Blog (tagged #Security)
Using SSH agent for sudo authentication on Ubuntu
Thanks to a post at www.drhevans.com/blog/posts/195-using-ssh-agent-for-sudo-authentication/ I got a starting point, however a few things didn't quite work out (I had to install checkinstall as a prerequisite and edit the client machine user's ssh config) so here's the adjusted instructions (updated Feb 2015). You can chckout the project on GitHub - github.com/cpick/pam-ssh-agent-auth
New Take on Passwords
The otherday I watched episode 303 of Security Now and Steve has a very interesting take on passwords. Essentially assuming we don't have a dictonary word then it's all about using as many different types of characters as possible. Yes length still matters but entropy (randomness) doesn't. By not having an easily guessed password you're forcing an attacker to do a brute force attack and by having as many different types of characters as possible you're increasing the number of passwords they have to guess. Steve's put a page up on his website to demonstrate this point - www.grc.com/haystack.htm.
Don't Screw with a Hacker's Machine
Ever wondered why you shouldn't screw with a hacker's machine, here's why:
The Use and Abuse of Multi-Factor Authentication in Consumer Facing Systems
Authentication is the process of proving to a computer (or other system) that you are who you claim to be. There are several methods of doing this, of which the most common is a password.
Make SSH Hang Higher
Several of the scripts used by the script kiddie varity of crackers assume a large amount about the system(s) they're attacking. Some simple changes to the configuration of SSH make sure that other machines are an easier target, thus making their fruit hang lower than yours. All that needs done is to change the port you use for SSH, so follow these steps to make SSH listen on another port, simply replace <PORT> with whatever number you want to use, for extra piece of mind keep it above 1024. It looks like there's a lot of steps but it can be done in under 2 minutes.
Contactless Credit Cards - Too Convenient
These new contactless credit cards are just so convenient. I mean you don't even need to slide it into a machine just wave it near. Or have the machine waved near the card. Add in a directional antenna and you don't even need to be close to the person.
If you're ever sitting on an open wifi hot spot, wondering what he people around you are looking at then you need the new FireFox extension FireSheep.
VPS Admin Links
Just a few useful reference links so I can find them:
Entropy (ie the source of random numbers) is generated by keeping an eye on such things as mouse/keyboard use, hardware interupts. However on VPSs some of this is unavailable, so here's the process for using the bitfolk entropy service.
Massive Internet Security Upgrade
I was all set to post one of a few 'ready to go' blog posts today when I ventured upon this story - Firms Tackle Security Flaw In Web Addressing System.
Mozilla Plugin Checker
Mozilla (home of FireFox) has provided a method of checking that your browser plugins are upto date. This has been extended to check plugins of other browsers too. Simply visit www.mozilla.com/plugincheck.
VPS Setup Guide
This is intended to be a very basic guide to getting a VPS up and going, it's aimed at the hobbiest who has enough linux knowledge to want to use a VPS but isn't quite sure how to go about getting it up and going. It assumes you'll be using an Ubuntu VPS from bitfolk, if this isn't the case then some of the things in this guide may be slightly off.