risk ... but today.

And at the end those back scatter scanning is somehow futile anyways: Drug dealers found out that it's quite simple to hide drugs inside a person. Backscatter can't detect it, as it stops at the first layer of the skin. So what's the problem to substitute the cocaine with Semtex to create a not-so-intelligent bomb?

]]> Mon, 04 Jan 2010 10:48:15 +0100 http://www.c0t0d0s0.org/archives/6252-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6252-Nude-scanners-revisited-again.html Webseminar "Solaris 10 Security" mit Tonspur http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/ojSNArU4pgs/6014-Webseminar-Solaris-10-Security-mit-Tonspur.html German Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/6014-Webseminar-Solaris-10-Security-mit-Tonspur.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=6014 2 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=6014 nospam@example.com (Joerg Moellenkamp) Video zur Verfügung stellen:

Ich hoffe es ist informativ für Euch. Der CC-Teil am Anfang ist etwas vereinfacht für Einsteiger in die Thematik. Ich möchte mich bei einem der Zuhörer für die freundliche Zurverfügungstellung der Aufzeichnung bedanken, nachdem das im Tool selber nicht funktionierte. Vielen Dank!

]]> Wed, 14 Oct 2009 18:34:15 +0200 http://www.c0t0d0s0.org/archives/6014-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/6014-Webseminar-Solaris-10-Security-mit-Tonspur.html Frustrated, really frustrated http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/t2vA6BbDRmk/5970-Frustrated,-really-frustrated.html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/5970-Frustrated,-really-frustrated.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5970 2 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5970 nospam@example.com (Joerg Moellenkamp)
We have a new time for the call: 13.10.2009 from 14pm to 15pm. Sorry for any inconvenience. But this give others the chance to attend the meeting: So if you haven't been able to register for the event today, you can use the old form to register for the new date. Everyone else should already have the mail with the details for the next event.

PS: I've checked the Webex voice numbers a few minutes ago .. still broken ... ]]> Wed, 30 Sep 2009 15:16:50 +0200 http://www.c0t0d0s0.org/archives/5970-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5970-Frustrated,-really-frustrated.html Presentation http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/dkN26WrZigU/5967-Presentation.html English Security Solaris Sun/Oracle http://www.c0t0d0s0.org/archives/5967-Presentation.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5967 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5967 nospam@example.com (Joerg Moellenkamp) Immutable Service Container. This is really an interesting concept introduced by Glen Brunette. But i have just an hour. So many topics and not enough time. ]]> Tue, 29 Sep 2009 20:31:35 +0200 http://www.c0t0d0s0.org/archives/5967-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5967-Presentation.html Not-so-smart bombs http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/lB0jmES6vMk/5962-Not-so-smart-bombs.html English Privacy Security http://www.c0t0d0s0.org/archives/5962-Not-so-smart-bombs.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5962 3 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5962 nospam@example.com (Joerg Moellenkamp)

The problem: I don't think that using a plane will be fun, when you think about the implications of the latest attack on a saudi prince: The assassin had the bomb inside of his body ... to be exact ... in his colon. That's looks to be the newest fashion in not-so-smart bomb technology. With George W. Bush i would be sure, that would lead to rectal probing for everyone. With Obama i have some hope, that they won't go this far. Perhaps we just see an increased rate of radiation induced cancer due to mandatory X-ray examinations at the airport, because the backscatter scanners (we call them "nude scanner" in Germany) are not capable to look into a body, just under the clothes.

PS: I don't know what Mr. Schaeuble will do in regard of this. ]]> Sun, 27 Sep 2009 10:05:49 +0200 http://www.c0t0d0s0.org/archives/5962-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5962-Not-so-smart-bombs.html Guide to AES http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/zj6OMb-fOfk/5961-Guide-to-AES.html English Security Technology http://www.c0t0d0s0.org/archives/5961-Guide-to-AES.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5961 2 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5961 nospam@example.com (Joerg Moellenkamp) "Stick Figure Guide to the Advanced Encryption Standard (AES)". A really great explanation of AES. ]]> Sat, 26 Sep 2009 10:40:53 +0200 http://www.c0t0d0s0.org/archives/5961-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5961-Guide-to-AES.html Nice usecase for ZFS http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/VEgkKkIWBoc/5903-Nice-usecase-for-ZFS.html English Security Sun/Oracle http://www.c0t0d0s0.org/archives/5903-Nice-usecase-for-ZFS.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5903 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5903 nospam@example.com (Joerg Moellenkamp) security breach a few days ago (no, not on the Solaris 10 system

