background preloader

IT Security

IT Security

Introduction to Strong Cryptography One thing that amazes me is that the most developers are not familiar with strong cryptography. In my career, I’ve seen all sort of mistakes that lead to leaked data, guessable passwords, unfortunate disclosures, and worse. The nice thing is, you don’t have to understand the ridiculously complex math behind the algorithms, you only have to know the rules for using them correctly. By the end of this series, my goal is to de-mystify the magic, so you can start using the primitives in your code right away! But first, when I say Strong Cryptography, what the hell am I referring to anyway? Strong cryptography or cryptographically strong are general terms applied cryptographic systems or components that are considered highly resistant to cryptanalysis. One thing I’ve seen repeatedly done is that developer ‘invents’ a cryptography scheme for a particular purpose. -Jonathan on cryptography. Any ideas?

Building a NAS Server After reading a review of the Drobo FS, I became obsessed with network attached storage (NAS). I realised that a NAS device would neatly solve a couple of long-standing problems I hadn’t got around to fixing: data backup and data organisation. This post will explain how I picked the hardware and software for my NAS. To buy or to build? The Drobo FS itself, while a compelling product, is expensive. There are also some worrying stories of problems with poor read/write speeds, noise, and the slightly ropey client software. Nevertheless, maybe you run a small business and prefer to think of a NAS as an appliance – something that has a warranty and a customer support email address. Hardware I guessed that 4 x 2TB hard drives with single-drive redundancy would suit me, leaving a usable space of around 5.5TB. …totalling £474.87 (about 770USD). Case The case was a little expensive, but it does the job well. CPU and motherboard Temperature, noise, and power OS/software Why ZFS? Self-healing data FreeNAS

CEH | Certified Ethical Hacker | Etik Hacker Super User Blog SSL MITM Proxy Description mitm-proxy is an Java-based SSL proxy that acts as a "man in the middle". In other words, proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web browser) are dynamically generated/signed by the proxy and contain most of the same fields as the original webserver certificate. The subject DN, serial number, validity dates, and extensions are preserved. However, the issuer DN is now set to the name of the proxy's self-signed certificate and the public/private keys of the proxy are used in creating the forged certificate. Documents Download NOTE: this tool can NOT be used for any commercial purposes, as is, because it makes use of an educational/research version of the IAIK JCE library. Version 1.0 (April 12th, 2007) Usage The mitm-proxy requires a Java runtime (1.5 or later) and has been tested on various windows and linux platforms. Notes on the options: Credits Staff: Background:

SecLists.Org Security Mailing List Archive Main Page