Blog (tagged #Security)

Using SSH agent for sudo authentication on Ubuntu

Thanks to a post at www.drhevans.com/blog/posts/195-using-ssh-agent-for-sudo-authentication/ I got a starting point, however a few things didn't quite work out (I had to install checkinstall as a prerequisite and edit the client machine user's ssh config) so here's the adjusted instructions (updated Feb 2015). You can chckout the project on GitHub - github.com/cpick/pam-ssh-agent-auth

New Take on Passwords

The otherday I watched episode 303 of Security Now and Steve has a very interesting take on passwords. Essentially assuming we don't have a dictonary word then it's all about using as many different types of characters as possible. Yes length still matters but entropy (randomness) doesn't. By not having an easily guessed password you're forcing an attacker to do a brute force attack and by having as many different types of characters as possible you're increasing the number of passwords they have to guess. Steve's put a page up on his website to demonstrate this point - www.grc.com/haystack.htm.

Don't Screw with a Hacker's Machine

Ever wondered why you shouldn't screw with a hacker's machine, here's why:

The Use and Abuse of Multi-Factor Authentication in Consumer Facing Systems

Authentication is the process of proving to a computer (or other system) that you are who you claim to be. There are several methods of doing this, of which the most common is a password.

Make SSH Hang Higher

Several of the scripts used by the script kiddie varity of crackers assume a large amount about the system(s) they're attacking. Some simple changes to the configuration of SSH make sure that other machines are an easier target, thus making their fruit hang lower than yours. All that needs done is to change the port you use for SSH, so follow these steps to make SSH listen on another port, simply replace <PORT> with whatever number you want to use, for extra piece of mind keep it above 1024. It looks like there's a lot of steps but it can be done in under 2 minutes.

Contactless Credit Cards - Too Convenient

These new contactless credit cards are just so convenient. I mean you don't even need to slide it into a machine just wave it near. Or have the machine waved near the card. Add in a directional antenna and you don't even need to be close to the person.

Fire Sheep

If you're ever sitting on an open wifi hot spot, wondering what he people around you are looking at then you need the new FireFox extension FireSheep.

VPS Admin Links

Just a few useful reference links so I can find them:

VPS Entropy

Entropy (ie the source of random numbers) is generated by keeping an eye on such things as mouse/keyboard use, hardware interupts. However on VPSs some of this is unavailable, so here's the process for using the bitfolk entropy service.

Massive Internet Security Upgrade

I was all set to post one of a few 'ready to go' blog posts today when I ventured upon this story - Firms Tackle Security Flaw In Web Addressing System.

Mozilla Plugin Checker

Mozilla (home of FireFox) has provided a method of checking that your browser plugins are upto date. This has been extended to check plugins of other browsers too. Simply visit www.mozilla.com/plugincheck.

VPS Setup Guide

This is intended to be a very basic guide to getting a VPS up and going, it's aimed at the hobbiest who has enough linux knowledge to want to use a VPS but isn't quite sure how to go about getting it up and going. It assumes you'll be using an Ubuntu VPS from bitfolk, if this isn't the case then some of the things in this guide may be slightly off.