), that led to the compromitation of their services. A nice information was the role that ZFS played in the recovery of this situation. The Infastructure Team wrote in their article about the recovery:

aurora.apache.org runs Solaris 10, and we were able to restore the box to a known-good configuration by cloning and promoting a ZFS snapshot from a day before the CGI scripts were synced over. Doing so enabled us to bring the EU server back online, and to rapidly restore our main websites. Thereafter, we continued to analyze the cause of the breach, the method of access, and which, if any, other machines had been compromised.

]]> Mon, 07 Sep 2009 21:51:37 +0200 http://www.c0t0d0s0.org/archives/5903-guid.html solaris http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5903-Nice-usecase-for-ZFS.html FIPS 140-2 Sec Level 2 for Sun Tape drive http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/FgOI3rcqDDA/5873-FIPS-140-2-Sec-Level-2-for-Sun-Tape-drive.html English Security Sun/Oracle http://www.c0t0d0s0.org/archives/5873-FIPS-140-2-Sec-Level-2-for-Sun-Tape-drive.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5873 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5873 nospam@example.com (Joerg Moellenkamp) by eWeek the StorageTek T10000B tape drive got the FIPS 140-2 certification:

Nonetheless, Sun revealed Aug. 19 that it has become the first enterprise tape drive maker to be granted a prestigious federal security qualification: the FIPS 140-2 Certification at Security Level 2 for its Sun StorageTek T10000B tape drive.

The T10000B drive has the integrated capability to encrypt the data before writing it to the tape. Thus it contains components to do this encryption. The FIPS certification states that a hardware device complies to the standards set by the FIPS 140-2 document, which is headlined "Security Requirements for Cryptographic Modules". A level 2 FIPS certification means (copied from the Wikipedia article):

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

Thus you can't get the key without leaving traces. BTW: I'm sure the messages in "Mission: Impossible" are FIPS140-2 Level 5 certified ... "This tape will self-destruct in five seconds"

The T10000B is the first tape-drive with this level of certification. If you are interested in this matter, the certification of the T10000B is available the nist.gov website. The FIPS140-12 document itself is available for download at NIST, too. ]]> Thu, 20 Aug 2009 21:12:23 +0200 http://www.c0t0d0s0.org/archives/5873-guid.html storage sun http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5873-FIPS-140-2-Sec-Level-2-for-Sun-Tape-drive.html Secure Deletion with ZFS http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/KJgyCXRVqzs/5793-Secure-Deletion-with-ZFS.html English Security Solaris http://www.c0t0d0s0.org/archives/5793-Secure-Deletion-with-ZFS.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5793 2 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5793 nospam@example.com (Joerg Moellenkamp)
Continue reading "Secure Deletion with ZFS" ]]> Mon, 27 Jul 2009 13:12:43 +0200 http://www.c0t0d0s0.org/archives/5793-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5793-Secure-Deletion-with-ZFS.html Webseminar: "Solaris Security" http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/WMhcdvxgFgc/5782-Webseminar-Solaris-Security.html German Security Solaris http://www.c0t0d0s0.org/archives/5782-Webseminar-Solaris-Security.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5782 1 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5782 nospam@example.com (Joerg Moellenkamp) hier.

Bei dieser Gelegenheit möchte ich gleich noch auf drei weitere Webseminare hinweisen: Am 26. August wird Volker Wetter (Technical Architect Systems Pratice) zum Thema "10 Gründe, Ihre Applikation auf Solaris zu betreiben" sprechen. Für den 16. September ist dann ein Vortrag zum Thema "Sun Unified Storage in der Praxis" geplant. Dieser wird von Karlheinz Vogel, seines Zeichens Senior Storage Consultant vorgetragen. Der Holodoc, sorry ... Dr. Stefan Schneider, Chief Technologist, wird sich dann am 22. September mit dem Thema "Start smart. Scale hard! Warum Web-Startups mit Ihrer IT skalieren müssen" befassen. Weitere Informationen findet Ihr dazu auf der Webseite der deutschen Sun Webseminare.

