I.T. Security and Linux Administration


July 31, 2014  6:28 PM

5 Languages for the Next Years

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://news.dice.com/2014/07/29/5-programming-languages-youll-need-next-year-beyond/

As someone who is looking to start really breaking into the software engineering/programming field, this is a must read article.  Which, most don’t surprise me (web 2.0 movement and everything around me needing PHP).

July 31, 2014  6:25 PM

Python Better than Java?

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://cacm.acm.org/blogs/blog-cacm/176450-python-is-now-the-most-popular-introductory-teaching-language-at-top-us-universities/fulltext

While its more objectionable than anything, the statistics still prove that Python is getting more love than Java now.  Which makes sense.  I wouldn’t have been surprised if it would Ruby, but Python has more English-based syntax, which makes it easier for beginner programmers to work with.


July 31, 2014  6:23 PM

PHP with formal spec

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://news.php.net/php.internals/75886

This will make projects that branch off of PHP still maintain compatibility (as much as possible) with one of the most well-known server scripting languages out there, PHP.


May 31, 2014  5:50 PM

User-mode kernel code??

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Its finally possible!  At least in Python.

KPlugs (http://www.kplugs.org/) is a Python module that allows people to access data inside of the kernel itself, usually unheard of unless you write a crafted module or other driver.

The security aspects of this is interesting, and I haven’t really looked at it enough to tell if its actually safe to use in practical purposes, but its still an interesting tool to use.  Especially with the rise of scripting languages and yet not being able to run them beyond user level, this could potentially lead to a better advantage in making that happen.


May 31, 2014  5:47 PM

Encrypted Persistence

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

This isn’t old technology, in that persistence has been around for a good few years, but now Kali Linux is offering it in encrypted form.

http://www.offensive-security.com/kali-linux/kali-encrypted-usb-persistence/

Persistence in this from is basically a way for live USB-ran distros to keep data that was created/modified while running from the USB.  While I never use this feature, it is nice to have if you’re an on-the-go kind of person.  The added feature of encryption has been long over due and one of the reasons I have never used persistence to begin with.


May 31, 2014  5:44 PM

XSS Game

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

Google has released an XSS game to showcase what and how XSS (cross site scripting) works. You can view it here: https://xss-game.appspot.com/ and its pretty fun, actually. Reminds me a lot of WebGoat but a lot less intense.


May 31, 2014  5:43 PM

R.I.P. TrueCrypt

Eric Hansen Eric Hansen Profile: Eric Hansen
Security

http://truecrypt.sourceforge.net/?

This marks the end of an era with TrueCrypt ceasing operations.  Granted, it was nothing more than a distant memory for the longest time as better solutions came around, at least on Linux, such as dm-crypt. Its still sad to see this day come since I’ve used TrueCrypt a lot from the moment I got into IT a good 10 years ago.


April 30, 2014  9:47 PM

Lavabit bit the dust…again

Eric Hansen Eric Hansen Profile: Eric Hansen

http://www.bbc.com/news/technology-27063369

For those who aren’t familiar with Lavabit, it was a service that offered encrypted email service that got cease-and-desist sort of letters form the government once the Edward Snowden event happened.  This was mostly a “we want those emails, give them to us!” email, which Lavabit eventually said “you want all?  you have none!”

Not really sure what they expected, though, when the US system is what caused the issue to begin with.


April 30, 2014  9:42 PM

Google Hacks reCAPTCHA

Eric Hansen Eric Hansen Profile: Eric Hansen

http://www.theinquirer.net/inquirer/news/2340691/google-accidentally-cracks-its-own-captcha-verification-with-maps-algorithm

This is the problem with “improving” features.  You make a change in one spot of the code and you break a million other things.  Though I think it is admirable that Google admitted to this issue.  Now to just hope they fix it so they don’t end up like AOL…


April 30, 2014  9:36 PM

Strong Push to Pure-SSL?

Eric Hansen Eric Hansen Profile: Eric Hansen

http://www.wired.com/2014/04/https/

Should the entire Internet be encrypted?  No.  I don’t see the point of encrypting a website about my neighbor’s dog, for example.  Do I think it should be enforced/mandated for sites that hold sensitive information?  Most definitely.

I think this heartbleed thing has blown things out of control a little too much.  We need to fix the issues we have now before we mandate a whole new list of rules.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: