Tag: security

  1. Testing an RFID blocking wallet.

    06 January 2023

    A couple of years back, when we thought that the covid pandemic might actually be over someday I did some research on RFID blocking fabric to see if it was actually worth anything. Somewhat surprisingly, I discovered that it does actually do what it says it does, within certain parameters (if you don't use something right it won't work; who knew?)

    Late last year two noteworthy things happened: First, I finally got my hands on a Flipper Zero after waiting many months for it to arrive (no thanks to US Customs seizing the shipment for unspecified reasons) and spent some …

    Read more...

  2. Setting up a private Matrix server.

    21 January 2020

    EDIT - 20200804 - Updated the Nginx stanzas because the newer versions of Certbot do all the work of setting up SSL/TLS support for you, including the most basic Nginx settings.  If you have them there you'll run into trouble unless you delete them or comment them out.  Also, Certbot centralizes all of the appropriate SSL configuration and hardening settings into a single includable file (/etc/letsencrypt/options-ssl-nginx.conf) for ease of maintenance.

    A couple of years ago I spent some time trying to set up Matrix, a self-hosted instant messaging and chat system that works a little like Jabber, a …

    Read more...

  3. Generating passwords.

    22 May 2018

    A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen.  If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated.  Good times.

    You've probably wondered why stolen passwords are dangerous.  There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services.  Coupled with the fact that many online services use e-mail addresses as usernames, this means that all …

    Read more...

  4. DefCon 22 presentation notes

    20 August 2014

    Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.

    One Man Shop: Building an Effective Security Program All By Yourself - Medic

    • Integrate with environment
    • Continuous monitoring
    • People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
    • Compliance, per usual, means dick in the final analysis
    • Roughly five year plan w/ deliverables
    • Needs organizational supprt. Still answers to the Business.
    • Supports, !replaces Business
    • Security will not mature past …

    Read more...

  5. DefCon 22: The writeup.

    18 August 2014

    The reason I've been quiet so much lately and letting my constructs handle posting things for me is because I was getting ready to attend DefCon 22, one of the largest hacker cons in the world. It's been quite a few years since I last attended DefCon (the last one was DefCon 9, back in 2001.ev) due to the fact that Vegas is, in point of fact, stupidly expensive and when you get right down to it I need to pay bills more than I need to fly to Las Vegas for most of a week. I'm also in …

    Read more...

  6. A random USB port in my hotel room.

    10 July 2014

    When I was in DC a couple of weeks ago, I noticed that the lamps in my hotel room had USB ports in them, presumably for plugging in smart devices to recharge in the event that the traveler did not bring a power strip. Most hotels aren't known for offering a surplus of power outlets.

    Seeing as how I was back in Washington, DC, called by some The City of Spies, I couldn't help but wonder how such a thing could be used offensively. Let's say I wanted to gig somebody's smartphone with some canned exploits and a malware package …

    Read more...

  7. Another possible solution to an NP-complete problem?

    23 April 2014

    A couple of days ago a research team comprised of faculty at Nanyang Technological University in Singapore, the University of Southampton in the UK, and IQFR-CSIC in Madrid, Spain published a paper containing a creative solution to a problem known to be NP-complete, namely a version of the traveling salesman problem. The TSP, in summary, postulates a scenario in which you have an arbitrary number of towns spread over a large area and an arbitrary number of paths connecting them. What is the shortest possible path one can take in which the traveler visits each town only once and returns …

    Read more...

1 / 3