Jacob Kaplan-Moss

GPG Quick Start

Very simple, plain-English “getting started with GPG” guide.

(crypto, gpg, howto, pgp, privacy, quickstart, security, tutorials)

Keyphrene - 4Py Homepage

Wrappers for OpenSSL and LibSSH2.

(python, security, ssh, ssl)

Adeona: A Free, Open Source System for Helping Track and Recover Lost and Stolen Laptops

The first (that I know of) open source, non-centralized laptop tracker. Gotta give this a shot.

(laptop, opensource, security, software, tracking)

Matasano Chargen » Ruby’s Vulnerability Handling Debacle

Handing security problems is the *worst* part of being an OSS maintainer. Learn from what the Ruby folks did wrong.

(opensource, ruby, security)

research!rsc: Lessons from the Debian/OpenSSL Fiasco

By far the best analysis of the Debian/OpenSSL bug. No pointed fingers, and lots of good lessons for the future.

(debian, openssl, security)

Utilitymill's developer comments on the security model

Sounds relatively smart. However, I'd be suspicious of using chroot — I'm told it wasn't especially designed to be a security feature exactly. Were I to do something of this nature, I'd probably use pypy-sandbox.

(chroot, python, sandbox, security, utilitymill)

Handbook of Applied Cryptography

Recommended by Bruce Schneir and available online for free.

(book, cryptography, encryption, pdf, pmscs, reference, security)

Bruce Schneier Blazes Through Your Questions - Freakonomics - Opinion - New York Times Blog

Required reading this AM.

(authentication, computing, cryptography, economics, encryption, for:jdunck, freakonomics, internet, interview, security, technology)

Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy - CIO.com - Business Technology Leadership

The first in a three-part series about the state-of-the-art and the future of malware. Via Bruce Schneier.

(linux, readlater, security)

Index of Crypto Papers Available Online

“The index currently contains 1427 papers.”

(cryptography, security)

Help me Roberto, my web server just got hacked! - Someone Else

With skill and luck neither you nor I will need these tips. However, shit happens; this is a great guide to cleaning it up.

(hackers, rootkit, security, sysadmin)

http://www.rsync.net/resources/notices/canary.txt

rsync.net's warrent canary hasn't been updated in ten days.

(government, law, rsync, security)

Password Manager + AutoFill for Mac OS X

I think I've found a nearly perfect password manager.

(authentication, browser, osx, passwords, security)

pam_recent: an add-on to make iptables' recent match more useful

“If the client manages to login, his history is cleared and subsequent new connections are not blocked. Password guessers, however, would not manage to prove their legitimacy… they're all treated as scum unless they can prove to be Good People.”

(blacklist, linux, security, ssh, sysadmin)

py-bcrypt - strong password hashing for Python

We should support bcrypt in Django if this module is installed.

(cryptography, django, encryption, library, python, security, todo)

blog gnist org - Holliday cracking

Really interesting analysis of a cracked Linux box. We're lucky that these script kiddies always seem to make some stupid mistakes (in this case not cleaning up .bash_history); a good cracker probably wouldn't be detected for months.

(forensics, hacking, linux, security, zombie)

Lightweight Home Security with Indigo and Asterisk

Sounds like a great and super-cheap way to roll your own security system.

(diy, home, homeautomation, security)

How We Learned to Cheat at Online Poker: A Study in Software Security [Cigital]

Revealing the “psudo” in “psudorandom” (thanks for the quip, Matt)

(gambling, games, poker, programming, security)

WordPress › Blog » WordPress 2.1.1 dangerous, Upgrade to 2.1.2

Help get the word out: if you're using WordPress 2.1.1, upgrade to 2.1.2 right away. I feel really bad for the WP guys; this is the nightmare scenario for anyone writing software.

(php, security, wordpress)

Voting Research

Ping's page on his voting research. Some hackers hack code, others hack democracy.

(politics, pycon2007, python, security, visualization, voting)

Capability Myths Demolished

From Brett Cannon's talk on his proposed Python security system.

(acl, computing, pycon2007, security)

Double standards in security hassles - The Red Tape Chronicles - MSNBC.com

Wonderful, insightful article about security. A choice quote: “until recently, you or I couldn’t take a bottle of water or a tube of toothpaste on an airplane. Mothers were forced to drink their babies’ milk. Elderly women were subject to humiliating

(essays, security)

The Fishbowl: Why is XSS so common?

This is a pretty strong argument that Django should do default template escaping. Guess I'm starting to change my mind.

(for:holovaty, security, xss)

TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows XP/2000 and Linux

(cryptography, encryption, security, software)

Build a Secure FTP Dropbox with vsftpd

(ftp, security, vsftpd)

DenyHosts

Another tool to thwart dictionary attacks, this one written in Python.

(linux, security, ssh)

throttle ssh

“This script will attempt to restrict IP addresses that repeatedly fail login attempts via SSH.”

(security, ssh)

Securing Mac OS X (PDF)

Great guide to securing OS X.

(osx, security)