Linux Hardening

From a compliance perspective, organizations need to have a hardening standard derived from an authoritative source with solid engineering-based reasons of why we depart from any of the recommendations.  Most organizations use the Center for Internet Security (CIS) Hardening Benchmarks because that choice is easy to defend.  The CIS benchmarks … Continue reading

Modify a line in wtmp – Linux Accounting

The /var/log/wtmp file in a Linux system contains data about past user logins.  An attacker may want to modify this file as one of the steps they take in covering their track.  One may also want to modify utmp or btmp as well.  This same technique can be used. The … Continue reading

Capture a spurious outbound connection with NETSTAT

Several years ago, I created a PowerShell script to create a log of outbound connections.  What if you need something quick and dirty and cannot use a script like that or external tools like Process Explorer, etc? Here is a batch script that runs in an infinite loop and catches … Continue reading

Timestamp bash_history with every command

When working on Linux it is often very helpful to review the commands that you have entered.  For example, you may want to paste some of the commands into a script or may want to recreate the steps to solve the problem you were working on. Here is how I … Continue reading

Has SHA-1 been hacked?

No, not exactly.  The SHA-1 hashing algorithm still does what it is supposed to do.  SHA-1 creates an unpredictable 20 byte “fingerprint” of the data input into the function, in this case a web server certificate.  It is the unpredictability of the output that makes cryptographic hash functions so useful.  … Continue reading

FIPS 140-2 in a Nutshell

  The US Federal Government requires that its agencies protect sensitive, but unclassified information using cryptographic modules that have been validated to Federal Information Processing (FIPS) Standard 140-2 “Security Requirements for Cryptographic Modules.”  This standard replaced its predecessor, FIPS 140-1.  In this context, the term “validated” means tested by accredited … Continue reading

The Trust-Value Equation

  “I must trust that the benefit that I gain from using your service exceeds the concerns (Fear, Uncertainty, and Doubt) that I have about using it.” Benefit can be thought of as a ratio of utility to unfriendliness.  No matter how user-friendly an application is, if a customer gains … Continue reading

The Encryption Magic Bullet

This post is a response to a variety of discussions that I have had lately with a variety of customers, executives, salespeople, and even engineers that are working on security projects for a variety of companies.  Sometimes, it seems, that encryption is positioned as the “Magic Bullet” that will cure … Continue reading

Are BitTorrent Pieces 250Kb Long?

I was researching BitTorrent and noticed in the Specification that it said that the typical length of a Piece was 250 kilobytes long.  That made me curious so I decided to perform some quick research to determine the extent of variation. First, I modified the BitTorrent Parser that I had created previously … Continue reading

HTTPS: Is it Possible to Forge a Web Server Certificate?

Yes, it is possible in theory to forge the Web Server Certificate that is used in SSL/TLS communication. This is because the certificate is signed by a certificate authority that your browser trusts using a cryptographic hashing algorithm of a specific length. The hashing algorithms that have been used to … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.