You are currently browsing the category archive for the ‘Security’ category.

Top marks has to go to Deutsche Post for their new “E-Postbrief“. Essentially you get an address which “..consists of a first name and a surname and the ending @epost.de” and if there’s an address collision… wait for it…  “a number behind the surname prevents confusion when two people have the same surname. Anyone who registers quickly can secure the number he wishes”.. right so exactly like every free email account then. But don’t worry as getting an account requires the use of the German national ID or passport, which is fair enough, at least then you’ll know the Ulli.Winkler347 is in fact the right one, assuming his identity hasn’t been stolen that is (although Germany only suffers 3% apparently).

All this has lead to the rather dubious claim that “anonymous e-mails, spam or address theft are impossible with the E-Postbrief”. Interesting as I just got a bunch of junk in the mail today, I know all of the companies involved as it’s clearly their advertising departments who sent it to me. Just because I know who sent it doesn’t make it any less annoying! It seems the big push is to have a legally binding document that can be sent electronically, which is a valid idea I suppose although in many countries email is legally binding. The big issue here is they are charging 55 cent per message, you have the option to have it delivered by hand and printed at the other end. They save a lot of money not hauling paper about (good for the environment), yet still charge you close on the price of a first class stamp.

Clearly no one in Deutsche Post has heard of GPG/PGP… no? Oh well. If it’s printed out at the far end what stops someone reading the printout from within the Post system?

I guess the last thought we should leave is “whether our letter is in physical or digital format, it is based on a high-quality service from one single source. And it’s very attractively priced as well.” A vital service from a single vendor……what could go wrong?

Advertisements

Last week I found a truly excellent tool for adding, modifying and managing user in Active Directory from Linux. It’s in Ubuntu

sudo aptitude install adtool

For a better guide in setting it up Vide has a great one over at his site.

One thing that got me though, you have to make sure your /etc/ldap/ldap.conf file is set up correctly, which should have been obvious but it stumped me for a while (necessary to allow setting passwords etc.)

Make sure you have the following in your config:

BASE    dc=ad-servername,dc=example,dc=com
URI     ldaps://ad-servername.example.com
TLS_REQCERT allow

This allows you to correctly receive the SSL certificate from the server, otherwise you’ll get an error like this:

bind: : Can’t contact LDAP server (-1)

And hey presto you can avoid using MMC to manage users. 🙂 And if you combine it with wmic ….. happy days !

It’s my one year aniversary of not touching a Windows machine (I used to use them in work) but having started developing again I know get to work from home using my Linux machine… and I’m thankful for it ! I don’t fancy being part of either the Russian Mafia, Chinese Military or the soon to be US Air Force Botnet… Thanks guys but no.

Ask Not What Your Country Can Do For You.. But What Your Computer Can Do For Your Country

Bruce Schneier Chimes In : Unfortunalty it seems they do want to use public machine…I guess it’s a wait and see. Question will they team up with the AV vendors to allow it as a “legitimate” virus like what happened with Sony’s Rootkit.

I’ve been struggling (albeit not spending too much time) working on an issue on a Gutsy Server problem I’ve had. From one day to the next my SSH logins started asking me for a password. I had set up password-less logins with SSH keys.

In the logs I kept getting:

Authentication refused: bad ownership or modes for directory /home/username

It should have been a clue really… I checked and double checked that $HOME/.ssh might not be set to 0700, or the authorized_keys file might not be set to 0600. No joy… But the clue was really in the error. It was the ownership of my entire home directory, which although the owner is me and the group is also my username it apparently wasn’t good enough.

So chmod 700 /home/username fixed it…

Annoyingly easy !

UPDATE: Check no one has added themselves to your group in /etc/group… yep it’s a *special* account used by a couple of us, and one of the guys had added his own account to the group… tut tut 😉

That would explain the “Working From One Day To The Next” scenario !

I get my internet via Neuf Telecom here in France. During a recent upgrade I discovered that my router now had a new totally open/unsecured SSID of “neuf”. Anyone using this can get free internet from my connection. These users are totally walled off from my network (assuming no code problems!) and can do whatever they want. It seems folk in the UK will be getting a taste of this soon.

It does make me wonder, what happens if someone downloads child pornography, breaks into a banks computer or even downloads copywrited material over my connection. Am I liable… hardly !? Is it a sly way for Telcos to protest to the obligation of having to keep records for over a year…..they’d be rendered pretty useless with an open access point.

Anyway it’s a very good idea in my opinion (assuming my neighbour hasn’t got the Police racing to arrest me as I write this), the internet should be as freely/easily accesible by whoever as possible (I’m not condoning illegal practices) although I wish my neighbour had it before I got internet and I could have just leached off of them ! *sigh* 😉

  • IBM’s New Security Spaces Site