I’ve just been looking at a nice new tool called sysdig, which seems to be really useful for analysing and troubleshooting on production systems. There’s a great blog post by Gianluca Borello, detailing how he set up a number of honey-pot servers with poor passwords, and then captured system activity with sysdig, showing exactly how his server was compromised, and what the hacker did at each stage. The level of detail he was able to garner is astounding, and I can see how powerful this tool could be in the future, for any sort of troubleshooting where it’s not clear exactly what has happened/is happening on a system.

Old Article Comments I exported these from my old wordpress blog, so they are a bit out of date, but I thought I’d keep them around for posterity. [billjonesgeneralstore] - Nov 5, 2013 Reblogged this on You Better Watch Out.

An excellent and informing interview with the founder of the Lavabit email service, who was recently involved in a legal case with the FBI, who attempted to force him to hand over SSL encryption keys. This was of course the email service used by Edward Snowden, so attracted a lot of attention. There’s some really interesting technical stuff in here, specifically about the value of perfect forward secrecy in HTTPS encryption, which he wasn’t using, and how he protected his user’s data, in many clever ways.

There’s a new piece of ransomware in the wild, called Cryptolocker. It’s a nasty piece of software that uses public/private keypairs to background encrypt all your documents and files, and then helpfully let you know it has done it. Then - you will be asked to pay $300/€300 to unlock your files. If you don’t, you will lose the key to decrypt them, and then lose all your files. Not only that - it also encrypts shared drives, such as on your business network.

Distruptive technologies ocassionally come along which can make a big difference in computing. Something in the early days which I heard about last week was the SQRL authentication proposal by Steve Gibson. This proposal aims to address the extremely big problem of user and password authentication across the internet. This is a huge and annoying problem for all internet users - you must try to come up with secure passwords, whilst giving passwords to many different parties, some of who you can trust, and some of whom you can’t.

Do you have an Android phone? Some interesting news I read this week was that an innocuous (on by default) setting on Android phones can save your Wifi passwords on Google’s servers. It also backs up all your app settings, bookmarks and so on. This isn’t that worrying - it could be considered a useful feature. However, the worrying thing is that these plain-text passwords aren’t encrypted using your account details - they are available in unencrypted form to Google employees.

I found some interesting old news, back from 1999 that someone posted a link to in the SecurityNow newsgroups. I’ve recently started listening to this podcast - it’s a brilliant way to keep up with computer security news, and I feel a lot more informed having started to listen. http://www.heise.de/tp/artikel/5/5263/1.html http://www.heise.de/tp/artikel/2/2898/1.html The articles were to do with NSA back doors in several pieces of software, Microsoft Windows and Lotus Notes. Both of these were verified back in 2009 by security researchers by reverse engineering software.

Is it a crisis? The latest news from the NSA snooping debacle suggests it is. If they have the means to deliberately insert vulnerabilities into well known encryption standards and circumvent others, then what were previously thought to be secure connections, to banks, email providers and search engines, may not be anymore. Bruce Schneier issued somewhat of a call to arms yesterday, asking the engineers to look at how to resolve these problems, and reegineer the internet to our own needs once again, rather than those of some faceless security services personnel, somewhere.