Security

The Secret Password Is...

Shawn Powers — Fri, 19 Apr 2013 15:00:00 +0000

If your password is as easy as 123, we need to talk. more>>

Government: Using an Open Source Framework to Catch the Bad Guy

LJ Staff — Wed, 17 Apr 2013 16:17:37 +0000

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. more>>

Elliptic Curve Cryptography

Joe Hendrix — Mon, 08 Apr 2013 15:10:49 +0000

When it comes to public key cryptography, most systems today are still stuck in the 1970s. On December 14, 1977, two events occurred that would change the world: Paramount Pictures released Saturday Night Fever, and MIT filed the patent for RSA. more>>

Wi-Fi Mini Honeypot

Marcin Teodorczyk — Fri, 29 Mar 2013 17:12:27 +0000

Do you have an old, unused wireless router collecting dust? Have some fun and make a Wi-Fi honeypot with it! more>>

Configuring One-Time Password Authentication with OTPW

Todd A. Jacobs — Wed, 27 Mar 2013 19:24:16 +0000

Password authentication contains a lot of assumptions about security and trust. Encrypted SSH tunnels and public key verification are two common ways to ensure that your password is not compromised in transit. But, what if it's the computer you're currently typing on that can't be trusted? more>>

Crashplan, the Only Reason I Install Java

Shawn Powers — Tue, 05 Mar 2013 15:41:29 +0000

I'm the sort of person who doesn't like to install Java. I actually don't like to install Flash either, but it's still tough to survive browsing the Internet without Flash installed. There is one program that makes me break my own rules, however, and that's Crashplan. more>>

January 2013 Issue of Linux Journal: Security

Shawn Powers — Tue, 01 Jan 2013 18:00:10 +0000

Sticky Note of Doom

Years ago, I had the brilliant idea that all my users in the finance department should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".

more>>

Tarsnap: On-line Backups for the Truly Paranoid

Andrew Fabbro — Tue, 16 Oct 2012 16:45:37 +0000

Storing backups in the cloud requires a level of trust that not everyone is willing to give. While the convenience and low cost of automated, off-site backups is very compelling, the reality of putting personal data in the hands of complete strangers will never sit quite right with some people. more>>

KeePassX: Keeping Your Passwords Safe

Anthony Dean — Mon, 16 Jul 2012 20:44:34 +0000

For a long time, my password tracking system was quite simplistic: hope I remembered the right passwords for each site or record them in an ordinary word-processor document. Such methods obviously have great flaws. I might have a hard time remembering a password for an infrequently used site, and a word-processor document isn't the most secure place to store passwords. more>>

Hack and / - Password Cracking with GPUs, Part III: Tune Your Attack

Kyle Rankin — Mon, 09 Jul 2012 16:33:57 +0000

You've built the hardware, installed the software and cracked some passwords. Now find out how to fine-tune your attacks. more>>

A Penetration Tester's Toolkit

Matthew Agle — Mon, 02 Jul 2012 18:44:44 +0000

Ever wonder exactly how vulnerable your network is? Using these tools can give you an idea and provide the means to protect yourself. more>>

Hack and / - Password Cracking with GPUs, Part II: Get Cracking

Kyle Rankin — Tue, 29 May 2012 20:45:43 +0000

Your hardware is ready. Now, let's load up some software and get cracking. more>>

Hack and / - Password Cracking with GPUs, Part I: the Setup

Kyle Rankin — Tue, 15 May 2012 19:54:47 +0000

Bitcoin mining is so last year. Put your expensive GPU to use cracking passwords.

When the Bitcoin mining craze hit its peak, I felt the tug to join this new community and make some easy money. I wasn't drawn only by the money; the concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors (GPUs). With a moderately expensive video card, you could bring in enough money to pay off your initial investment and your electricity bill in a relatively short time. more>>

Advanced Firewall Configurations with ipset

Henry Van Styn — Mon, 19 Mar 2012 18:41:27 +0000

iptables is the user-space tool for configuring firewall rules in the Linux kernel. It is actually a part of the larger netfilter framework. Perhaps because iptables is the most visible part of the netfilter framework, the framework is commonly referred to collectively as iptables. iptables has been the Linux firewall solution since the 2.4 kernel. more>>

Hack and / - Forensics with Ext4

Kyle Rankin — Mon, 27 Feb 2012 17:26:28 +0000

Learn from my mistakes as I figure out how to gather forensics data on an ext4 filesystem. more>>