When running a server of any volume, it is likely that there is sensitive data stored on it. Knowing how to destroy that data with confidence is an important skill for any system admin. Luckily Linux has several utilities that can be used to securely wipe partitions, drives, and even an entire server. The tools that I will be looking at are shred, dd, wipefs, and DBAN.
Read morePreventing “The Big Hack”
One of the biggest tech stories in recent days was an investigative piece by Bloomberg called, “The Big Hack.” In a nutshell, the story is about how China used its access to the American supply chain of motherboards to plant a chip the size of a grain of rice. The goal of this chip according to the story was “telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code (Robinson & Riley, 2018)”. This isn’t so different from what a rootkit does, but what makes this story so alarming is the fact these devices were vulnerable out of the box. This isn’t unheard of when counterfeit products are purchased on accident, but these devices were given the stamp of approval from their manufacturer and seller. Read more
Practical Linux Topics: SELinux
To continue my series on Practical Linux Topics, I’ll now jump into SELinux. SELinux in itself is a topic deserving of its own class. As I’ve been studying it I’ve pulled many resources for info. The chapter in Practical Linux Topics best serves as an introductory rather than a complete overview of the topic.
Straight from the man page, “SELinux is a security enhancement to Linux which allows users and administrators more control over access control (What is SELinux, 2017).” It does this by using targeted policies to enforce access controls. Particular to SELinux is also the segregating of applications to ensure they are only accessing what they need and not crawling around the filesystem. Read more
Practical Linux Topics: iftop
Awhile back I purchased a Linux book bundle from Humble Bundle. Now that I’m studying for my Linux+, I found it a good time to begin browsing some of them to aid in my studies as well as find labs and projects I could do for some additional hands-on experience. The first book I’m looking at is Practical Linux Topics by Chris Binnie. This book describes several commands, techniques, and tips for managing Linux systems. The first of these topics is iftop. Read more
Not All 2nd Factors Are Created Equally
Last Month, an article from Brian Krebs stated that no employee at Google has had their accounts taken over since they deployed YubiKeys for Two Factor authentication (Krebs, 2018). Below is a picture of my YubiKey which I’ve been using since 2015.
A YubiKey requires no power or drivers to use. You simply plug it in and press it when prompted for the Two Factor Authentication. The computer will read input similar to a keyboard due to the way the pins on the device are set up. Yubico’s Enterprise Level products can be configured to generate One-Time Passwords, encrypt/decrypt OpenPGP documents or emails, and more. In the case of mine, it uses the FIDO U2F standard and is good for securing web-based applications that support U2F. Read more
Now With Encryption!
The push for encryption on the web has been going strong the last few years. As of July 24, 2018, Google Chrome will label all HTTP Sites as “Not Secure.” This is a push they promised to do several years ago and has now come to fruition. For that reason, I am proud to say that this blog is now 100% encrypted and secure!
This is primarily thanks to Let’s Encrypt, an initiative for free domain name SSL/TLS security provided by the Internet Security Research Group (ISRG). Thanks to this service, the adoption of HTTPS as a standard has grown. Let’s Encrypt has secured more than 100 million websites and is trusted by all major root programs. Read more
Cyber Security Experts vs. Cyber Criminals: Who Makes More?
A new ad has been circulating that targets young cyber criminals. It is a call to action for cyber criminals to become cyber security experts essentially before it is too late. The ad was created in a joint effort of Europol and European law enforcements. The ad (above) creates a chart saying that cyber security experts have higher health, dexterity, stamina, happiness, and most importantly cash. It lists the benefits of being a cyber security expert as skills in coding, gaming, computer programming, and anything IT-related that will provide them job opportunities. On the other side, it notes that cyber criminals face jail time, fines, seizure of computers, and criminal records as a result of their crimes. The ad clearly targets youth, particularly youth that play video games due to the imagery of status bars that you might see in a game. But how accurate is the ad? To determine this, let’s look at what each actually make. Read more
Never10: Disable Windows 10 Upgrade
At this point, everyone knows that Microsoft wants you to get Windows 10. However, some people, like myself, don’t want to upgrade and never plan on it. Gibson Research Corporation has made an easy-to-use tool to disable the automatic update to Windows 10. The free software is called Never10. Simply download the executable file and click “Disable Win10 Upgrade” to prevent your system from upgrading without your knowledge. Don’t be one of the people who boots up their computer one morning to find their system has upgraded without your knowledge.
Welcome to my Blog!
Welcome to my Blog! You can expect to see post about current news about technology and the IT industry. I may also share articles from other bloggers or websites that I find interesting.
