Category: security

gun, foot, shoot

As a chartered member of the British Computer Society (BCS) I recently received through the post my voting forms for the 2008 AGM. The process gives me the option of voting electronically using a website run by Electoral Reform Services. My security codes (two separate numeric IDs, one of six characters, the other of four) …

Continue reading

Permanent link to this article: https://baldric.net/2008/09/25/gun-foot-shoot/

webanalytics – just say no

I have just built myself a new intel core 2 duo based machine to replace one of my older machines which was beginning to struggle under the load of video transcoding I was placing upon it. The new machine is based on an E8400 and is nice and shiny and fast. Because it is a …

Continue reading

Permanent link to this article: https://baldric.net/2008/09/12/webanalytics-just-say-no/

trusting DNS

Dan Kaminsky has (quite rightly) been hitting the press a lot in the weeks since 8 July when he announced the work done to fix a flaw he had discovered in DNS. The vulnerability itself was new, but its impact (cache poisoning) was not. Indeed, we’ve known about the dangers of poisoned DNS caches for …

Continue reading

Permanent link to this article: https://baldric.net/2008/08/10/trusting-dns/

implementing mailman and postfix with lighttpd on debian

I recently needed to set up a mailing list for a group of friends (my bike club). I had become tired of mail bounces and failures because we were all relying on an out of date list of addresses originally cobbled together by one member. That list of addresses was routinely used in “reply all” …

Continue reading

Permanent link to this article: https://baldric.net/2008/07/22/implementing-mailman-and-postfix-with-lighttpd-on-debian/

backtrack 3 released

Any half decent sysadmin will routinely test the security of his or her own systems. A good, and sensible, sysadmin will follow up those tests with an independent security audit by a professional company – preferably one which is a member of a recognised industry body (such as CREST). Finding the holes in your security …

Continue reading

Permanent link to this article: https://baldric.net/2008/06/20/backtrack-3-released/

dental dos

On Tuesday 17 June, Craig Wright, supposedly “Manager of Risk Advisory Services” in an Australian Company called “BDO Kendalls”, posted a rather odd note to Bugtraq and a few other security related lists titled “Hacking Coffee Makers”. In that posting he said that the Jura F90 Coffee maker (which can apparently be networked) was vulnerable …

Continue reading

Permanent link to this article: https://baldric.net/2008/06/19/dental-dos/

xkcd on the openssl fiasco

I’ve had my attention drawn to Randall Munroe’s take on the openssl coding change problem. Beautiful.

Permanent link to this article: https://baldric.net/2008/06/05/xkcd-on-the-openssl-fiasco/

debian and the openssl flaw

Ben Laurie wrote about the Debian SSL problem a couple of weeks ago. That particular post has attracted a huge response which is well worth reading if you care about free open source software and/or privacy/security issues (or even if you don’t). The key point to take from the discussion is that about two years …

Continue reading

Permanent link to this article: https://baldric.net/2008/06/02/debian-and-the-openssl-flaw/

ssh through http proxy

On a mail list I subscribe to I have recently been involved in a discussion about the restrictions sometimes placed on users of WiFi hotspots or hotel networks (to say nothing of the restrictions placed on corporate networks). Some of the suggested solutions involve tunnelling ssh connections over http(s). Other solutions assume that the network …

Continue reading

Permanent link to this article: https://baldric.net/2008/03/01/ssh-through-http-proxy/