PS: Entschuldigt bitte den Text bei der Beschreibung meines Seminars. Is vom Produktmarketing. Der Vortrag ist marketingfrei

]]> Thu, 23 Jul 2009 17:18:23 +0200 http://www.c0t0d0s0.org/archives/5782-guid.html solaris storage sun http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5782-Webseminar-Solaris-Security.html The Register about ZFS deduplication http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/DU-lQrtOdRA/5737-The-Register-about-ZFS-deduplication.html English Security http://www.c0t0d0s0.org/archives/5737-The-Register-about-ZFS-deduplication.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5737 7 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5737 nospam@example.com (Joerg Moellenkamp) Deduplication in ZFS. I´m asking myself, if the people at the Register read my blog, as i´ve talked about that a few days ago.

Fun aside: Synchronous Dedupe is the only sensible way to do dedupe data as you would need to provide the storage for undeduped data otherwise until the system gets to the point where the data gets deduplicated. Dependent on the frequency of dedupe runs, this could be a vast amount of storage. On the other side, synchronous dedupe is dependent of a fast mechanism to detect duplicates. The checksumming feature of ZFS looks like a good way to do this, as it capable to use various hashing algorithms. When the probability of collision is less than the probability of reading wrong data from disks it should suffice just to check the checksums instead of checking the complete block. ]]> Mon, 13 Jul 2009 14:34:43 +0200 http://www.c0t0d0s0.org/archives/5737-guid.html storage http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5737-The-Register-about-ZFS-deduplication.html Kompetenz in Computersicherheit http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/ohHRrPi_Dtc/5706-Kompetenz-in-Computersicherheit.html German policy of ... Security http://www.c0t0d0s0.org/archives/5706-Kompetenz-in-Computersicherheit.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5706 8 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5706 nospam@example.com (Joerg Moellenkamp) sitzt vor einem Rechner des LKA. Achtet mal auf den Monitor. Ich vermute das ist ein DemoPC, aber trotzdem: Sowas macht man nicht ... ]]> Thu, 02 Jul 2009 13:19:13 +0200 http://www.c0t0d0s0.org/archives/5706-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5706-Kompetenz-in-Computersicherheit.html A sniffer for wireless keyboards http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/0ZVWhKQp9ds/5663-A-sniffer-for-wireless-keyboards.html English Security http://www.c0t0d0s0.org/archives/5663-A-sniffer-for-wireless-keyboards.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5663 1 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5663 nospam@example.com (Joerg Moellenkamp) webpage for their Keykeriki project. ]]> Wed, 17 Jun 2009 16:56:32 +0200 http://www.c0t0d0s0.org/archives/5663-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5663-A-sniffer-for-wireless-keyboards.html Updated Security Deep Dive http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/F0t4HJl7JJA/5660-Updated-Security-Deep-Dive.html English Security Solaris http://www.c0t0d0s0.org/archives/5660-Updated-Security-Deep-Dive.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5660 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5660 nospam@example.com (Joerg Moellenkamp) Solaris 10 Security Deep Dive presentation to represent the changes in Solaris 10 U7. ]]> Tue, 16 Jun 2009 22:29:56 +0200 http://www.c0t0d0s0.org/archives/5660-guid.html solaris http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5660-Updated-Security-Deep-Dive.html Insights to HTTPS http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/lnfgJ2IgXN8/5641-Insights-to-HTTPS.html English Security http://www.c0t0d0s0.org/archives/5641-Insights-to-HTTPS.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5641 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5641 nospam@example.com (Joerg Moellenkamp) first few seconds in the life of a HTTPS connection. ]]> Thu, 11 Jun 2009 21:14:15 +0200 http://www.c0t0d0s0.org/archives/5641-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5641-Insights-to-HTTPS.html The nature of security bugs http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/srKq_I7JaIo/5471-The-nature-of-security-bugs.html English Security http://www.c0t0d0s0.org/archives/5471-The-nature-of-security-bugs.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5471 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5471 nospam@example.com (Joerg Moellenkamp) Security fixes are different from every other kind of fix. As every good troubleshooter knows, when problems occur something almost invariably has changed. For most bugs it is something like load, configuration and so on which can be undone.
With security bugs it is knowledge that has changed and a security weakness can't be unlearned by the world at large.
Peter Harvey wrote this in his blog and i think he is correct with his insight. But i would add a hybrid group. There are security bugs similar to the normal fixes. Introduced by normal bugs ... or lazy checking. And then there are security weaknesses inherent in a protocol or idea. Those can´t be unlearned at all from the world. You can´t even fix it when the protocol has a huge acceptance in the network. Just think about the long standing search for a more SPAM resistant SMTP ... or the recent discussions about weaknesses in BGP. ]]> Thu, 16 Apr 2009 22:57:34 +0200 http://www.c0t0d0s0.org/archives/5471-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5471-The-nature-of-security-bugs.html Wirklich peinlich http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/KXquPFcrlQk/5424-Wirklich-peinlich.html German Security http://www.c0t0d0s0.org/archives/5424-Wirklich-peinlich.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5424 1 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5424 nospam@example.com (Joerg Moellenkamp)
Der Stern berichtet nun, das man unter Umständen lediglich die DNA einer Verpackerin von Wattestäbchen zur Aufnahme von solchen Beweisen gefunden hat, die diese unvorsichtigerweise beim Einpacken mit eigenen Zellen kontaminiert hat. Das ist irgendwie ... wirklich peinlich. ]]> Wed, 25 Mar 2009 19:46:26 +0100 http://www.c0t0d0s0.org/archives/5424-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5424-Wirklich-peinlich.html Botnets ... based on routers - revisited http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/m9DVphms_aM/5413-Botnets-...-based-on-routers-revisited.html English Security http://www.c0t0d0s0.org/archives/5413-Botnets-...-based-on-routers-revisited.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5413 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5413 nospam@example.com (Joerg Moellenkamp) hack a router to a botnet drone than i initially thought. I think it´s consensus, that Windows based PC are still easily infectable with bots. But the PC are under steady control by their users. As tight as the firewalls of these routers are to the outside, as open they are to the inside. I think it would be nice idea, to target the Windows PC at first, infect the router from there (it´s easy to find the router ... it´s the default router). Perhaps by an exploit for the remote administration software or just by router passwords stored in the browser password chain. After infecting the router, the bot could remove itself from the Windows PC without leaving traces. An bot detection tool can´t find something on the PC and it doesn´t check the router for an infection. Well ... you can think about Trusted Execution or TPMs what you want ... but there are valid use cases outside DRM.

