This is worth reading.

Update: The Debian people created a website with instructions to rollover keys. And there’s also a Perl script for testing SSH servers an other packages for vulnerabilities.
Update 2: Bruce Schneier jumped in. And here is a xkcd cartoon and some source.
Update 3: Here are some useful tips (in German).

Posted in Linux, Security No Comments »

I have never used personal firewalls on my computers. And I really tend to refuse such piece of software. Maybe it’s related to my habit not to work on Windows over the last years, but I generally think you don’t get any advantages from personal firewalls. Why?

They add complexity, which is bad for security,
they have [...]

Posted in Security No Comments »

Just found some interesting quotes from Bruce Schneier’s book “Beyond Fear: Thinking Sensibly about Security in an Uncertain World”. I really like this one:
“Anyone can understand security. The people who think they know best, and the people who think they ought to, would have you believe that security is like quantum mechanics or brain surgery, [...]

Posted in Books, Security No Comments »

One of the best books in the security engineering field is now available in its second edition. The first edition ist entirely free for download and you can even download some chapters from the latest edition.

Posted in Security No Comments »

Bruce Schneier had a good article the other day: The Feeling and Reality of Security. I also recommend this one (from the comments) and an older article which is quite informative. We are all much to sensible regarding the security of our children and get the risks wrong. E.g. in former times kids had much [...]

Posted in Security No Comments »

After reading this article on The Daily WTF I found Mike Andrews’ blog post that said it all.

Posted in Security, Web No Comments »

SANS has a report about an attack that for example caused the latest outage of the Austrian WKÖ website. The WKÖ website was carrying Chinese malware at least for one hour and they are titling “Hackerangriff erfolgreich abgewehrt”?
Do they know what the German word “abwehren” means? I don’t think so.

Posted in Hacks, Security, Web No Comments »

I had a lot of problems with an Asterisk BPX behind NAT. Asterisk dropped all incoming calls after 20 seconds because of an unanswered packet. This is a well known problem when NATing Asterisk, but even Google does not provide any solution. This single problem drove me nuts last friday when I tried all possible [...]

Posted in Random, Security, Software No Comments »

This is no fun and it shows the importance of building security into almost everything digital today.

Posted in Hardware, Security 1 Comment »

Hybrid buses in San Francisco have a power switch that can be accessed easily through an unlocked panel on the outside of the bus. Tsss …

Posted in Hardware, Security No Comments »