Home

Posts

FrontPoint and Alarm.com – The Digital Security Eval

Most of the folks using the GE Simon XT for their home security systems are amazed that they can use their Android, iPhone, or Blackberry to remotely lock their homes. I was curious as to what was actually being passed. I loaded my OpenWRT router with tcpdump and did some basic dumps on a br0 interface to see what all was being passed. A few quick points: ...

March 18, 2011 · 3 min · Nick

Why is my /dev/sda missing?!?!

I am in the midst of testing some of the latest Linux kernels and realized that my old kernel config was wiped. In my desire to finish the build I forgot to select a VERY important option if you are using dm-crypt and LUKS. If you cannot access your /boot then there is no way to upgrade your kernel. Chicken and egg issue. Another issue maybe that you lost your /dev/sda1 or other nodes due to udev overtaking. Here is the fix in the situation: ...

March 12, 2011 · 1 min · Nick

Debian Server vs. Ubuntu Server

Lately I have had a few requests for my thoughts on using Ubuntu Server. For me the real question at that point is why use Ubuntu server over Debian? ———- I have used Ubuntu server a good bit and while I appreciate the effort, I am not sure I agree with it. What I mean by this is that Ubuntu is based on Debian testing/unstable. Every LTS (Long-term Support) release is guaranteed to be supported for 3 years on the desktop/5 for the server. Knowing that is in essence just Debian under the hood, why go with Ubuntu? ...

March 11, 2011 · 4 min · Nick

Tor != VPN – A Simple Explanation

Shameless exploit of meme I know... I can’t take it anymore! I lurk on irc.freenode.net and /r/netsec and have seen a few too many mornings now that some person is safe, they used Tor. There is a big misunderstanding in what Tor actually does and protects. Here is my log in the fire to help explain the technology. Lets start with the basics… ...

February 22, 2011 · 4 min · Nick

Geolocation and Force Protection

OMG THIS DUDE IS AT THINK COFFEE! Sometimes we get a little too focused in on what the root of a vulnerability is. I find myself thinking this a good bit with the advent of geolocation tagging and “check-ins” as the security world runs around with hair on fire. Rather than accept that our tools and users will be GPS connected and tracked, we take the extreme of labeling it all bad. By doing so we have removed what is a valuable tool to our folks. We can all agree that geolocation unfettered is a bad idea, but can’t we agree that geolocation in and of itself is not? ...

February 20, 2011 · 6 min · Nick