I learned the hard way that a user in
/etc/passwd not having a shell specified in
/etc/shells is not able to log-on.
/etc/shells looks like this:
On Arch it looks like this:
So if you provide a user with shell
/usr/bin/bash, he cannot log-in, thanks to
man pam_shells, and authentication error with shell=/usr/bin/bash.
On Ubuntu install with:
apt-get install gnupg
First generate private and public key:
Generating this key can take some time, because it needs enough randomness.
Store your public key in a file:
gpg -a --export
Although it is not necessary to store this public key, you usually will provide this public key to other people, see for example my public key.
Import public keys from other people by
gpg --import my-friend.pub
Now encrypt a message for my-friend:
gpg -aesr my-friend your-file
These options have the following effect:
-a: create base64 encoded output (“ASCII armored”). This is not necessary, so you can skip this option. If skipped the output is binary.
-s: add signature. This is not necessary. You could drop this option from above.
-r: recipient, here your-friend
Decrypting a file is the easiest part. Just type
Yesterday I went to the movie with my family and watched Laura Poitras‘s film Citizenfour. The movie in Frankfurt was completely sold out, many prospects had to be sent home, because there were no more seats available. I just got a ticket because I had a high number on the waiting list. I am surprised that the movie is not shown in the “big” movies, but rather in small and lesser known movies.
Six months ago Bruce Schneier posted an article on “Choosing Secure Passwords”. Some of the key points are (mostly copied verbatim from mentioned post):
- The best way to explain how to choose a good password is to explain how they are broken.
- Password crackers do not brute force all 8 character combinations, but rather they brute force all 6 character passwords, then they check for common passwords.
- A typical password consists of a root plus an appendage. The root isn’t necessarily a dictionary word, but it’s usually something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time). One cracking program I saw started with a dictionary of about 1,000 common passwords. Continue reading
The following commands are used to encrypt the whole USB hard-drive. This hard-drive is assumed to be on
/dev/sdc. Create one partition. One can use
gparted for this. Then
cryptsetup luksFormat /dev/sdc1
luksFormat is only used once.
To make this encrypted drive available as device on
cryptsetup luksOpen /dev/sdc1 SeagatePortable
Cisco provides a report on computer security which contains a number of key findings:
- Java comprises 91% of all web exploits.
- 99% of mobile malware targets Android.
- Java is the exploit that criminals choose first, since it delivers the best return on investment.
- Continue reading
Unfortunately Google gets quite draconian to users: When using Google Chrome to surf a web page with a certificate problem you simply cannot view the web-site. There is no dialog, where you can say: It’s o.k., I accept the risk. This behaviour occurs at least with versions 31.0.1650.63 and 32.0.1700.77.
If you want to view web-sites with certificate problems you have to start Google Chrome like this
More command-line arguments for Chrome can be found here: List of Chromium Command Line Switches.
One prominent example for a web-site with a certificate problem is Intel. Intel is able to power the world’s most powerful computer, Tianhe-2, with more than 3 million cores, but they are not able to get their web-site right.
Addendum 23-Mar-2014: Google Chrome 33.0.1750.152 fixed the issue. Now it is possible to say: “Proceed anyway”, and therefore accept the risk and proceed with an invalid certificate.