/dev/random entropy
Posted by creining | Filed under Security
Some interesting notes on /dev/random on a linux system. You can find how much entropy is available via ‘cat /proc/sys/kernel/random/entropy_avail’ and interestingly watch the entropy with ‘cat /dev/random | od -cx’ while moving the mouse, typing in a terminal, running a find, etc.
Tapping fiber optic cables without detection
Posted by creining | Filed under Security
Tapping a fiber-optic cable without being detected, and making sense of the information you collect, isn’t trivial but has certainly been done by intelligence agencies for the past seven or eight years. Companies can spend a lot of money on security for their networks but it all may be for naught if they forget about the physical threat of an optical tap. I would guess that most companies have some cable in a semi-public area where a tap could be placed for a long time without the fear of discovery. And backbone diagrams for entire cities are not that hard to find.
Endangered species
Posted by creining | Filed under Uncategorized
A link to pictures of endangered and extinct species which is rather depressing. After looking through these it becomes apparent that the cause of extinction or endangerment is very rarely natural catastrophe or biological disaster but the side-effects of human choices.
New OpenBSD server running postfix, courier-imap, and mailman
Posted by creining | Filed under Linux/BSD
Finally got the new server up and running. It’s running OpenBSD with postfix, courier-imap, mailman, and eventually squirrelmail. There were a couple snags along the way but for the most part pretty smooth. In order to send mail from my internal machine to the mx of the domain that the server, which is in the DMZ, accepts mail for I needed to bypass the mx lookup. In order to do this with sendmail (ugh) I had to set up a mailertable. The mailertable simply says if mail is destined for domain X, send it directly to Y.
Fun with google and security
Posted by creining | Filed under Security
Spend some time seeing what our friend google has indexed.
Insecurity of cross shredded documents
Posted by creining | Filed under Security
Interesting article at the nytimes about the advances in de-shredding paper. It seems that there are now companies that put back together cross shredded documents for a tidy sum ($8K-$10K per cubic foot which is generally <100 pages). I remember talking with a friend about this about a year ago and trying to come up with a practical way to do it with open source tools, sane, ocr, and some logic…it would be possible.
USB wireless adapter security implications
Posted by creining | Filed under Security
I ran across a tiny USB 802.11b wireless adapter. This would be perfect for nefarious purposes in gaining access to a corporate network by installing it in a machine that sits on the lan…might take a little social engineering acting as a helpdesk employee…but then simply go sit in the parking lot with a wireless laptop and hack away.
Theo de Raadt article
Posted by creining | Filed under Linux/BSD
An at times hypberbolic article at alternet.org about Theo de Raadt.
Insecurities of FBIs eavesdropping equipment
Posted by creining | Filed under Security
Cringley, that guy over at PBS, wrote an article about the FBI’s Communications Assistance to Law Enforcement Act (CALEA) that enables them to eavesdrop on cell phones, pagers, and the internet in order to gain information about criminals. As much as I dislike the rampant loss of privacy at the hands of big brother, the articles purpose is to shed light on the fact that the eavesdropping equipment is not much more than some software running on a Sun workstation sitting next to the phone switches in the phone companies machine rooms. This, in and of itself, would not be a problem but the fact that the Sun box is not secured and basic firewalling and hardening is not enforced is scary – just scary. And these systems have been hacked giving away the ability to tap anyone at anytime. I think that the lesson learned is that a project run by law enforcement in collaboration with the government can not be properly and securely deployed.