Collaborate Disseminate
As far as I can tell:
It is possible to generate a private keyring (i.e. signing private key, plus associated encryption private key and authentication private key) entirely on an OpenPGP Smartcard (i.e. without ever export… Continue reading OpenPGP SmartCard: generate revocation certificate on-card?
Being able to compare the envelope values against the header field values is potentially useful for detecting fraudulent (e.g. spoofed) mail.
However, email servers, when receiving mail over SMTP, are not required to record … Continue reading Why are email clients prevented from seeing the envelope?
Yes, I know that after giving an SSH public key to someone else, one should always assume that it might have been swiftly published somewhere. (For instance, give your SSH public key to GitHub, and GitHub will publish it. E.g… Continue reading Can a malicious SSH server successfully *pretend* to know a client’s public key?
I am applying configuration management to a VPS hosted by a VPS hosting company. Changing the hosting company is not an option, unfortunately.
This VPS has the following properties:
when newly-imaged or re-imaged, it gener… Continue reading SSH to IP instead of to fully qualified hostname: does this reduce MITM risk?
A shell script (myscript) will be run as root, by cron. It reads IP addresses from a configuration file, and updates iptables to whitelist those IPs for inbound connections.
myscript uses a regexp (regular expression) to par… Continue reading Permissions for configuration file for program run as root that must be modifiable by SFTP
Wikipedia lists five software packages for creating/editing/analysing attack trees.
These software packages do not seem to have settled, between them, upon an agreed file format for attack trees. This lack of standardisation… Continue reading Attack tree file format?
When explaining public key encryption, people commonly use the imagery of keys and padlocks. However, most padlocks have only one key (i.e. only one bitting), and work like this:
The padlock can be locked without any keys; … Continue reading Padlocks suitable as teaching aids for public key cryptography – do they exist?
Let me begin by distinguishing two kinds of identity theft:
Conventional identity theft (e.g. using credentials from ID documents, bank accounts, etc, to commit fraud or other mischief).
Cryptographic identity theft (e.g. using a PGP cer… Continue reading How to avoid identity theft at key signing parties?
Absolute persistence technology amounts to a persistent rootkit pre-installed by many device manufacturers (Acer, Asus, Dell, HP, Lenovo, Samsung, Toshiba, etc) to facilitate LoJack for laptops, and other backdoor services:
The Absolut… Continue reading Detecting and removing Absolute persistence technology
I see that Apple patched OS X to mitigate against K. Chen’s famous Apple keyboard firmware hack.
However:
Apple keyboards can be used with computers running other operating systems; and
in any case, other manufacturers’ keyboards may be… Continue reading Keyboard firmware hack – Linux vulnerable?