After listening to an episode of the Security Now Podcast I was fascinated by the idea of multi-factor authentication. In the perfect paper password episode they discussed using one time passwords that were written on a credit card sized piece of paper. Each time you log in you would have to supply both your password and a pseudo-random one time use password that is on your credit sized perfect paper password card. The next time you logged in you would have to supply the next one time password from the card. When all the passwords are used up you would print another card and start the process over. Read more »

If you ever wanted to quickly encrypt a file in Linux or FreeBSD without complicated keyrings and key files this is the post for you. In this guide we will use gnupg to quickly encrypt any file in Linux or FreeBSD. We will keep it simple and easy and leave out public/private key ring authentication and stick with simple password phrase encryption. Unlike password protection in zip files and other weak security implementation, PGP or GnuPG is a very secure way of encrypting files. It is pretty easy to set up so lets get going. Read more »

Well, today one of the blogs that I maintain for someone was compromised by an SQL injection. The hacker had apparently injected an invisible iframe that contained that loaded a website that contained a trojan. They had also placed invisible links to casinos, porn, and other shady sites. Read more »

Sometimes we have sensitive data that we want to get rid of. Since deleting a file doesn’t actually prevent it from being recovered we need to do some extra steps to ensure that it can’t be recovered. In this post we will use DD to complete this task. DD is often the tool digital forensics use to duplicate hard drives we will use it for a more destructive use so that our data can’t be recovered. Read more »

Sometimes we need to know the MAC address of a specific computer for multiple reasons. For example, I needed to know the MAC address of one of my computers so I could tell the router to assign a specific IP address via DHCP. Another reason you need to know the MAC address is so you can block a specific computer from talking to you. Maybe you need to know the MAC address so you can allow only that computer to communicate with you. There are many reasons for knowing a MAC address of a computer. Some reasons good other times it is used with bad intentions. Like port sniffing packets with a specific MAC address. Read more »

Back in the day there used to be a program called lophcrack that was fairly good at cracking Windows passwords. Fortunately it wasn’t very effective for cracking strong passwords. Today I ran a newer cracking program on my computer called, ophcrack. As some of you know I tend to have extremely secure passwords contain numbers, letters, and other special characters. Not only did ophcrack find my password it found all but one character in my password in less than 20 seconds. That leads me to believe that it can crack pretty much any length of password in minutes. Read more »

A common assumption is that deleting or formatting a hard drive will be enough but in fact the data is still recoverable. In fact is fairly trivial and the process is quite easy to restore them. For this reason security is a great concern, especially for those who are selling or donating their old computers. I am going to show you a simple technique for erasing the entire drive. This is the same procedure that the US Government DoD uses to secure their own drives. Read more »

SSH is really not that secure by default on must Linux distributions in the default configuration. By default OpenSSH is configured to allow password based authentication (because its easier); however, script kiddies have developed scripts that can try thousands of passwords an hour. If you have a strong secure password this will usually not be an issue but if you or one of your users use a dictionary based or weak password your system can be compromised quite easily. Most of the time you have no control over the strength of your users passwords so I recommend giving them a password that is 1024 bits, also known as a private key. Since this key is stored in a text file on the users machine it is often times a good alternative way of authenticating for users that don’t want to remember passwords but still be very secure. Read more »