I figured out how to set up an encrypted partition on Ubuntu the other day. There are a bunch of ways of doing it but I found this to be the simplest. It should work on Debian too, since all the relevant packages are Debian ones anyway. In my example I’m encrypting an LVM partition (logical volume), but it should work with any device, including removable USB keys (see end notes). UPDATE: This is broken in Edgy but I figured out a simple fix, see below.
-
Encrypted partitions with Ubuntu/Debian
December 6th, 2006Tags: Debian, encryption, filesystem, privacy, Security, Ubuntu -
Referrer Securer
August 16th, 2006Tags: browser, click, epiphany, firefox, http, https, link, privacy, Security, sslDid you know that Firefox (and Epiphany) don’t send referrers when following a link from an SSL encrypted site? The target site cannot tell whether you clicked a link or typed the url in directly.
I don’t know about other browsers, but this seems like a sane behaviour.
-
Lighttpd and Ruby on Rails: Secure and Fast Downloading
March 16th, 2006Tags: http, lighttpd, performance, SecurityWhen controlling access to files on a webserver developers often use the web application itself as a file server. The request comes in, the script checks for some session authentication variable or something, then streams the file from disk (hopefully from outside the webroot) to the browser.
The problem with this from a performance standpoint is that a thread/process of the web application has to be running for the entire duration of the download. With a busy webserver serving many concurrent downloads, this is an immense overhead. The web server itself should be orders of magnitude faster at serving files directly than via a web application, but you can’t just stick the files in a different directory and hope nobody finds the secret urls. The new web server on the block, Lighttpd, has some clever solutions for this problem.
Read the rest of this entry » -
Identity Project Status Report- Homeoffice misdirection
January 16th, 2006Tags: economics, government, home office, id card, idcards, identity, lies, lse, Security, uk“We are extremely concerned at the ongoing culture of secrecy endemic in the planning of the identity cards proposals. The Home Office has conducted most of its work in a covert fashion, refusing to disclose information that would inform debate, and conducting negotiations in a closed environment. This process is inimical to the creation of trust. This situation also makes further research on the proposals impossible.”
The London School of Economics has published their latest Identity Project Status Report concerning the governments Identity Cards Bill 2005.
The last report was immediately damned by the Government at every turn in what can only be described as behaviour of the intensely insecure. Why are the Government so insecure about the details of their Bill?
-
Black Hat, Amsterdam
March 29th, 2005Tags: amsterdam, blackhat, ibm, laptop, SecurityI leave for Amsterdam on Wednesday where I’m attending the Black Hat Briefings. I was at DefCon in Las Vegas a few years ago so I’m interested to see what the BHB are like in comparison. I hope it’s not just a big ugly advertis-a-thon. I’m there for a few days courtesy of work and will have photies to post when I get back I expect.
My new Laptop arrived today too (not got it in my hands though). The ickle IBM Thinkpad X40 is very portable, but I’ve been using it for more of a desktop replacement than a portable troubleshooter, hence the new Viao one. Big 17inch widescreen LCD, crazy CPUness (for Doom3 and Half Life 2 fun), and 1G RAM. I expect it’ll weigh more than two Terri Schiavos* but I’m a big guy.
* - Please note: topical reference.
-
grsecurity and selinux
September 28th, 2004Tags: grsec, linux, Security, selinuxI’m playing with the grsecurity patches for Linux. Unfortunately 2.6.8 changed in a way that causes major headache for the grsec team, so no planned release date for a new patch. Having some problems with strange enforcements of rlimits, potentially linked to the rlimit auditing code. I’ll hopefully get time to tinker with SELinux too.
-
New GPG key
December 17th, 2003Tags: gpg, pgp, SecurityI’ve updated my GPG key. I’ve added a new encryption key as my old one expires in Jan 2004. I also removed an old, irrelevant, signature. Update your keyrings people.
-
horribly ported
April 26th, 2003Tags: bugtraq, coding, linux, Security, sploitMy port of that pptpd exploit to Linux was apparently so horrendous that it prompted ‘r4nc0rwh0r3′ of ‘blightninjas’ to take the time to do it properly. In my defence, the original code really sucked, and I myself only needed the testing part to work (which seemed to work for me). It also compiled fine for me with gcc 3.2.3 (worksforme(tm)). And I in no way proclaim myself to be a good C programmer! Anyway, my laziness and lameness was thoroughly ridiculed by them here. Find their own fixed version here. At least I got my name on Bugtraq. Roll on fame and the big dollar.
John Leach is a human being living in Leeds, UK.