Newer
Older
[[!meta title="Security"]]
Research and development in security:
* [Creepy - Geolocation OSINT Tool](http://www.geocreepy.com/) ([package](https://packages.debian.org/wheezy/creepy)).
* [Qubes OS](https://www.qubes-os.org/).
* bitmask and LEAP.
* port knocking.
* hardened systems: apparmor, gradm2, firejail, seccomp, etc.
* sshd:
* https://stribika.github.io/2015/01/04/secure-secure-shell.html
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
* http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh
* https://charlieharvey.org.uk/page/ssh_port_pros_and_cons
* fuzzy testing: fusil, etc.
* router: serial console to other boxes with dhe luks! :)
* [Mailcap, HTML and AppArmor](http://www.justgohome.co.uk/blog/2014/02/mailcap-html-apparmor.html).
* Increased security on smtp/imaps password storage:
* https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password
* http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent
* http://mah.everybody.org/docs/mail/fetchmail_check
* Enhanced shell:
* Add a counter-measure to prevent SSH timing attacks:
http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay
http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited
* https://shodan.io
* https://keybase.io
* https://github.com/shadowsocks/shadowsocks-go