Thanks to Edward Snowden we have learned a lot about threats from various(although mostly US) governments. We started to think more about secure technologies and cryptography. I was advertising high security standards even before the Snowden’s leaks. Some of my friends thought that I was being paranoid. Now everyone knows better than to trust RSA or any of their products. Everyone is aware of malware designed by intelligence agencies. Universal snooping isn’t an Orwell’s fantasy anymore, it’s reality.
SELinux is complicated. No one will argue with this statement. That’s why I’ve assembled this list of useful commands to have a system up and running with SELinux enabled. Of course, you can take coward’s route and disable it completely, but professional paranoia should normally prevail. Continue reading SELinux cheat sheet
Wired has an intriguing article about one prominent computer security figure – Eugene Kaspersky, co-founder of Kaspersky Lab and creator of famous Kaspersky Anti-Virus. I have mixed feelings about him. As the man who achieved so much, he is genius, no less. He also shares my dislike of social networks, but he is also an enemy of free Internet and eager Putin’s supporter. Anyway, this is a very interesting read about an extraordinary man, be sure to check it out.
California based company, Passware, claims that their software can decrypt hard drives encrypted with Truecrypt, the popular open-source disk encryption software. Well, apparently, this task can’t be done easily, but the claim is extraordinarily nonetheless. According to Passware, you will need:
- Passware Forensic edition, which costs 995$
- Physical access to a running computer, which has firewire port and a mounted truecrypt partition.
I could say that there is nothing to worry about, but that wouldn’t be true. The idea to steal the passwords to the encrypted drives from a running computer’s memory isn’t new. If it can be replicated with a ready-made software – it is something to think about. Encryption software needs to change to counter this type of an attack. Maybe the passwords in a memory could be encrypted too. Anyway, until the counter is found, you would be safer without firewire ports.
If you have ever administered a server accessible from the Internet, you should probably know that leaving SSH daemon on the standard 22th port isn’t such a good idea. If you have good, difficult to guess password, constant brute-force attacks are mostly nuisance, not a threat, but all that spam in my logs from failed logins irritates me. Port could be changed, right, but it’s not always possible for various reasons. Company’s policy or client’s wish, maybe something else. There is always the possibility that you will need to leave this daemon on the standard port. But there is inbuilt option to protect from brute-force attacks.
I have written already about the dubious UEFI secure boot technology. As you remember, Microsoft didn’t deny the accusations at all. That’s why Free Software Foundation(FSF) started a campaign against this technology. If you feel that it’s your right to choose operating system, please add your name to the statement here. If this feature is implemented, users should have full control over it. If I want to disable it, it’s my right to do so. I don’t want to be forced to use only Windows. I hope that hardware manufacturers realize that there are customers, which prefer freedom over such questionable “security”.
Not much time has passed since attacks on kernel.org and linux.com and yet another major open source project has been compromised. This time it’s WineHQ. According to Jeremy White, Codeweavers Founder, attackers were able to download full login database via unauthorized access to phpmyadmin:
What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility. We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.
Corero Network Security has decided to release a report on DDoS attacks, which took place in this year. Well, I think, it’s too early to write such report, the year isn’t over yet, but apparently they wanted to be the first ones to present such report. The list isn’t new, but it is somehow curious, because it shows us that any web service could be disrupted with a well coordinated DDoS attack. Anyway, pretty much anyone who reads IT related news will be familiar with their top 5 list:
Gentoo Linux developers decided to resume publishing Gentoo Linux Security Advisories(GLSA). Publications were canceled in January and since then the information about updates has been available only through Bugzilla.
Now advisories will be published again via gentoo-announce, full disclosure, bugtraq and Gentoo website.
If you need more information about GLSA, it is available at gentoo.org.
Unless you’ve been living under a rock, you should have heard about Comodo hack, which has happened earlier this year. Almost the same has happened last week, when an unidentified hacker(presumably from Iran) hacked Dutch security firm’s server and issued hundreds of bogus certificates. These incidents make us doubt the current certificate system and rightfully so, but what can we do? Well, check the video below to see some suggestions and the new insights into the problem from Black Hat USA 2011 security conference.