Subscribe: Peregrine » Security
http://blog.openbrainstem.net/peregrine/category/security/feed/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
article  blog  bruce schneier  bruce  good  microsoft  open source  people  privacy  read  schneier  security  software  spam  story  today 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Peregrine » Security

Peregrine » Security



Stuff I Decided to Write



Last Build Date: Mon, 16 Jan 2012 19:49:17 +0000

 



Barracuda Networks Details Security Breach

Mon, 02 May 2011 16:18:08 +0000

Barracuda Networks website suffered a breach on April 8, 2011. It appears that all the crackers got were some people’s names and email addresses from a Marketing database used to send event announcements and such emails to opt-in customers. On Tuesday, April 26, Oliver Wai, a Product Marketing Manager at Barracuda Networks posted a blog [...]



UTOSC 2009 Keysigning non-Party

Sun, 11 Oct 2009 04:46:42 +0000

Oh, well. That was mostly a bust. There were only twelve people in the room at the peak of it and only 7-8 traded keys. With all the last minute work going on, the Utah Open Source Conference 2009 organizers didn’t have the chance to get the word out from my post on doing the [...]



Utah Open Source Conference 2009

Thu, 08 Oct 2009 03:13:32 +0000

Visit [ http://www.utosc.com/ ] for the details. This year, I’m not doing any presentation. I have some ideas for next year. I will be running the keysigning party on Friday, October 9 at 7:15pm at the conference. I’m stepping into doing this a bit last minute, so we’re going to provide some additional info and [...]



Block SSH Cracking Bot-Nets with Netfilter

Fri, 02 Jan 2009 19:26:49 +0000

A few weeks ago, I was looking through some Netfilter documentation, just poking around, looking at some modules I’ve never seen/played-with/hear-of and I came across the recent module. I decided to try it out on one of my servers that gets anywhere from zero (0) to tens of thousands of crack attempts via SSH per [...]



Petrov Day

Wed, 26 Sep 2007 23:24:10 +0000

I’ll thank Tene for pointing me at this one: Take a look at http://www.overcomingbias.com/2007/09/926-is-petrov-d.html. This was probably one of the most important moments and one of the best decisions anyone ever made in the entirety of the 20th century. Petrov decided to not destroy the world just because a bunch of flashing lights told him [...]



sign-lots-o-keys

Wed, 12 Sep 2007 00:00:51 +0000

On the last day of the Utah Open Source Conference 2007 (UTOSC), there was a PGP/GPG key signing party, hosted by Scott Paul Robertson. It was good to be able to get set up to properly sign so many keys, but it did give me a little problem; I needed to sign everyones’ keys with [...]



Gun Shapped Notebook Battery

Sat, 18 Aug 2007 14:15:45 +0000

Poor Ben Forta. The fact that he’s actually struggled to get through airports for a while before figuring this out seems rather strange to me. How could he be the only one? Why have none of my co-workers (at least, to my knowledge) not had similar troubles with their ThinkPad notebooks? It seems that several [...]



IRS Security Troubles

Thu, 16 Aug 2007 16:49:05 +0000

Simply, un-excusably Amazing. The recent MSNBC story, “Computer security problems found at IRS,” discusses security problems found at the IRS. One of the more interesting items: Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and [...]



Commercial eVoting Security Problems Abound

Wed, 15 Aug 2007 19:46:04 +0000

Recently, California’s Secretary of State was required to perform a security screening of the eVoting systems that the State of California is thinking of/planning to use. The California Secretary of State appears to have been highly opposed to this outside audit process, according to information found within the official reports (the site has lots of [...]



DHS Wants DNSSEC keys

Mon, 09 Apr 2007 19:42:38 +0000

You might not know what DNSSEC is. That’s fine, most people don’t know either. The basic idea is to implement a replacement for the horribly flawed security model of standard DNS while not breaking backward compatibility. That’s what DNSSEC is, in a nutshell. It works by using methods similar to the way that SSL key-signing [...]



Body Armour for Children

Wed, 28 Mar 2007 20:32:04 +0000

In the UK, some parents are buying body armour for their children. This seems to be mostly into response to a couple of recent murders of London teenagers. I can understand parents wanting to protect their children. Security isn’t always about the actual security. Sometimes, the perception of security is more important than the value [...]



