“Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country’s way of life; it’s only our reaction to that attack that can do that kind of damage.” In the wake of last week’s failed bombing of an airplane over Detroit, Bruce Schneier asks us to leverage the inherent strengths of our democracies.
edition.cnn.com
security
30/12/2009
Is aviation security mostly for show?
29/10/2007
The case for email security
“It may not be surprising for you to learn that email is not a secure medium of communication; however, it may surprise you to learn just how inherently insecure it really is.” Erik Kangas on how email really works, what the security issues are and where you can make the difference.
luxsci.com (PDF file, 112 kb)
31/05/2007
Das elektronische Briefgeheimnis
In German
“Wer eine E-Mail verschickt, muß damit rechnen, daß seine Nachricht von Dritten gelesen wird.” Brief article outlining steps you can take to keep your email communications private.
www.sueddeutsche.de
15/01/2007
Why you shouldn’t use HTML email
“Spammers use HTML emails to confirm your address.” There are other drawbacks to using HTML-formatting when sending and receiving emails. Consider this list of potential pitfalls that Martin Favreau has compiled for you.
www.freeantispam.org
20/12/2006
Why use email encryption?
Email encryption should be used by everyone. Here’s why.
rffr.de
25/09/2006
Public/private key authentication with SSH
SSH is a protocol that enables secure logins to your computer over a network. SSH supports the use of public/private key pairs for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.
On the Local Machine
Use the command ssh-keygen -t dsa to generate a key pair for the local user. Use an appropriate passphrase to secure your private key (don’t be tempted to use an empty passphrase).
Set the permissions for the private key file with the following command:
user@ubuntu:~$ chmod 600 ~/.ssh/id_dsa
On the Remote Machine
Get the necessary packages with the following command:
user@ubuntu:~$ sudo apt-get install ssh
Copy the public key file ~/.ssh/id_dsa.pub from the local to the remote machine.
On the remote machine, move and rename the file with the following command:
user@ubuntu:~$ mv id_dsa.pub .ssh/authorized_keys2
Set the permissions for the file with the following command:
user@ubuntu:~$ chmod 600 ~/.ssh/authorized_keys2
Add the user user to the group ssh:
user@ubuntu:~$ sudo adduser user ssh
Get the file sshd_config and move it to /etc/ssh/:
user@ubuntu:~# sudo wget "http://edafe.org/wp-content/uploads/2006/09/sshd_config"
user@ubuntu:~# sudo mv sshd_config /etc/ssh/
The downloaded file contains the following changes from the Ubuntu default configuration:
LogLevel VERBOSE
AllowGroups ssh
LoginGraceTime 20
PermitRootLogin no
MaxAuthTries 1
RSAAuthentication no
PasswordAuthentication no
X11 Forwarding no
TCPKeepAlive yes
ClientAliveInterval 15
ClientAliveCountMax 3
MaxStartups 3
UsePAM no
Setting these options makes root logins impossible. Only users belonging to the group ssh may establish a connection. Access to the remote machine is strictly tied to the private key and the passphrase used to encrypt it.
Next, restart the SSH server on the remote machine with the following command:
user@ubuntu:~$ sudo /etc/init.d/ssh restart
You should now be able to log into the remote machine using the private key stored on the local machine:
user@ubuntu:~$ ssh remote.machine
Enter passphrase for key '/home/user/.ssh/id_dsa':
The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is useful as a reference text and has information on other clever stuff you can do with SSH.
www.ibm.com/developerworks/linux/
22/09/2006
Privatsphäre ist wie Sauerstoff
In German
“Der politische Stand ist eine Symbiose mit der Medienindustrie eingegangen, die aus finanziellen Gründen den Terrorismus in einem Maße ausschlachtet, das objektiv nicht zu rechtfertigen ist.” Privacy is like oxygen, argues Pär Ström. You’ll miss it when it’s gone…
www.bundestag.de
26/08/2006
What the terrorists want
“Defense against terrorism is to refuse to be terrorized. Our job is to recognize that terrorism is just one of the risks we face. And our job is to fight politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money and doesn’t make us any safer.” Bruce Schneier is not about to give in. Are you?
www.schneier.com
05/07/2006
How to encrypt your email
“You too can get PGP set up in a few simple steps.” Jason Thomas shows just how easy it is to start encrypting your messages.
www.lifehacker.com
01/07/2006
Thinking about email security
“The bottom line is, if your email passes through or is stored on servers controlled by others, it’s probably a good idea to consider encryption.” Joe Brockmeier considers the confidentiality of your messages.
www.newsforge.com
14/05/2006
Introduction to cryptography
Find out more about the basic terminology and main methods of cryptography.
www.ssh.com
24/11/2005
A practical introduction to GNU Privacy Guard
“In this guide, I will show you how to use the most important GPG commands.” Brendan Kidwell introduces GnuPG for Windows users.
www.glump.net
25/10/2005
Avoiding Windows email viruses with Mozilla Mail
“The users that I support would double-click on a landmine to see what it did.” Phil Jones and Vidar Braut Haarr explain how to stop viruses from spreading to your computer by enlisting the help of Mozilla Mail and adopting a common sense approach.
www.pjls16812.pwp.blueyonder.co.uk
22/08/2005
Fireworks in Washington, despair around the World
“The president and his speechwriters have yet to confront the tension between their rhetoric about freedom, which is universally popular, and their practice of projecting US firepower, which is resented in equal measure.” Former Foreign Secretary Robin Cook on the day George Bush began his second term in office.
www.guardian.co.uk
Robin Cook is Dead
Robin Cook, one of few political figures to command my lasting respect, has suddenly died on August 6, 2005. If you are only ever going to read one political statement made to the House of Commons, read Robin Cooks’s resignation speech from 18 March, 2003.
29/07/2005
Who’s behind that web site?
“We’re about to get slightly technical here—but this is basic information you need to know.” John Locke explains the dangers of surfing the web and what you can do to control the risks.
www.freesoftwaremagazine.com
12/07/2005
Securing Linux
29/06/2005
RAID-1
25/06/2005
Understanding email netiquette
“Internet life carries its own versions of courtesy, privacy and security issues that all users need to know.” This article discusses basic email etiquette and explains the proper use of the To, CC and BCC fields when sending emails.
www.bestprac.org
19/05/2005
Introduction to cryptography
Not entirely sure how cryptography works? This document’s two chapters, The Basics of Cryptography and Phil Zimmermann on PGP, will tell you what you need to know.
ftp.pgpi.org (PDF file, 1007 kb)