An Illustrated Guide to SSH Agent Forwarding
5 weeks ago by rtlechow
Nice diagrams.
reference
security
ssh
unix
5 weeks ago by rtlechow
FACT CHECK: SCADA Systems Are Online Now
november 2011 by rtlechow
"For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air."
security
unix
november 2011 by rtlechow
Missing dots from email addresses opens 20GB data leak | Naked Security
september 2011 by rtlechow
"Security researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo. The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.
Researchers Peter Kim and Garrett Gee did this by buying 30 internet domains they thought people would send emails to by accident (a practice known as typosquatting).
The domain names they chose were all identical to subdomains used by Fortune 500 companies save for a missing dot."
security
hacking
email
Researchers Peter Kim and Garrett Gee did this by buying 30 internet domains they thought people would send emails to by accident (a practice known as typosquatting).
The domain names they chose were all identical to subdomains used by Fortune 500 companies save for a missing dot."
september 2011 by rtlechow
Schneier on Security: Detecting Words and Phrases in Encrypted VoIP Calls
march 2011 by rtlechow
Our results indicate that we can identify phrases within encrypted calls with an average accuracy of 50%, and with accuracy greater than 90% for some phrases. Clearly, such an attack calls into question the efficacy of current VoIP encryption standards. In addition, we examine the impact of various features of the underlying audio on our performance and discuss methods for mitigation.
encryption
privacy
research
security
march 2011 by rtlechow
pwnat - NAT to NAT client-server communication
march 2010 by rtlechow
"pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party. There is no middle man, no proxy, no 3rd party, no UPnP/STUN/ICE required, no spoofing, and no DNS tricks."
networking
network
security
software
vpn
tunnel
sysadmin
tunneling
linux
udp
nat
march 2010 by rtlechow
Matasano Security LLC - Chargen - Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes
march 2010 by rtlechow
"Speed is exactly what you don’t want in a password hash function."
security
password
cryptography
crypto
web
database
encryption
programming
hashing
passwords
march 2010 by rtlechow
skipfish - Project Hosting on Google Code
march 2010 by rtlechow
"A fully automated, active web application security reconnaissance tool. Key features:
* High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
* Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
* Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. "
security
web
google
tools
opensource
webdev
scanner
software
* High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
* Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
* Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. "
march 2010 by rtlechow
Panopticlick
january 2010 by rtlechow
Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies. Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web.
privacy
security
web
browser
tools
information
test
tracking
eff
january 2010 by rtlechow
related tags
account ⊕ activism ⊕ admin ⊕ administration ⊕ aes ⊕ airlock ⊕ algorithms ⊕ analysis ⊕ antipatterns ⊕ app ⊕ apple ⊕ architecture ⊕ article ⊕ attr_protected ⊕ auth ⊕ authentication ⊕ authlogic ⊕ authorization ⊕ backup ⊕ backups ⊕ blog ⊕ blogs ⊕ bluetooth ⊕ book ⊕ books ⊕ botnet ⊕ bots ⊕ browser ⊕ business ⊕ carding ⊕ cc ⊕ cisco ⊕ client ⊕ cloud ⊕ comic ⊕ community ⊕ computer ⊕ computers ⊕ computerscience ⊕ computing ⊕ conference ⊕ conspiracy ⊕ cool ⊕ crack ⊕ cracking ⊕ crypto ⊕ cryptography ⊕ css ⊕ culture ⊕ data ⊕ database ⊕ davix ⊕ debug ⊕ debugging ⊕ democracy ⊕ des ⊕ design ⊕ development ⊕ directory ⊕ diy ⊕ dli ⊕ dns ⊕ documentation ⊕ eff ⊕ email ⊕ encoding ⊕ encryption ⊕ entertainment ⊕ ephemeral ⊕ exception ⊕ exploits ⊕ extension ⊕ extensions ⊕ fail ⊕ failure ⊕ filesystem ⊕ firefox ⊕ firewall ⊕ forum ⊕ free ⊕ freelance ⊕ funny ⊕ fuzzing ⊕ gadgets ⊕ geek ⊕ gem ⊕ gmail ⊕ google ⊕ greasemonkey ⊕ groups ⊕ gui ⊕ guide ⊕ hack ⊕ hacker ⊕ hacking ⊕ hacks ⊕ harddrive ⊕ hardware ⊕ hashing ⊕ hidden ⊕ home ⊕ house ⊕ howto ⊕ http ⊕ humor ⊕ humour ⊕ id ⊕ ideas ⊕ image ⊕ information ⊕ infosec ⊕ injection ⊕ internet ⊕ iphone ⊕ iptv ⊕ jwz ⊕ keys ⊕ language ⊕ ldap ⊕ learning ⊕ lecture ⊕ lectures ⊕ linux ⊕ livecd ⊕ local-openid ⊕ loggers ⊕ logging ⊕ login ⊕ mac ⊕ macosx ⊕ manipulation ⊕ manual ⊕ migrations ⊕ mining ⊕ modeling ⊕ mysql ⊕ nat ⊕ network ⊕ networking ⊕ news ⊕ oauth ⊕ online ⊕ open ⊕ openid ⊕ openldap ⊕ opensource ⊕ openssh ⊕ osx ⊕ p2p ⊕ password ⊕ passwords ⊕ patterns ⊕ pentest ⊕ performance ⊕ permissions ⊕ phones ⊕ pki ⊕ plugin ⊕ plugins ⊕ png ⊕ podcasts ⊕ politics ⊕ privacy ⊕ productivity ⊕ programming ⊕ protocol ⊕ proxy ⊕ psychology ⊕ rack ⊕ radio ⊕ rails ⊕ reference ⊕ research ⊕ resources ⊕ risk ⊕ risks ⊕ ror ⊕ rsync ⊕ ruby ⊕ rubyonrails ⊕ s3 ⊕ scanner ⊕ search ⊕ secret ⊕ security ⊖ server ⊕ service ⊕ sessions ⊕ shell ⊕ shmoo ⊕ shopping ⊕ sinatra ⊕ social ⊕ socialmedia ⊕ socialnetworks ⊕ software ⊕ software:mac ⊕ spam ⊕ sql ⊕ ssh ⊕ ssl ⊕ stackoverflow ⊕ storage ⊕ sysadmin ⊕ system ⊕ tcp ⊕ teams ⊕ tech ⊕ technology ⊕ telecom ⊕ telephony ⊕ temporary ⊕ terrorism ⊕ test ⊕ testing ⊕ tips ⊕ tool ⊕ tools ⊕ toronto ⊕ torrent ⊕ torrents ⊕ tracking ⊕ transportation ⊕ tricks ⊕ tunnel ⊕ tunneling ⊕ tutorial ⊕ tutorials ⊕ twitter ⊕ udp ⊕ underground ⊕ unix ⊕ user ⊕ utilities ⊕ utility ⊕ video ⊕ videos ⊕ visualization ⊕ vpn ⊕ vulnerabilities ⊕ vulnerability ⊕ war ⊕ web ⊕ webdesign ⊕ webdev ⊕ webserver ⊕ wep ⊕ wiki ⊕ wikipedia ⊕ windows ⊕ wireless ⊕ work ⊕ x509 ⊕ zine ⊕ zombie ⊕Copy this bookmark: