Create a backup of your data NOW!

Do yourself a favour today and create backups of everything important you have. Today. Now!

I have probably just had the few most horrible minutes of my life or so. My laptop went down with a loud bang, the fuse for my living room was burnt through (oh, I removed the batteries from my laptop long ago, so this means 'no power == no laptop' for me) and my last backup was done way too long ago.
Fortunately (or I would not be writing this), my laptop is still alive and well (it seems), but now there's one thing I'll need to do right now: MAKE BACKUPS!

BFBTester and other Auditing Tools

I tried out the nice bfbtester tool (Brute Force Binary Tester) today, which performs checks of single and multiple argument command line overflows as well as environment variable overflows and thus helps in finding possibly insecure software (and fixing it, of course).

A few minutes ago, I stumbled upon a very similar post by Nico Golde, who blogged about bfbtester today, too.

I'll probably post a slightly longer article eventually, listing some more tools for checking and auditing software (either black-box style using bfbtester or similar tools, or white-box style, i.e. tools which scan the source code of the software being tested, like rats, flawfinder, pscan etc.).

The Debian Security Audit Project (which I have joined recently in order to help a bit with auditing Debian packages) has some more information about a few Security Auditing Tools.

OpenSSH 4.0 released

Probably one of the most important security-related tools, used on a daily basis by many people, has been updated. The new OpenSSH 4.0 has been released a few days ago.
Among the usual bugfixes are also some nifty new features. IMHO a very nice thing is the new (optional) hashing of host names and addresses added to known_hosts files. This improves your privacy, as the list of hosts you connected to in the past, is not easily visible in plain-text anymore.

Your garbage can is spying on you!

Yes, 1984 seems a lot like a reality. Nowadays even your garbage cans spy on you.

Securing Apache Checklist

I have just created a small checklist in my security section about how to secure an Apache webserver.
Note that this is work in progress and will be improved as my time permits. Any comments or suggestions are highly welcome, though.

Syndicate content