Book Report – Little Brother

Articles
Set in mid-2000s San Francisco, [Cory Doctorow][craphound]'s Little Brother brings a tale of what can go wrong when yuo have a society that values compliance over independence. A story of technology innovation, [hacker culture][wiki-hackerculture], information sharing and data freedom all set against the backdrop of a modern-day terrorism nightmare. Cory Doctorow highlights a number of different things in our everyday world that allow other people to learn more about you, to track you and build a profile about you. These are extended to the next level in Little Brother talking about some of the what-ifs and could-bes that today's technology could allow. You can get a copy of the book [online for free][book-download], that's how the author has always released his material. Doctorow has been a strong believer in the…
Read More

Server Hardening Strategies

Articles
Staying secure is a full-time gig. It doesn't matter whether we're talking a datacentre or your smartphone, there are always steps to be taken to keep your machines and your data as safe as possible. With the increasing popularity of virtualization for applications and services and the ability for people to "roll your own" cloud comes the need to secure those machines. This becomes increasingly challenging when you consider the fact that by their very nature these machines are constantly exposed to the Internet. ### Minimize Your Attack Surface **Don't install it unless you need it** One of the best things you can do to harden a server environment is to take a minimalistic approach. Don't install components that you think you "might need" somewhere down the road, or things…
Read More

30 Podcasts You Should Be Listening To (part 3)

Reviews
![flickr-abletoven-rss-headphones](/media/blog-images/2014/abletoven-podcast-rss.jpg)In [part 1](/2014/04/30-podcasts-you-should-be-listening-to-part-1/) and [part 2](/2014/04/30-podcasts-you-should-be-listening-to-part-2/) of this series I highlighted the first block of 30 podcasts I listen to very regularly. I have listened to many of these since they began (often retroactively) and very much enjoy them. There are a lot of tech shows in here with a mix of science, food, history and popular culture mixed in for good measure. Today I bring you the final round of podcasts. I highly recommend you check out any of these great shows and subscribe to them if you're interested. ### Mac OS Ken This show is my day starter. Ken Ray brings together a concise short 10-20 minute podcast with a dose of "Apple news and news related to Apple news." Every weekday he rounds up the latest in…
Read More

Home Server Build part 4 – Remote Access (Ubuntu School)

Articles
Now that the basic server is set up and ready to go it's time to get started with the good stuff. The first thing on the priority list is making sure we know how to control the server. Being able to control and administer the server remotely is the key to being able to run the server as a [headless](http://en.wikipedia.org/wiki/Headless_system) machine. The key technology of this remote access strategy is [SSH](http://www.openssh.org/). ### SSH - Secure SHell SSH is a key technology common in all [POSIX](http://en.wikipedia.org/wiki/POSIX) operating systems. The program provides command-line terminal access to the remote system over an encrypted connection. SSH has effectively served as a replacement for telnet which provides remote terminal services, but is not encrypted. It is also possible to route traffic from your computer through…
Read More

XKPasswd – Generate Secure, Memorable Passwords

Articles
On the heels of [Steve Gibson](http://grc.com "GRC - Gibson Research Corporation")'s [Password Haystacks website](https://www.grc.com/haystack.htm "Password Haystacks - GRC"), which demonstrated how long memorable passwords can be far more secure than randomly generated characters simply by virtue of being longer, [Bart Busschots](http://bartb.ie "Bart Busschots") has created a new password generation tool called [XKPassword](http://xkpasswd.net/ "xkpasswd - Secure Memorable Password generator"). The idea of the generator is along the same lines of the original generator posted on the GRC website, but has been done as an implementation example of Bart's perl library xkpasswd -- the "xk" being a reference to [the xkcd comic which discussed the same subject](http://xkcd.com/936/ "xkcd web comic #936 - Password Strength") around the same time as the Security Now episode [talking about password haystacks](http://twit.tv/sn303 "Security Now #303 - Password…
Read More

Aftermath of a Hack

Articles
This site was hacked. While it's still unclear exactly how it happened, or precisely when, sometime in the past 6 weeks my blog, at least 2 other websites and possibly my [DreamHost](http://www.dreamhost.com/r.cgi?105113) shell account were all hacked. I'm generally a pretty security conscious person, but even I get lazy from time to time. It wasn't clear to me just how dangerous that laziness could be until this week. I'm going to outline a bit below some of the issues which may have led to my problems, and talk about the steps that have now been taken to help prevent them from occurring again in the future. ## The Problem In retrospect I can see five things I did wrong, and all of them can be traced back to laziness or…
Read More

AntiVirus software lacking effectiveness

Articles
At the recent [AusCERT 2006 Conference](http://conference.auscert.org.au/conf2006/), a survey was published by Graham Ingram general manager of the [Australian Computer Emergency Response Team](http://auscert.org.au/) (AusCERT) which discussed the effectiveness of several leading anti-virus products.  The survey states that an average of 8 in 10 threats are getting through the protection that these products provide. Some research done by ZDNet Australia's Munir Kotadia in a [series of articles](http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_antivirus/0,2000061744,39263949,00.htm) notes that the three top products (by market share) in 2005 were Symantec's Norton Antivirus, Mcafee Virusscan and Trend Micro VirusDefense.  If the survey results are accurate, or even partially accurate, that could mean that running even two of these security defense products at once may only provide a 20%-40% protection.  Not exactly a comforting thought. So where does this leave us?  Do we need to install…
Read More