nCipher HSM with OpenSSL

I just finished playing with some nCipher’s HSM. Unfortunately there is no integration guide for OpenSSL that cover CHIL interface and nCipher hardware security modules.

nCipher’s installation guide is quite good, but after you finish installing hardware, drivers and daemons, you are on your own.

I found only two helpful sources: Andrea Campi’s blog entry about nCipher [...]

March 2nd, 2010 | Tags: , , , , | Category: Hardware, Linux, Security | Leave a comment

Sptrace 1.4.2 released

New version of sptrace was released today. Sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. Module was updated to reflect changes in new kernel releases and tested with 2.6.26.

March 14th, 2009 | Tags: , , , , , , , | Category: English, Linux, Security, Software | Leave a comment

ClamFS 1.0.0 has been released

ClamFS 1.0.0 has been released yesterday. It contains some new features that might be quite interesting for its users.

February 8th, 2009 | Tags: , , , , | Category: English, Linux, Security, Software | 13 comments

Multiple FreeBSD jails sharing one IP address

If you want to use multiple jails on FreeBSD with only one external IP addresses you may set up all jails on private addressed with little help of loopback interface, NAT and PF.

January 11th, 2009 | Tags: , , , | Category: English, FreeBSD, Internet, Security | 2 comments

Source code (security) auditing utilities available in Debian

Debian GNU/Linux provides several packages that can be used to audit C/C++ source code. First three search for programming errors that might lead to potential security flaws:

flawfinder
rats
pscan

Next two tools find bugs in C and C++ source code by doing a static check too, but their checks are not security-related:

splint
cppcheck

January 10th, 2009 | Tags: , , , , | Category: Debian, English, Security | Leave a comment

Web browser anonymity threats

Anonymity in important for many people. Few years ago, it was problematic issue only for hackers, human rights workers and anonymity freaks. They want to keep they identity in secret for obvious reasons. They were traced only by law enforcement agencies and government. Today everything is much more difficult. Hundreds of advertising agencies trying to [...]

May 14th, 2008 | Tags: , , , , , , , , , , , | Category: English, Internet, Security, Software | Leave a comment

Deploying IPsec in small LAN in 3 easy steps

I think about installing IPsec on computers in my home LAN for some time. There are many configurations possible: tunnel mode, transport mode, peer-to-peer solution or star topology with single VPN hub. Also there are different IPsec implementations. KAME for *BSD, Openswan, strongSwan and Linux 2.6 PF_KEY implementation (which can be used with setkey and [...]

March 4th, 2008 | Tags: , , , , , , | Category: English, FreeBSD, Internet, Linux, Security | Leave a comment

O tym jak to Chuck Norris skopiował dane z Naszej Klasy na dyskietkę

Hacking.pl opublikował artykuł Nasza-Klasa.pl – pobierz sobie dane milionów Polaków. Zasugerowano w nim, że każdy może pobrać dane wszystkich użytkowników Naszej-Klasy. Na alarm uderzył również Dziennik Internautów i Computerworld. Wszyscy zwrócili uwagę na fakt, że prosty robot internetowy może skopiować strony z portalu, przefiltrować ciekawe informacje i zapisać je na dysku. Niestety większości umknął jeden [...]

January 24th, 2008 | Tags: , , , | Category: Internet, Polish, Security | 10 comments

Limiting access to ptrace() call in Linux

Ability to trace and debug software on servers is not needed for most users. Giving them right to trace processes may leak information and if ptrace() is vulnerable lead to more problems.

Sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. It can disable strace (and ltrace) altogether, [...]

December 29th, 2007 | Tags: , , , , , , | Category: English, Linux, Security, Software | Leave a comment