Posts

With the release of 3.0.1 of BitlBee you can now chat from your favorite IRC client with the peace of mind that your protected. Since the OTR portion is still very new I wanted to put together a quick howto. I am going to assume you are running Debian Lenny (sid has 3.0.1 in the packages already) and that you really are a security nut: Download source from http://get.bitlbee.org/src/bitlbee-3.0.1.tar.gz sudo apt-get install libotr2-dev libotr2-bin ./configure –prefix=/usr –otr=1 make make install make install-etc Done! Now once you start bitlbee (/etc/init.d/bitlbee start) for the first time it will generate your OTR keys. I am going to assume that you are going to use the Question and Answer verification for OTR keys. With our other secure buddy we do the following: ...

2 days straight now on IRC (##security on irc.freenode.net if you want to say hi) I have had to help someone compiling a program deal with it failing mid-stream. This is especially prevalent on security packages like fuzzers and such. First, what is stack protection? Buffer Overflow Protection In software, a stack buffer overflow occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure; usually a fixed length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than there was actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. This type of overflow is part of the more general class of programming bugs known as buffer overflows.[1] ...

During my Air Force days I was involved with the roll-out of the “CAC” for Air Mobility Command at MacDill. No one could understand why the military would put so much time and money into giving all personnel new ID Cards and equipping machines with readers that did nothing at that point. The main feature back then was that when you removed your CAC your machine would automatically lock. Well, that or you would just leave your CAC at work and need to call a coworker to come retrieve you from the gate. What I failed to understand back then was that Multi-factor Authentication (MFA) was something fundamentally needed for our nations and armed forces security. This should have been apparent and clear to me as I scattered around some of the bases most secure locations to find mission essential passwords affixed to stickies on the monitor. ...

When Digg migrated to Microsoft for advertising a few years ago, I took a personal stand and left. I was desperate to find a home on the internet again and came across reddit.com The site spoke to me! Clean, unobtrusive, geeky, and best of all…open source. In 2007 there wasn’t as many of us around and while the community was great it pales in comparison to 2010. The diggv4 snafu has increased the communities size and the old-timers made sure to welcome them. Posts were created outlying the type of culture fostered here rather that from which they were coming. To all who joined this year…thank you…the threads below epitomize your willingness to join us in being Good Geeks. We often get a bad wrap, but for the most part we are a cheerful crowd. Here is some proof from 2010, but this isn’t even close to being the full list. Feel free to leave me comments here or on the intertubes where you found this: ...

It seems everyone is posting their review after a few days of working with the laptop. I decided to take a different perspective with the initial review. When I first started playing with ChromeOS betas a few months ago I came to the realization that this was not for me. Two things were apparent: This machine is to provide a cloud-based Thin Client. I live off servers around the world, not necessarily in the cloud. As a geek, the Walled Garden drives me crazy. “What do you mean I can’t install a SSH server?!?!?” My girlfriend on the other hand could care less about a SSH server. She finds the Mac Mini a little overwhelming at times and really just wants the internet. “Show me where the Safari icon is.” For that reason alone I found ChromeOS to be built for her. Instant On and just a web browser. ...