I.T. Security and Linux Administration


August 31, 2014  7:13 PM

Is Anti-Virus Dead?

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

This is an interesting topic to discuss.  There’s still a lot of companies that enforce anti-virus procedures (and after working help desk I can see why).  However, is there an actually real need for it?  I proclaim not really.

Anti-virus software in itself is a scare, in that they provide “facts” (some true some fabricated) about infections and that you should install the software to stay safe.  Some also bundle other features too like a firewall.

Just know what and where you browse online.  If you’re looking for images of kitties, and you come across a “super_adorable_kitty_sipping_milk.exe” you should know its fake.  This is also where knowing how to use your operating system comes in handy.  Disable the “hide extensions on files” feature if it exists.

August 31, 2014  7:09 PM

Tor Browser Insecure?

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Not much of a shock, but there’s been some news lately about how Tor Browser is not exactly that secure (http://threatpost.com/tor-browser-hardening-features-under-scrutiny/107839). Well, forks tend to deviate from the original system, which can be good or bad. Do I think this is something to be overly concerned with? Nope, not at all. How many of us use Tor Browser to deliever leaked wires or anything of that nature, after all?


August 31, 2014  7:03 PM

Netflix Open Sources Tools

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Netflix has opensourced some of their network monitoring tools (http://techblog.netflix.com/2014/08/announcing-scumblr-and-sketchy-search.html). While htere’s a plethora of them available its nice to see how Netflix handles security issues themselves. The fact they built in-house tools just goes to show that there’s no tool for everyone.


August 31, 2014  6:59 PM

Key Pinning in Firefox

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Slashdot has posted an article about how Firefox, in version 32, is going to support key pinning.  This essentially is public key authentication for websites.  Firefox will ship with a list of known websites and their key signature/public key.  This is to help reduce the risk of man in the middle and fraudulent certificates.  Though, its not going to support every website and I’d be interested to see how far key pinning actually is taken.


July 31, 2014  6:28 PM

5 Languages for the Next Years

Eric Hansen Eric Hansen Profile: Eric Hansen
Security


July 31, 2014  6:25 PM

Python Better than Java?

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://cacm.acm.org/blogs/blog-cacm/176450-python-is-now-the-most-popular-introductory-teaching-language-at-top-us-universities/fulltext

While its more objectionable than anything, the statistics still prove that Python is getting more love than Java now.  Which makes sense.  I wouldn’t have been surprised if it would Ruby, but Python has more English-based syntax, which makes it easier for beginner programmers to work with.


July 31, 2014  6:23 PM

PHP with formal spec

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://news.php.net/php.internals/75886

This will make projects that branch off of PHP still maintain compatibility (as much as possible) with one of the most well-known server scripting languages out there, PHP.


May 31, 2014  5:50 PM

User-mode kernel code??

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Its finally possible!  At least in Python.

KPlugs (http://www.kplugs.org/) is a Python module that allows people to access data inside of the kernel itself, usually unheard of unless you write a crafted module or other driver.

The security aspects of this is interesting, and I haven’t really looked at it enough to tell if its actually safe to use in practical purposes, but its still an interesting tool to use.  Especially with the rise of scripting languages and yet not being able to run them beyond user level, this could potentially lead to a better advantage in making that happen.


May 31, 2014  5:47 PM

Encrypted Persistence

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

This isn’t old technology, in that persistence has been around for a good few years, but now Kali Linux is offering it in encrypted form.

http://www.offensive-security.com/kali-linux/kali-encrypted-usb-persistence/

Persistence in this from is basically a way for live USB-ran distros to keep data that was created/modified while running from the USB.  While I never use this feature, it is nice to have if you’re an on-the-go kind of person.  The added feature of encryption has been long over due and one of the reasons I have never used persistence to begin with.


May 31, 2014  5:44 PM

XSS Game

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Google has released an XSS game to showcase what and how XSS (cross site scripting) works. You can view it here: https://xss-game.appspot.com/ and its pretty fun, actually. Reminds me a lot of WebGoat but a lot less intense.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: