Archive for Cyber Security

Practical Linux Topics: SELinux

To continue my series on Practical Linux Topics, I’ll now jump into SELinux. SELinux in itself is a topic deserving of its own class. As I’ve been studying it I’ve pulled many resources for info. The chapter in Practical Linux Topics best serves as an introductory rather than a complete overview of the topic.

Straight from the man page, “SELinux is a security enhancement to Linux which allows users and administrators more control over access control (What is SELinux, 2017).” It does this by using targeted policies to enforce access controls. Particular to SELinux is also the segregating of applications to ensure they are only accessing what they need and not crawling around the filesystem. Read more

Not All 2nd Factors Are Created Equally

Last Month, an article from Brian Krebs stated that no employee at Google has had their accounts taken over since they deployed YubiKeys for Two Factor authentication (Krebs, 2018). Below is a picture of my YubiKey which I’ve been using since 2015.

A YubiKey requires no power or drivers to use. You simply plug it in and press it when prompted for the Two Factor Authentication. The computer will read input similar to a keyboard due to the way the pins on the device are set up. Yubico’s Enterprise Level products can be configured to generate One-Time Passwords, encrypt/decrypt OpenPGP documents or emails, and more. In the case of mine, it uses the FIDO U2F standard and is good for securing web-based applications that support U2F. Read more

Now With Encryption!

The push for encryption on the web has been going strong the last few years. As of July 24, 2018, Google Chrome will label all HTTP Sites as “Not Secure.” This is a push they promised to do several years ago and has now come to fruition. For that reason, I am proud to say that this blog is now 100% encrypted and secure!

This is primarily thanks to Let’s Encrypt, an initiative for free domain name SSL/TLS security provided by the Internet Security Research Group (ISRG). Thanks to this service, the adoption of HTTPS as a standard has grown. Let’s Encrypt has secured more than 100 million websites and is trusted by all major root programs. Read more

Cyber Security Experts vs. Cyber Criminals: Who Makes More?

A new ad has been circulating that targets young cyber criminals. It is a call to action for cyber criminals to become cyber security experts essentially before it is too late. The ad was created in a joint effort of Europol and European law enforcements. The ad (above) creates a chart saying that cyber security experts have higher health, dexterity, stamina, happiness, and most importantly cash. It lists the benefits of being a cyber security expert as skills in coding, gaming, computer programming, and anything IT-related that will provide them job opportunities. On the other side, it notes that cyber criminals face jail time, fines, seizure of computers, and criminal records as a result of their crimes. The ad clearly targets youth, particularly youth that play video games due to the imagery of status bars that you might see in a game. But how accurate is the ad? To determine this, let’s look at what each actually make. Read more