Facebook for all the lack of privacy controls and bad press, does in fact keep an eye on users. A few times since I started connecting to their jabber chat service through Tor I have been greeted to the following screen. I enjoy seeing what all nodes exist for exiting the Tor network, but wonder about the correlation possible. All the same I thought it was interesting for geek fodder: ...
There is a skit on SNL Weekend Update where Seth and Amy read the headline to a news story with one of them following the other with “Really?!” That is my reaction every time I begin to think about mobile phone security. The darlings of our open-source world, the ones us geeks carry around on our belts, well…they fall short. In light of the police now being able to search your phone without a warrant, I decided to do a blog post on how-to protect yourself. Now I find myself asking the giants of Tech, REALLY!? Lets run through the major mobile phone platforms and see which ones encrypt data: ...
There was recently a study that found when people knew that they were taking a placebo, it still helped. The common idea in the past was that you could utilize placebos for controlled studies only if the patient didn’t know. The mere act of going to the doctor, taking a pill, etc. meant that the mind was tricked! Being a security geek this struck a cord with me. Listening to vendors and ISSO/ISSM about their secure implementations it occurred to me that the medical world was playing catchup to infosec: ...
With the release of 3.0.1 of BitlBee you can now chat from your favorite IRC client with the peace of mind that your protected. Since the OTR portion is still very new I wanted to put together a quick howto. I am going to assume you are running Debian Lenny (sid has 3.0.1 in the packages already) and that you really are a security nut: Download source from http://get.bitlbee.org/src/bitlbee-3.0.1.tar.gz sudo apt-get install libotr2-dev libotr2-bin ./configure –prefix=/usr –otr=1 make make install make install-etc Done! Now once you start bitlbee (/etc/init.d/bitlbee start) for the first time it will generate your OTR keys. I am going to assume that you are going to use the Question and Answer verification for OTR keys. With our other secure buddy we do the following: ...
2 days straight now on IRC (##security on irc.freenode.net if you want to say hi) I have had to help someone compiling a program deal with it failing mid-stream. This is especially prevalent on security packages like fuzzers and such. First, what is stack protection? Buffer Overflow Protection In software, a stack buffer overflow occurs when a program writes to a memory address on the program’s call stack outside of the intended data structure; usually a fixed length buffer.[1][2] Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than there was actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. This type of overflow is part of the more general class of programming bugs known as buffer overflows.[1] ...