Articles in category “Information Security”

FiSH IRC Encryption

A few friends and I have been playing with IRC encryption courtesy of FiSH.  This extremely simple program is a plugin for irssi, XChat, and mIRC and provides symmetric encryption for channels and asymmetric encryption for private messages.

While not really useful for open source project communication it might be …

Continue reading…

HTTPS-Everywhere

The other day I found myself reading about a new Firefox plugin that will automatically select HTTPS for various websites (and you can make your own rules, too).  The plugin, created by the EFF, is named HTTPS Everywhere.

Basically it knows that there are several popular websites out there that …

Continue reading…

Privacy risk in your email client?

That was a switch in my email client Thunderbird 3 that I did not have checked because I wasn't sure what it was doing and I certainly didn't want my Inbox to be cleared every time I exited the software.  So I decided to do a search for it to …

Continue reading…

Protecting your email from disclosure

Climate talk, Alaska government business, and Dave Briggs. What do these three things have in common?  Each of these subjects had more light shown on them by someone cracking email messages and releasing those messages to the public over the Internet.  Of course there are many more of these events …

Continue reading…

Expiring OpenPGP keys...

A discussion was had on one of the Fedora IRC channels months ago about the "proper" way to handle expiring GPG keys without breaking the web of trust. It was my opinion that by generating new keys every so often (yearly?) that it would increase the security of the overall …

Continue reading…

Securing Instant Messaging

More and more sensitive communications are occurring over unsecure instant messaging (IM) systems. These messages go through a third-party and can be read anywhere along the way. An easy, open-source solution does exist to help protect these communications, however.

First you need the IM client called Pidgin. This client works …

Continue reading…

Plaintext Recovery Attack Against OpenSSH

http://isc.sans.org/diary.html?storyid=5366

SANS Internet Storm Center is reporting an attack against OpenSSH. Please go to the link above for more information as they are posting updates there.

Continue reading…

Open Source down falls when dealing with the US Government

I don't hide the fact that I am a contractor to a few US Government organizations and deal specifically with security issues. As such, I'm asked if I'm seeing any open source or Linux items in my daily work. Unfortunately the answer is always "not as much as I'd like …

Continue reading…

SANS ISC goes to YELLOW: SSH vulnerability

SANS Internet Storm Center has raised the Internet Threat Level to YELLOW in response to a report of a SSH vulnerability on all Debian-based systems that generated SSH keys between September 2003 and 13 May 2008.

Continue reading…

Internet Backbone Outage Reported in the Middle-East

SANS Internet Storm Center is reporting that possibly several under-sea cables have been cut near the coast of Egypt. Several countries in that area have reported slow connections or complete packet loss. India is experiencing a 50% packet loss at times due to all their traffic having to flow out …

Continue reading…