Vista’s New TCP/IP Stack

Tue, 30 Jan 2007 23:03:12 +0000

I came across this article at Microsoft today. A Google search for vista networking stack shows several commentaries about the Microsoft article. One writen commented about how bugs that were erradicated 15-20 years ago in TCP/IP stacks are back in Microsoft’s new stack. Taking a look at the bullet points in the article, the very [...]



Dogbert’s Password Recovery Service for Morons

Thu, 25 Jan 2007 21:52:44 +0000

Enjoy not just one, but two great Dilbert cartoons.



Gift Card Fraud

Fri, 01 Dec 2006 00:13:22 +0000

One of my sisters forwarded an email to me regarding a “new” scam: Well, the crooks have found a way to rob you of your gift card balance. If you buy Gift Cards from a display rack that has various store cards you may become a victim of theft. Crooks are now jotting down the [...]



No Shirt, No Shoes, No ID, No Service

Wed, 29 Nov 2006 20:28:26 +0000

A man in Quincy, Massachusetts was refused service at the local IHOP restaurant when he refused to turn over his driver’s license before being seated. Hilarious. But there’s a great security point here, too. They wanted to reduce the incidence of “dine-n-dash” events, where people skip out without paying. Holding your driver’s license would surely [...]



Podcast with Bruce About RFID Passports

Thu, 23 Nov 2006 22:40:26 +0000

If you care about security issues and/or your privacy at all, you should be concerned about the deployments (and pending deployments) of passports with RFID chips embedded in them. Bruce Schneier, CTO of BT Counterpane, author and world-renowned security expert & privacy advocate gave an interview regarding RFID passports. It is available as a podcast. [...]


Media Files:
http://www.chyp.com/podcasts/DIF_010_Bruce_Schneier.m4a




FIDIS on RFID Passports

Thu, 09 Nov 2006 20:17:26 +0000

The “Budapest Declaration on Machine Readable Travel Documents” is an interesting and informative read: Abstract: By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international Machine Readable Travel Documents which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation [...]



Response: A Good Security Design for an Office

Thu, 09 Nov 2006 18:30:53 +0000

Russel Coker recently posted an article to his blog titled, “A Good Security Design for an Office“. It’s a very good read. There’s nothing earth-shattering in there, but plenty of gems that most people either forget about or never figure out. There are a couple of things that I wanted to comment on (there is [...]



Electronic Voting Machines “Malfunction”

Wed, 01 Nov 2006 22:53:28 +0000

No surprise here. Since the electronic voting equipment manufacturers are completely incompetent when it comes to security, I and any other person with a working brain (when it comes to security, that is) have been expecting that we would be hearing an awful lot about machines “malfunctioning” in this year’s election. If you haven’t caught [...]



Writing Secure Code: 8 Basic (Microsoft) Rules

Tue, 31 Oct 2006 22:25:46 +0000

While reading some things today, I stumbled across this MSDN Mag article titled, “8 Simple Rules For Developing More Secure Code“. There is nothing groundbreaking in this article, but it is a good collection and summary of these important and truly basic, programming principles. Some are easier to implement in an existing development pipeline and [...]



Centralized Food Processing Puts Us at Risk

Fri, 20 Oct 2006 17:39:57 +0000

This very well written article describes (in very easily understood terms) how the centralization and industrialization of food processing in the U.S. has lead to the point where contamination can easily occur and is very hard to track down. It also points out how we could easily make the problem much, much worse. Rather than [...]



TSA Gets Part of Their Brain Back

Tue, 26 Sep 2006 05:29:00 +0000

According to a TSA press release, the existing ban on an entire state of matter (liquids) and gels is partially lifted, effective as of today. Many (including myself) have previously written about how this particular move was useless security theater. It’s about time! Too bad they are trying to tiptoe their way back to sanity. [...]



TrackMeNot

Fri, 15 Sep 2006 20:37:28 +0000

A few days ago, Peter Abilla published a post about TrackMeNot. I had read about TrackMeNot a little more than a week before on Bruce Schneier’s blog, and so I already knew TrackMeNot was a flawed idea. Peter also makes some very good points in his post, but, unfortunately, it falls short of pointing out [...]



Quickest Microsoft Patch Ever

Thu, 07 Sep 2006 16:51:19 +0000

I just read this story by Bruce Schneier on Wired. You really should read the whole article,even though I summarize it here. The folks at FairUse4WM cracked Microsoft’s PlaysForSure DRM software in Microsoft Windows Media Player. If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities [...]



