Other articles


  1. Signal routing

    Made a Signal call to a friend today. He was curious and pulled up Wireshark to see how the call was being routed. It appears that our call was going point-to-point, over IPv6 (no NAT), directly between devices.

    So, as the Internet was designed…​

    read more
  2. DMARC Works

    Earlier today I received a few notifications of bounced mail from Google. This was odd seeing as how I hadn’t sent any mail to Google in a while. Upon further inspection, the messages originated from an application running on one of my servers. These were password reset messages destined …

    read more
  3. E-mail Security

    Way back when, e-mail was from server-to-server, and really client-to-server as well, without much thought to security. Messages were transmitted in plain text (no encryption) and the only people reading your mail (literally) were the system administrators who ran the email server. Of course, those system administrators knew what was …

    read more
  4. Okay, this is a neat attack...

    This morning I received an email from my "administrator" saying that I needed to validate my email address within the next 48 hours or my email account would be suspended.  Seeing as how I'm my own email administrator, I couldn't remember sending out such a message, I decided that this …

    read more
  5. Signing PGP keys

    If you've recently completed a key signing party or have otherwise met up with other people and have exchanged key fingerprints and verified IDs, it's now time to sign the keys you trust.  There are several different ways of completing this task and I'll discuss two of them now.

    caff …

    read more
  6. Secure E-mail

    E-mail is inherently insecure.  Just as sending a post card, any message sent by e-mail can be read by any number of people, including those monitoring the network path, the servers that process the message along its route, or anyone with access to the distant computer.  Basically you should consider …

    read more
  7. Kicking RC4 out the door

    I've been arguing with my web hosting company about their use of RC4.  Like many enterprise networks they aren't consistent across all their servers with respect to available ciphers and such.  It appears that all customer servers support TLS_RSA_WITH_CAMELLIA_256_CBC_SHA and TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, in addition to TLS_RSA_WITH_RC4_128_SHA (although the latter is preferred …

    read more
  8. Encrypting SMS messages and phone calls on Android

    Much of our daily lives are contained within our smartphones and computers.  Email, text messages, and phone calls all contain bits and pieces of information that, in the wrong hands, could harm our privacy. Unfortunately many people either don't understand how vulnerable their data is when sent across the Internet …

    read more
  9. Removing dependencies when using yum

    yellowdog updater modifiedA forthcoming article on the Red Hat Security Blog got me to ask the question: is it possible to have yum remove dependencies when uninstalling packages?  The answer is a somewhat surprising "yes"!  The functionality is turned off by default for a good reason but that's no reason why everyone …

    read more
  10. US-CERT: Java vulnerability

    A bad (as in it's a 10) Java vulnerability has been discovered.  Affecting Java 7 Update 10 and prior versions, this vulnerability can allow an untrusted Java applet to escalate its privileges without requiring code signing.

    Currently, the only defense to this vulnerability is to disable Java in your browser …

    read more
  11. New year, updated keys.

    GnuPG LogoI run a SKS key server and watch my daily numbers to see how many keys get updated, etc.  Being a numbers guy I wondered how many people, like me, update their GPG keys, I specifically update the expiration date and generate new encryption keys annually, at the beginning of …

    read more
  12. End user security for web browsing

    Someone asked me, earlier this week, how to setup a "very secure Fedora 16..." system for a user that mostly surfs the web and uses email. Instead of responding directly to that user I'm writing this in order to get others to comment and provide additional information that I may …

    read more
  13. Complex, secure passwords made easy

    I attended a talk by Aaron Toponce at Ohio Linux Fest on password security.  Everyone knows you shouldn't use a simple password that is easily guessable and that you shouldn't use the same password for every account but how do you make unique, complex passwords and only use it once …

    read more
  14. Does Google's multi-factor authentication make your security weaker?

    A few months back Google introduced "2-step verification" for all Google accounts.  This amounted to multi-factor authentication (something you know (password) and something you have (token)) for all web-based Google applications.  Cool, right?  They created an app for the Android, I-Phone, and Blackberry devices that acted like a token and …

    read more
  15. HTTPS-Everywhere

    The other day I found myself reading about a new Firefox plugin that will automatically select HTTPS for various websites (and you can make your own rules, too).  The plugin, created by the EFF, is named HTTPS Everywhere.

    Basically it knows that there are several popular websites out there that …

    read more
  16. Expiring OpenPGP keys...

    A discussion was had on one of the Fedora IRC channels months ago about the "proper" way to handle expiring GPG keys without breaking the web of trust. It was my opinion that by generating new keys every so often (yearly?) that it would increase the security of the overall …

    read more
  17. Securing Instant Messaging

    More and more sensitive communications are occurring over unsecure instant messaging (IM) systems. These messages go through a third-party and can be read anywhere along the way. An easy, open-source solution does exist to help protect these communications, however.

    First you need the IM client called Pidgin. This client works …

    read more