Linux? Linux. Linux... Linux. Oh, and user interfaces.

ObDisclaimer: I don't design user interfaces for a living.

Originally, I was working on a post about Linux - about why I switched to it, and pontificating about why more people haven't. After writing about half of it I let the article soak for a while and returned to the text later, and I realized that I was having an un-earned grey beard and suspenders moment. There is no point in talking about why I started using Linux because the reasons for it are, in truth, not particularly relevant in this day and age of plentiful processor cycles and disk space …

Read more...

Setting up encrypted swap.

As computers go these days, it is not unusual for the amount of free RAM to reach a critical level at which no other processes will fit into what little unused memory is left. Modern operating systems will then start swapping pages of memory to disk to make room; the data can be read back in later if necessary. This is a procedure called swapping, and it can take several forms. Windows maintains a large hidden file somewhere on the drive (usually in the root directory of C:) which it uses for this purpose. Linux, UNIX, and UNIX-alikes most often …

Read more...

Conflicker information and links - distribute widely!

As you have probably heard on the news a new beastie has been making its rounds on the Net, infiltrating Windows machines and awaiting the coming of the first of April - April Fool's Day. Unfortunately, like Y2k and the Michaelangelo virus, there is an incredible amount of misinformation out there making this worm out to be The End of the Net As We Know It - to hear some of the chatterbots talking heads, the milk in your fridge could curdle and your cat will marry your dog if your workstation gets infected. To be fair, nobody's sure of what Conflicker …

Read more...

Practical whole disk encryption, or, how to frustrate data forensics.

When you get right down to it, the best way for an attacker to get hold of your data is to shut the box down, pull the drive, and rip a sector-by-sector image to analyze offsite. It might not be quick (depending on the speed of the hard drive, speed of the storage drive, and a number of other factors) but if you're not there when it's done you might not know that it ever happened. However, if you encrypt data at the level of the drive, they can copy the drive all they want but they won't be able …

Read more...

Safe browsing from hacker cons: Running a personal proxy.

Whenever I plan on using my laptop at a convention, in particular at hacker cons, it's practically assured that an unknown number of attendees will be monitoring the wireless network in some manner for nefarious purposes. Because many application protocols in use do not use cryptographic systems to protect traffic (like instant messenger and webmail), it's possible to record what people are doing as they do it, or worse record the credentials used to log in. The software to do this is trivially easy to acquire because protocol analyzers (more commonly called packet sniffers) have legitimate uses when troubleshooting networks …

Read more...

FIXED - Truecrypt v6.0a released.

I'm well over a week late with this post, but better late than never. The Truecrypt Foundation announced on 8 July 2008 that v6.0a of Truecrypt, the cross-platform disk encryption package was released to the Net, along with its source code. Judging by the changelogs, it stands head and shoulders above the last releases (v5.1 and v5.1a) in several important respects. First and foremost, the new release takes full advantage of systems that have more than one CPU in them (like many laptops these days), so if you're using whole disk encryption storage I/O will be …

Read more...

MBR infecting rootkits: All the old things are new again.

It seems as if malware evolves just as fast as biological diseases anymore. Earlier this year, it was made public that batches of flu vaccine were probably ineffective against this year's upper respiratory plague that I've complained about more than enough lately (my apologies to house Laurelinde, though - Lyssa and I will bring over something tasty soon for you). Around the same time, a new strain of rootkit called Mebroot hit the Net that infects the Master Boot Record of boxen it's installed into. It compromises the machine below the level of the operating system because executable code referenced by …

Read more...

Microsoft admits that Vista is bloatware.

If you've ever installed Microsoft Vista yourself (or looked around in the hard drive of your brand new box), chances are you'd be surprised to find that it's a hog for disk space. An install of Vista can take up anywhere from seven to fifteen (!) gigabytes of disk space, which most people can eat because hard drives these days are typically in the hundreds of gigabytes. Still, that's a hell of a lot of binary; maybe if you've installed a load of applications and patches over a year or so, I can see that, but when you factor in everything …

Read more...

Two heads-up posts from the infosec world that could hit close to home.

First off, someone's created a trojan horse program that affects unlocked Apple iPhones. By definition, you can't install anything on an iPhone unless you crack it, so the impact of this is potentially smaller than it could be. At any rate, it pretends to be a patch for v1.1.3 of the iPhone firmware. It doesn't do anything until you try to uninstall it (because it doesn't look like it does anything), at which time it will take any copies of OpenSSH and Erica's Utilities with it when it goes. While the original website that offered this utility is …

Read more...

DRM: When you absolutely, positively need to get screwed because your home media system is too good.

DRM: Digital Rights Management. A technology which uses strong crypto to control whether or not a particular computer is permitted to decrypt and play back a particular media file. The idea is that unless a given box has been outfitted with a particular certificate, it doesn't matter if the files are shared or not, only the system for which the certificates were issued could play them back, assuming that the company that provided the certificates didn't decide to revoke them or something.

The 'or something' is the operative part of what screwed one Davis Freeberg not too long ago: An …

Read more...