It´s a little bit like tonsillectomy by opening the chest, but sometimes it´s easier this way ... especially when the patient don´t want to open the mouth

]]> Tue, 24 Mar 2009 09:15:58 +0100 http://www.c0t0d0s0.org/archives/5413-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5413-Botnets-...-based-on-routers-revisited.html Botnets ... based on routers http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/1lgAmSZnlSE/5411-Botnets-...-based-on-routers.html English Security http://www.c0t0d0s0.org/archives/5411-Botnets-...-based-on-routers.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5411 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5411 nospam@example.com (Joerg Moellenkamp)
The worst managed computer system in the common household is often not the Windows PC .... it´s the small Linux computer that got ubiquitous since DSL or cable internet is something normal. Most people configure them once, put them somewhere in a closet and forget them. So it was just a matter of time before someone would have created a botnet consisting out of this small routers. DroneBL writes about such a botnet.

When you really think about it: These small routers are a perfect target. They run 24h/7days a week. Most people don´t really look at them, so they can´t detect strange traffic patterns by looking at the blinkenlights. Furthermore the once you have an exploit for a certain type of router, it´s highly probable that you can exploit a vast amount of systems. Depending on the type of the router, there is a large population of identical system. Just a thought game: Let´s assume, you find an exploit for a brand of routers distributed by almost all ISP in a country to their end customers. This would be a hell of a botnet. Millions of members

Obviously the first action of such an exploit would be the deactivation of online router software update and the redirection of any request to the support website. It would be really hard to get rid of this bot.

