Archive for the ‘Security’ Category

Track down your stolen laptop   no comments

Posted at 11:17 am in Computer/IT, Security

http://adeona.cs.washington.edu/

From their site:

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

How do I use it?

Using Adeona only requires downloading and installing a small software client. Adeona is free to use.

Written by admin on August 14th, 2008

Tagged with , ,

Hiding Files with Truecrypt   no comments

Posted at 10:37 pm in Security

Eversince I started computing (back when I was using C64), I was always into cryptography, due largely to my dad’s Cold War spy novels scattered throughout our house. I always wanted to play with codes and ciphers. This journey took me to play with other crypto-software like PCTools7’s PCSecure, my own scripts and codes using substitution cipher and PGP.

After PGP things got really serious for me crypto-wise. The words from Phil Zimmerman’s PGP help file and Bruce Schneier’s Applied Cryptography book constantly echoed in my mind was this:

“There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.

This book is about the latter.”
– Bruce Schneier

Read the rest of this entry »

Written by admin on March 3rd, 2008

Tagged with , , , ,

Schneier’s Crypto-Gram Podcast   no comments

Posted at 10:00 am in Security

I’ve been a long-time subscriber of Bruce Schneier’s Crypto-Gram. Just discovered they now have a podcast.

Dan Henage reads each Crypto-Gram issue in a monthly podcast.

`mplayer http://media.libsyn.com/media/dhenage/crypto-gram-07-03.mp3`

Written by admin on June 1st, 2007

Freedom to — beer!   no comments

Posted at 2:34 pm in Security, real-world

The Beer Belly will let you past security checks allowing you to sneak into movies, concerts, ball games… even at work :) This thing wraps around you and disguises as a beer belly but in essence an adulterated redesign of the famous Camel Bak worn by bikers on their backs for hydration while riding.

Written by admin on May 17th, 2007

generate passwords via gnupg   no comments

Posted at 3:10 pm in Security, self-help

$ gpg -a --gen-random 1 16
L87S3FpsKE36XlZlPkXHLg==

Written by admin on March 6th, 2007

Crypto paranoia   1 comment

Posted at 8:37 am in Security

I’m a sucker for good crypto apps.

Back in the 80’s I used to hide files in C64 using a BASIC script based on substitution cipher.

Then came MS-DOS and PCTools7.

Made lots of batch files using the crypto features of zip and arj.

In the mid-90’s came Zimmerman’s PGP (I still keep my old keys).

I did a few encrypted journals using PGP’s crypto libraries in C.

In Unix I still used PGP and it’s newly incarnated GnuPG (I didn’t trust GPG yet in it’s 0.* versions).

I made my own ARC4 code based on CipherSaber advice.

Played with Perl’s Blowfish/Twofish modules incorporating that into… yes, more private journals.

Installed OpenBSD along with Gentoo.

Then discovered the easeness of A. M. Kuchling’s PyCrypto Toolkit.

Currently my needs have changed, but my love (addiction?!) to crypto is still much alive.

Before Schneier’s PasswordSafe I used to have a list of different passwords for different sites/files that I encrypt with GnuPG.

Now I use KeePass Password Safe for Windows and Keepassx for Gentoo to guard my passwords. They’re all random so I can’t be bothered to remember them all. But I still keep a backup encrypted in GnuPG with a symmetrical key.

I use encrypted filesystems to house my semi-private files. Truecrypt works well for both Windows and Linux. But in Linux I use another system which is EncFS.

I still play with simple crypto systems in my scripts namely substitution ciphers just to scratch an itch every now and then.

And what made me obsessed with crypto? Most probably it’s because of the Cold War period I was born into, and this book that my father kept lying around the house. Plus Wargames and Bladerunner. And a lot of other puzzling things :)

Written by admin on February 22nd, 2007

Drive-by Pharming Threat   no comments

Posted at 11:05 am in Security

This is just in on Bugtraq.

Drive-by Pharming

In gist:

“An attacker can create a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user’s home broadband router and attempts to change its DNS server settings (e.g., to point the user to an attacker-controlled DNS server). Once the user’s machine receives the updated DNS settings from the router (e.g., after the machine is rebooted) future DNS request are made to and resolved by the attacker’s DNS server. “

– Zulfikar Ramzan of Symantec

Fact: a lot of dsl router/modems have default user/passwords. Users rarely, if ever, change them.

Think about the implication. An attacker controlled DNS server can point *insert your favorite webmail/online banking/online shopping site here* to his own mock-up of the site and no one is wiser.

Written by admin on February 16th, 2007