Archive for the 'Security' Category

Mark’s [Russinovich] Blog : The Machine SID Duplication Myth

Tuesday, November 3rd, 2009

about windows SID issues and machine cloning: explains what windows SID is, who it is used, and why you should or shouldn’t change it when you image-clone a windows machine

OpenSSH Public Key Authentication

Friday, October 9th, 2009

notes on setting up SSH pubic key auth

[freeware ipsec vpn client for windows] Shrew Soft Inc : Download

Thursday, October 1st, 2009

An alternative to CiscoVPN Client, which is, sadly, is known not to work on 64bit versions of windows xp/vista/7.

Email Blacklist Check – See if your server is blacklisted

Friday, August 28th, 2009

website that does blacklist lookups.

Appendix F – Personal observations on the reliability of the Shuttle by R. P. Feynman

Wednesday, July 1st, 2009

famous and somewhat forgotten so called “minority report” by Richard Feynman on the aftermath of Challenger Shuttle disaster in 1986 that determent that management culture of NASA to responsible for the disaster, and not some particular technical fa…

Tenable Network Security: Ranum’s Rants – The Anatomy of Security Disasters

Wednesday, July 1st, 2009

highly recommended read for anyone dealing with security and PHBs. This is by http://en.wikipedia.org/wiki/Marcus_J._Ranum

http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf

Monday, May 4th, 2009

Interesting paper from UCSB with statistics provided by hijacking torpig bootnet for aprox. 10 days.

Behind Pwn2Own: Exclusive Interview With Charlie Miller : Introduction – Review Tom’s Hardware

Monday, March 30th, 2009

Charlie Miller is the one who broke in to up2date fully patched mac in about 1 minute and won (macbook air ) in the latest Pwn2Own content. Good read if you have 20 minutes.

Providing Active Directory authentication via Kerberos protocol in Apache

Tuesday, February 10th, 2009

Apache authentication against AD (via Kerberos). Really easy to do, but make sure you put your kerberos real all in UPPER CASE, i.e. MYDOMAIN.COM. If you are using something like MYDOMIAN, then put it into config as MYDOMAIN.LOCAL

Automated HTTPS Cookie Hijacking | fscked.org

Wednesday, September 17th, 2008

a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they _only_ delivered via https. Otherwise bad ppl can hijack them.