Web Browsers and Encryption

Fri, 01 Sep 2006 19:41:57 +0000

While we’re on the subject of browser safety, please, everyone follow this advice: turn off SSL v2 support in every web browser you use. The default configurations of almost all web browsers still leave SSL2 support on for backwards compatibility. There is no such thing as a legitimate encrypted website that uses SSL2, which is [...]



Smart State Trooper Captures Fugitive Polygamist

Fri, 01 Sep 2006 03:21:05 +0000

CNN published this story about the capture of Warren Jeffs. It’s an interesting read. However, what I think is a more important part might go unnoticed by most people. A paper license tag, a salad and stories that didn’t make sense pricked the suspicions of a state trooper who stopped the car of a wanted [...]



Blog SPAM as Phishing Bait

Thu, 31 Aug 2006 00:28:45 +0000

Today, I decided to take a look at a couple of the links that blog spammers have been trying to put up in my blogs’ comments. Most of it actually led to “anti-spam” websites that are actually spam list phishers. This is, of course, very clever of the spammers. First, they put spam up that [...]



More Security by Overreaction

Mon, 28 Aug 2006 19:35:22 +0000

Wow. This story even includes a WoW reference. Yet another example of security by overreaction. Although I’m not a lawyer in Canada or anywhere else, but it sure feels like this guys rights were ignored. It is especially disturbing to me that his notebook was riffled after he was already cleared; after the authorities decided [...]



What the Terrorists Want

Thu, 24 Aug 2006 23:00:47 +0000

I’m going to provide a couple of quotes from one of Bruce Schneier‘s latest blog articles titled, “What the Terrorists Want.” The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing [...]



Too Many Checked Bags

Thu, 24 Aug 2006 22:13:18 +0000

In today’s issue of USA Today, there is a story about how the surge in quantity of checked lunggage to be processed in U.S. airports is overwhelming the TSA baggage screening systems. I am not the least bit surprised; I (and many others) predicted that this overload would result from the rule changes “prohibiting an [...]



Travel Challenges

Sun, 13 Aug 2006 05:17:08 +0000

As I am sure everyone has heard by now, on Monday, Brittish authorities arrested nearly 2 dozen suspected terrorists and raided their homes. It is believed that this action foiled an Al Qaeda plot to blow up as many as 6-12 trans-Atlantic airliners as they reached U.S. soil. Because of the methods these individuals planned [...]



Passenger Aircraft Remote Override Software

Fri, 28 Jul 2006 21:40:13 +0000

This story about a group of 30 some odd European businessmen who just announced that they are developing software to be installed on passenger aircraft. This new system is intended to give a ground control station (apparently, the remote control software won’t work on airborn computers) the ability to thwart any on-board hijacking attempt. The [...]



U.S. Navy Gets Patent on Firewall?

Fri, 07 Jul 2006 15:34:59 +0000

Reading this newly issued patent, it sure seems like they are talking about a firewall to me. I first read about this on Bruce Schneier‘s blog.



Response: Django with HTTP Authentication

Fri, 30 Jun 2006 16:48:17 +0000

NOTE: I have not seen Scott’s code. This means that my conclusions about his method could be wrong, depending on whether or not he has already dealt with the issues. In a recent post by Scott Paul Robertson on his blog titled, Django with HTTP Authentication, he builds a workaround for Django‘s lack of a [...]



‘Trusted Traveler’ Program Knocked

Fri, 23 Jun 2006 01:41:30 +0000

Also in today’s issue of USA Today was this story about the ill conceived, so-called “SecureFlight” program that the U.S. Congres suggested following the attacks of September 11, 2001. Oh, yeah, the House of Representatives is just the place to find a plethora of individuals who you would want designing security systems. Not! Let me [...]



Awe, nuts!

Fri, 16 Jun 2006 17:12:07 +0000

Well, it finally happened: This morning, I had a couple of SPAM comments on my blog for the first time. I love WordPress; it’s just so easy to deal with the SPAM. Still, it will be nice when open-source people finally create software that fully neuters all SPAM.



The Value of Privacy

Thu, 15 Jun 2006 17:40:35 +0000

I just read this great article by Bruce Schneier. Privacy is a very important matter. Privacy is a central, core component to liberty and true freedom. If we (US Citizens) don’t pay attention to it, there are forces who would like to take it away. Most of the time, we call those forces terrorists, but [...]