|
|||||||||||||||||
| Just callin' it it as we see it | |||||||||||||||||
|
|||||||||||||||||
|
|
|
|
|
|||||||||||||
|
|||||||||||||||||
|
...or could it have been WHAT you asked me... ...maybe it's WHEN you asked me... all i know is that YOU'RE ON FUCKIN' CRACK... |
|
|||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
| Archives | |||||||||||||||||
|
|||||||||||||||||
|
|
|
|
|
|||||||||||||
|
|||||||||||||||||
|
May 2003 July 2003 August 2003 September 2003 November 2003 December 2003 January 2004 February 2004 March 2004 April 2004 May 2004 June 2004 July 2004 August 2004 September 2004 October 2004 November 2004 December 2004 February 2005 March 2005 April 2005 May 2005 June 2005 August 2005 October 2005 November 2005 December 2005 February 2006 April 2006 May 2006 June 2006 October 2006 September 2010 December 2011 |
|
|||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
| Contributing Authors | |||||||||||||||||
|
|||||||||||||||||
|
|
|
|
|
|||||||||||||
|
|||||||||||||||||
|
|
|
|||||||||||||||
|
|||||||||||||||||
|
|||||||||||||||||
|
Friday, December 12, 2003 |
|
Craq and My Growing Paranoia | |
|
||
|
||
|
Craq: While in the Jordaan a few hours ago some random guy asked me if I'd like to buy some hash, to which I politely replied, "No thanks, I don't like drugs"... so naturally, he had to ask if I wanted some X... I told him, "No, I don't take drugs"... so, of course, he had to make sure I wasn't just playing hard to get so he asked me if I'd like some acid... I tell him, "rot op, ik wil het niet"... so then the sucka asks if perhaps I'd like some crack. Yeah, crack. Fuqin crackhead.
Paranoia: My job is infosec, so I tend to be on the paranoid end of the internet security spectrum - here is how sad I am: 1. I use non-English misspelled alphanumeric text in the 30-40 character range for passwords wherever possible 2. I don't trust my windows or unix machines' abilities to keep my local data safe and encrypted so I use multiple 256-bit AES encrypted PGP disks to store all but the most impersonal data 3. I don't trust my colleagues at the office to properly secure our network, so I have a Gentoo Linux device providing stateful packet inspection services via Linux 2.4's built-in NetFilter - this gives me a separate and private LAN of my own 4. Since I don't trust my colleagues to provide proper protection I also run an IDS on said Gentoo device where I listen to both my external an internal interfaces 5. My IDS alarms on the external interface around 10-15 times per day thereby feeding my paranoia - I use squil for real-time analysis, btw (over an stunell connection, of course) 6. I run HIDS (snort and Tiny), tcp/ip firewalls (Tiny, shorewall/iptables/NetFilter/ipf/ipfw, Semantec), integrity software (Tripwire, numerous shell scripts, Tiny), and anti-virus software on *all* possible machines even though I'm already on a mostly trusted network of my own 7. I'm on about 20 infosec mailing lists... most of which just link to each other each time a vulnerability is announced 8. I have more books than I care to admit on the subject (not that I've read them all) 9. I run an internal apache2 proxy (bound to loopback only, and null logging) on my server in the datacenter so that I can tunnel all of my web and IM traffic to it (over a 256-bit AES encrypted SSH session (2048-bit DSS for key negotiation))... and of course all of my IM logs are done to a crypt disk - the server only presents ssh to the world, and it is built with tcpd so only certain of addresses may establish a connection with it... and I'm running SunScreen to boot 10. The ssh mentioned above is built with gcc with propolice in the hopes of further buffer containment... i use standard privilege seperation... I don't allow PAM use, I only allow AES-256 for the line cipher, DSS for the asymmetric cipher, SHA-1 for the MAC... the privsep user's shell is the simple SUNW /sbin/noshell script... password auth is not allowed, only pubkey auth (via, you guessed it, 2048-bit or greater DSS keypairs), and only users of a specific group are allowed access 11. When I delete data, I can't just delete it - I feel I must wipe it, regardless of how much of my CPU gets eaten in the process... and no, the default number of passes is never good enough so I usually add 30-40% more passes 12. I shred anything and everything that is in paper format, regardless of how insignificant the data on the paper is 13. blah, blah, blah, etc, etc, etc... So, to what end do I do this? It's simple - I don't want to be the one that gets owned by some little shitface armed to the teeth with scripts from PacketStorm just because I decided to be a little more trusting. The funny thing is, I still feel vulnerable - every now and then I come across information that shows me that a certain thing I've done is not the right, or best, way to do it... this just feeds my paranoia. So... am I a crackhead, or are there others out there who are under similar duress? :) BTW... for those of you worried about email harvesting from websites, I give you the Unicoder free of charge - you can look at the source code, we don't harvest your address, unlike some of the other unicode tools out there. Tot ziens. |
|
|
||
|
||
If you think this page needs a copyright then you need to get off the rock.