I hope the developers of the OS of such small router boxes are aware of their responsibility ... an error could be an really nasty home run for the dark side.
]]> Mon, 23 Mar 2009 20:26:54 +0100 http://www.c0t0d0s0.org/archives/5411-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5411-Botnets-...-based-on-routers.html Deniable http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/-5zsCWC92Xs/5336-Deniable.html English Security http://www.c0t0d0s0.org/archives/5336-Deniable.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5336 8 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5336 nospam@example.com (Joerg Moellenkamp) "Proof of concept hack for encrypted direct messages on Twitter - you could deny that you are the intended receiver of the message. Just post the encrypted stuff as a public tweet. The recipient just have to read the public timeline and just reads all messages, gathers all crypted tweets and tries to decrypt them. Messages for other people are unencryptable for you, as you don´t have the correct secret key, but the messages for you are encryptable, thus you know, that the messages are for you.

BTW: You could use blog comments as well to transmit such messages. Just distribute a line per blog comment on a vast amount of messages. They have just a single point in common .... the pages with the comments are part of the first few hundred hits in Google blog search. The recipient knows the correct query (a shared secret for example as the google query "What to do with coronary insufficiency?")and is able to gather them, reassembles them and tries to decode it.

The whole mechanism described in this article isn´t new at all. It is the same idea used for the strange radio stations sending just rows of numbers.

Update: The actual code of the proof-of-concept doesn´t strip of the key-ids. Before using this code, you have to add --throw-keyids to gpgopts($opts). But i have to reiterate about this: The code was meant to test encryption and reassembly/decryption ... it´s not meant as actual production code. ]]> Mon, 23 Feb 2009 13:41:59 +0100 http://www.c0t0d0s0.org/archives/5336-guid.html encryption gnu privacy guard hack perl security twitter http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5336-Deniable.html Brute force in cryptography - literally http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/XxPhsnSvD4M/5276-Brute-force-in-cryptography-literally.html English Security http://www.c0t0d0s0.org/archives/5276-Brute-force-in-cryptography-literally.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=5276 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=5276 nospam@example.com (Joerg Moellenkamp)

(found at xkcd.com) ]]> Mon, 02 Feb 2009 11:21:58 +0100 http://www.c0t0d0s0.org/archives/5276-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/5276-Brute-force-in-cryptography-literally.html Yet another security theater http://feedproxy.google.com/~r/C0t0d0s0org-Security/~3/DteBE_cbz1I/4553-Yet-another-security-theater.html English Security http://www.c0t0d0s0.org/archives/4553-Yet-another-security-theater.html#comments http://www.c0t0d0s0.org/wfwcomment.php?cid=4553 0 http://www.c0t0d0s0.org/rss.php?version=2.0&type=comments&cid=4553 nospam@example.com (Joerg Moellenkamp) Bruce Schneier linked to an interesting essay about mass screening of people with infrared thermometry guns. With this devices you can measure the temperature of a person from a certain disctance. But the essay questions the sense of such a method as they compared the results of this IR guns with :

We assessed the accuracy of cutaneous infrared thermometry, which measures temperature on the forehead, for detecting patients with fever in patients admitted to an emergency department. Although negative predictive value was excellent (0.99), positive predictive value was low (0.10). Therefore, we question mass detection of febrile patients by using this method.

Negative predictive value means "The device says you have no fever and you have really no fever". Negative predictive value stands for "The device says you have fever, and you have really fever." So the system is good at detecting a person without fever, but not at dividing people with a higher (but normal for them) skin temperature and people with fever. ]]> Thu, 26 Jun 2008 17:13:48 +0200 http://www.c0t0d0s0.org/archives/4553-guid.html http://creativecommons.org/licenses/by-sa/2.5/ http://www.c0t0d0s0.org/archives/4553-Yet-another-security-theater.html