Any half decent sysadmin will routinely test the security of his or her own systems. A good, and sensible, sysadmin will follow up those tests with an independent security audit by a professional company – preferably one which is a member of a recognised industry body (such as CREST). Finding the holes in your security …
Category: security
Permanent link to this article: https://baldric.net/2008/06/20/backtrack-3-released/
Jun 19 2008
dental dos
On Tuesday 17 June, Craig Wright, supposedly “Manager of Risk Advisory Services” in an Australian Company called “BDO Kendalls”, posted a rather odd note to Bugtraq and a few other security related lists titled “Hacking Coffee Makers”. In that posting he said that the Jura F90 Coffee maker (which can apparently be networked) was vulnerable …
Permanent link to this article: https://baldric.net/2008/06/19/dental-dos/
Jun 05 2008
xkcd on the openssl fiasco
I’ve had my attention drawn to Randall Munroe’s take on the openssl coding change problem. Beautiful.
Permanent link to this article: https://baldric.net/2008/06/05/xkcd-on-the-openssl-fiasco/
Jun 02 2008
debian and the openssl flaw
Ben Laurie wrote about the Debian SSL problem a couple of weeks ago. That particular post has attracted a huge response which is well worth reading if you care about free open source software and/or privacy/security issues (or even if you don’t). The key point to take from the discussion is that about two years …
Permanent link to this article: https://baldric.net/2008/06/02/debian-and-the-openssl-flaw/
Mar 01 2008
ssh through http proxy
On a mail list I subscribe to I have recently been involved in a discussion about the restrictions sometimes placed on users of WiFi hotspots or hotel networks (to say nothing of the restrictions placed on corporate networks). Some of the suggested solutions involve tunnelling ssh connections over http(s). Other solutions assume that the network …
Permanent link to this article: https://baldric.net/2008/03/01/ssh-through-http-proxy/