flatlinesecurity.com
flatline security - Linkdrop #7
http://flatlinesecurity.com/posts/linkdrop-7
03 Nov 2014 by Curtis. OpenBSD all the things! OpenBSD 5.6 is out. Have been a huge fan of OpenBSD for years, dont get to use it as much as Id like, lots of interesting new stuff in it (and perhaps better, removed from it). Re: how secure is textsecure. Facebook, Google, and the Rise of Open Source Security Software. A commenter links to this paper on the Akami query system. How Hackers Reportedly Side-Stepped Googles Two-Factor Authentication. Also, comments on hacker news. Original post is here. What a...
flatlinesecurity.com
flatline security - Categories
http://flatlinesecurity.com/categories
13 Oct 2014 - Cloudflare's Free SSL. 12 Oct 2014 - Git Crypted. 12 Oct 2014 - Git Crypted. 13 Oct 2014 - Cloudflare's Free SSL. 13 Oct 2014 - Cloudflare's Free SSL. 14 Oct 2014 - Varnish 4.0 on CentOS 6 with SELinux. 14 Oct 2014 - Varnish 4.0 on CentOS 6 with SELinux. 18 Oct 2014 - Avoiding Information Security Antipathy. 15 Oct 2014 - Security Means Tradoffs. 18 Oct 2014 - Avoiding Information Security Antipathy. 15 Oct 2014 - Security Means Tradoffs. 06 Nov 2014 - Linkdrop #8. 01 Nov 2014 - Compromisin...
flatlinesecurity.com
flatline security - Onion Layers vs Soft Chewy Center
http://flatlinesecurity.com/posts/onion-vs-chewy-center
ONION LAYERS VS SOFT CHEWY CENTER. 23 Nov 2014 by Curtis. If youve worked at all in the information or computer security industry, no doubt one or more of the following phrases, defense in depth, layered defense, or onion layers, has come up. However, in practice, it seems to lead to a hard shell and a soft, chewy inside. Soft, Chewy Interior. What we want is for each layer to be as secure as is reasonably possible, not reduced security at each layer. What we dont. Below I have a diagram of what many org...
flatlinesecurity.com
flatline security - Ten New Open Source Security Tools
http://flatlinesecurity.com/posts/ten-new-open-source-security-tools
TEN NEW OPEN SOURCE SECURITY TOOLS. 05 Nov 2014 by Curtis. Large hi-tech companies like Google, Netflix, Twitter and Facebook have been open sourcing some of their internal security tools. Most recently Facebook released OSQuery. In this post I take a quick look at a few of the recently released tools by these organizations as well as other smaller projects. These are in random order. Netflix - Message Security Layer. In the blog post announcing Nogotofail. Google describes it as:. 3 OpenBSD 5.6. With MS...
flatlinesecurity.com
flatline security - Linkdrop #8
http://flatlinesecurity.com/posts/linkdrop-8
06 Nov 2014 by Curtis. Md5 collisions save latin. More removing code. OpenBSD removes loadable kernel modules. DNS firewall explained pic.twitter.com/zwjfXRICOB. Mdash; Jan-Piet Mens (@jpmens) November 5, 2014. One wireless hotspot for every 150 people. I still think that if there is any money for Internet infrastrucutre that some of it should be spent on things like dd-wrt. Wireless routers must be one of the most insecure devices in existence. Holy cow. @wickett. DNSSEC: Complexities and Considerations.
flatlinesecurity.com
Flatline Security
http://flatlinesecurity.com/page2
Do we really need all these clients running? Part of DevOps is tools. Not all of it, but some. Tools like Puppet, Chef, Sensu, Logstash.tools that provide valuable services in terms of configuration management, monitoring, and logging and metrics. But many of them require running a full-fledged client on the server. These clients take up resources, require maintenance, and increase the attack surface. Do we really need them? Compromising Drupal 7.31. Installing Docker on Ubuntu 14.10. 169; Flatline Secur...
flatlinesecurity.com
Flatline Security
http://flatlinesecurity.com/index.html
Onion Layers vs Soft Chewy Center. If youve worked at all in the information or computer security industry, no doubt one or more of the following phrases, defense in depth, layered defense, or onion layers, has come up. Md5 collisions save latin. Ten New Open Source Security Tools. Run Wireshark without Root on Ubuntu. In this post I take a quick look at how to run Wireshark without being root. OpenBSD all the things! 169; Flatline Security 2014.
flatlinesecurity.com
flatline security - Blog Archive
http://flatlinesecurity.com/archive
23 Nov 2014 - Onion Layers vs Soft Chewy Center. 06 Nov 2014 - Linkdrop #8. 05 Nov 2014 - Ten New Open Source Security Tools. 04 Nov 2014 - Run Wireshark without Root on Ubuntu. 03 Nov 2014 - Linkdrop #7. 02 Nov 2014 - Do we really need all these clients running? 01 Nov 2014 - Compromising Drupal 7.31. 31 Oct 2014 - Installing Docker on Ubuntu 14.10. 30 Oct 2014 - Enable Apparmor for Firefox. 29 Oct 2014 - Linkdrop #6. 28 Oct 2014 - Five Line Fuzzer in Go. 27 Oct 2014 - Charlie Miller's Five Line Fuzzer.
flatlinesecurity.com
flatline security - Run Wireshark without Root on Ubuntu
http://flatlinesecurity.com/posts/wireshark-no-root
RUN WIRESHARK WITHOUT ROOT ON UBUNTU. 04 Nov 2014 by Curtis. In this post I take a quick look at how to run Wireshark without being root. Getting promiscuous access to a network interface on Linux requires root privileges. Running packet captures as root are dangerous. Ubuntu even has tcpdump covered when using apparmor. Why? I like this warning. WIRESHARK CONTAINS OVER ONE POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT. Setup wireshark to use as non-root. First, install wireshark.
SOCIAL ENGAGEMENT