You thought that after the International Obfuscated C Code Contest, the Obfuscated Perl Contest, the International Obfuscated Ruby Code Contest and even the Obfuscated V contest nothing could surprise you anymore? Think again.
The goal of the annual Underhanded C Contest is to
write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.
This year's challenge: covert fingerprinting. Write a program that performs some basic image-processing operation, but hides a unique fingerprint in the image it outputs.
The submission deadline is July 10th, 2005.
(via Bruce Schneier)
There will be multiple lectures on a broad range of security topics as well as several hours per day where the students will be hacking and researching "offensive information warefare".
The course itself is free, but you have to pay and organize your hotel etc. yourself.
The FAQ, the homepage from last year's summerschool and the paper "An Offensive Approach to Teaching Information Security" (PDF) by the organizers provide more information.
I'd like to go, but I'm not sure whether I will find some hotel which is cheap enough for a poor student like me ;-) We'll see.
(via disLEXia 3000)
That may sound like a stupid idea, and many years lots of security-minded people tried to educate users not to do that. But I think they have a point. Someone who uses the Internet regularly accumulates a whole bunch of accounts and passwords for all sorts of sites, servers etc. It's simply too hard to remember all of them. Thus far I agree.
But, I don't think writing down passwords on small pieces of paper and carrying those around in your wallet is a particularly good idea. It happens too easy that you lose your wallet, it gets stolen, or you lose the pieces of paper. Not to mention all kinds of social engineering activities, which are simplified a lot by this approach...
I do propose to write your passwords down. But do it in a computer file on a box where you're the only one with an account (your home PC or laptop). Encrypt that file with GnuPG and your're reasonably safe. Every time you need a password, decrypt the file, read and use the password, then wipe the decrypted plain-text file.
No more pieces of paper - help save the environment.
I have just uploaded fw_laptop, the firewall script I use to secure my laptop and/or desktop machines (but not my servers), in the Security section of my homepage. The script is GPL'ed and work in progress. I'm happy to receive feedback and/or corrections and suggestions regarding the script.
I will publish other similar scripts for different purposes when time permits.
Linux 220.127.116.11 has been released, which fixes two locally exploitable security issues. Another similar bug has been fixed recently by 18.104.22.168.
Every Linux box with local users should be upgraded ASAP. My laptop is already compiling away happily (although I'm the only one who has an account on it of course, but you never know)...