Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 05 2012

arik
01:16

New Blog

Blog moved to blogspot

January 02 2010

arik
21:01

December 15 2009

arik
23:22
note to myself... Always remember that security is in a first time a question of HUMANS, then process and then in the last position technology
arik
23:19
via CryptoGram

October 29 2009

arik
23:46
arik
23:39

September 11 2009

arik
17:58

September 08 2009

arik
20:05

September 05 2009

arik
00:04

http://www.wolframalpha.com/


Today's Wolfram|Alpha is the first step in an ambitious, long-term project to make all
systematic knowledge immediately computable
by anyone.  Enter your question or calculation,
and Wolfram|Alpha uses its built-in algorithms
and a growing collection of data to compute the
answer.

September 04 2009

arik
18:11

Using SELinux Kiosk Mode in Fedora 8


"The GNOME session will run as a very tightly locked down SELinux account, which can only be accessed via GDM. It is essentially authorized only to surf the web.

PAM namespace is utilized so that the session has private views of shared writable filesystem space (e.g. /tmp), while Sabayon is used to load a custom GNOME configuration.

Any local changes made by the user, such as writes to $home or their desktop settings will be lost after they log out."

August 03 2009

arik
12:25

Clonezilla

Clonezilla, based on DRBL, Partition Image, ntfsclone, partclone, and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency. At the NCHC's Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!
arik
12:18

DHS policies

On August 1, 2008, the Washington Post reported that Department of Homeland Security policies allow federal agents to “take a traveler's laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing.” [15] Further, “officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons.” [15] Senator Russell Feingold called these policies “truly alarming” and said that he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion, or national origin. [15] Meanwhile Ryan Singel of Wired.com recommended placing one's electronics and papers “in a first class U.S. mail envelope and stamp it—or even better mail it to yourself before the trip,” [16] since ‘officers may not read or permit others to read correspondence contained in sealed letter class mail (the international equivalent of First Class) without an appropriate search warrant or consent’. However, this only applies to articles in the postal system, not to letters carried by individuals or private carriers such as DHL, UPS, or FedEx. [17]


http://en.wikipedia.org/wiki/United_States_v._Arnold

July 29 2009

arik
12:24
#############################################################################
[+] PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
[+] Discovered By SirGod
...
#############################################################################
- PoC : http://127.0.0.1/[path]/login.php?login_ok=1

login_ok=1 ... the most stupid auth bypass I've seen in years

July 26 2009

arik
22:05
Pdf tools

origami is a Ruby framework designed to parse, analyze, and forge PDF documents.
http://www.security-labs.org/origami/

PDF tools :
http://blog.didierstevens.com/programs/pdf-tools/

July 25 2009

arik
20:45

iPhone Kbd cache : Cached keyboard text can be recovered from a device dating back a year or more

"And then there’s the keyboard cache: key strokes logged in a file on the phone, which can contain information such as credit card numbers or confidential messages typed in Safari. Cached keyboard text can be recovered from a device dating back a year or more, Zdziarski said."

--http://www.wired.com/gadgetlab/2009/07/iphone-encryption/
arik
20:40

iPhone 3Gs Encryption Cracked In Two Minutes


" encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes.

Zdziarski also goes on to say that all data on the iPhone — including deleted data — is automatically decrypted by the iPhone when it's copied, allowing hackers and law enforcement agencies alike access the device's raw disk as if no encryption were present. A second demonstration features the recovery of the iPhone's entire disk while the device is still passcode-locked. "


XXXXXD

July 20 2009

arik
19:09
arik
13:49
arik
13:48

Understanding the Windows EAL4 Evaluation

"An EAL4 rating means that you did a lot of paperwork related to the software process, but says absolutely nothing about the quality of the software itself. There are no quantifiable measurements made of the software, and essentially none of the code is inspected. Buying software with an EAL4 rating is kind of like buying a home without a home inspection, only more risky. "

"In the case of the CAPP protection profile, there actually isn't much point to doing anything better than a low-confidence evaluation, because the requirements set itself is very weak. In effect, you would be saying "My results are inadequate, but the good news is that I've done a lot of work so that I can be really sure that the results are inadequate.
"

"Security isn't something that a large group can do well. It is something achieved by small groups of experts. Adding more programmers and more features makes things worse rather than better. Microsoft has been adding features demanded by their customers for a very long time. "
arik
13:44

A new fascinating Linux kernel vulnerability


"In other words, the compiler will introduce the vulnerability to the binary code, which didn't exist in the source code."

"There are some other highly technical details here so you can check your favorite mailing list for details, or see a video with this exploit on YouTube at http://www.youtube.com/watch?v=UdkpJ13e6Z0. Brad was able to even bypass SELinux protections with this and LSM.
"
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl