Linux

This post will serve to upset both sides of the coin. Apple users wondering why I would load an inferior OS Linux users wondering why I spent all that extra money on Apple Hardware I am going to skip the religious battles over OS and platform and say that if you happen to have loaded Linux on a piece of Apple hardware this post is for you. One of the first problems you will find is that your Alt+Tab doesn’t work as expected. If you follow the instructions your Command and Alt keys will work as you had hoped with the Apple Keyboard: ...

Earlier posts outlined howto utilize OpenSC to ensure your CAC worked in Linux or Mac. The problem is that there are new 144k CAC being passed out that do not work with the current coolkey or OpenSC toolsets. What is a happy Federal employee to do?! First you need to find a Windows computer that can access the https://software.forge.mil In a strange turn of events you will be unable to download the software necessary for your true platform of choice to access the software. Its a chicken and egg problem… ...

With the release of 3.0.1 of BitlBee you can now chat from your favorite IRC client with the peace of mind that your protected. Since the OTR portion is still very new I wanted to put together a quick howto. I am going to assume you are running Debian Lenny (sid has 3.0.1 in the packages already) and that you really are a security nut: Download source from http://get.bitlbee.org/src/bitlbee-3.0.1.tar.gz sudo apt-get install libotr2-dev libotr2-bin ./configure –prefix=/usr –otr=1 make make install make install-etc Done! Now once you start bitlbee (/etc/init.d/bitlbee start) for the first time it will generate your OTR keys. I am going to assume that you are going to use the Question and Answer verification for OTR keys. With our other secure buddy we do the following: ...

2 days straight now on IRC (##security on irc.freenode.net if you want to say hi) I have had to help someone compiling a program deal with it failing mid-stream. This is especially prevalent on security packages like fuzzers and such. First, what is stack protection? Buffer Overflow Protection In software, a stack buffer overflow occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure; usually a fixed length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than there was actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. This type of overflow is part of the more general class of programming bugs known as buffer overflows.[1] ...

During my Air Force days I was involved with the roll-out of the “CAC” for Air Mobility Command at MacDill. No one could understand why the military would put so much time and money into giving all personnel new ID Cards and equipping machines with readers that did nothing at that point. The main feature back then was that when you removed your CAC your machine would automatically lock. Well, that or you would just leave your CAC at work and need to call a coworker to come retrieve you from the gate. What I failed to understand back then was that Multi-factor Authentication (MFA) was something fundamentally needed for our nations and armed forces security. This should have been apparent and clear to me as I scattered around some of the bases most secure locations to find mission essential passwords affixed to stickies on the monitor. ...