All posts filed under “IT Security

comment 0

Using pass in teams

Introduction

Pass is the standard password manager for Unix systems. It follows the Unix philosophy.

Pass saves passwords in text files and encrypts them using a gpg key. The folder structure containing the encrypted files is the pass store. Sharing a pass store without handing over the gpg key requires a gpg key exchange. Git is integrated into the pass cli and is used as version control system.

This document is a guideline for users which require access to a shared pass store and is also a documentation of how to set up a shared pass store. The first part elaborates the process of creating a shared pass store and the second part shows how collaboration from the perspective of a user looks like.
Read More

comment 0

free SSL for everybody

Let’s Encrypt is the latest initiative by the Internet Security Research Group (ISRG).
Their goal is simple, every site on the internet has to be SSL secured.

They want to achieve that by serving an open certificate authority (CA) and also provide a tool to set up a secured site the easiest way possible.

And now the big deal about this, their service is free of charge!

If this is really a thing, it will be a disaster for the SSL economy. As you might know SSL certificates are everything else than cheap. So good luck to every company that relays on selling SSL certificates as their core competence.

comment 0

Say Goodbye to TrueCrypt

Apparently the developer of TrueCrypt threw in the towel this week.

The official site http://truecrypt.org redirects to http://truecrypt.sourceforge.net/ where you’ll find instructions to migrate you TrueCrypt disk to Microsofts built-in solution Bitlocker.

The reason for all this is obvious, TrueCrypt can’t compete against Microsofts Bitlocker as their software comes with every Windows 8 version (withWindows 7 you had to have an enterprise license in order to use Bitlocker).

comment 0

Open SSL Heartbleed Bug

For those who missed it. The OpenSSL project has recently announced a security vulnerability in OpenSSL affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160).

Details of the bug are available here: The Heartbleed Bug

You can check you website here: Heartbleed test

Details and update instructions from the websites of your Linux vendor of choice:
* Amazon Linux AMI
* Red Hat
* Ubuntu

On Ubuntu the update is simply done by executing these commands:

sudo apt-get update
sudo apt-get upgrade

The following command shows (after an upgrade) all services that need to be restarted.

ps uwwp $(sudo find /proc -maxdepth 2 -name maps -exec grep -HE '/libssl\.so.* \(deleted\)' {} \; | cut -d/ -f3 | sort -u)