Like many Internet addicts, I have way too many user name/password accounts to remember: accounts on social-networking sites, rarely used logins at work, on-line banking and so on. One solution to this problem is to use the same user name and password everywhere, but that's clearly not safe; if people get a hold of your account information in one place, they own all your other accounts too.
I wanted a relatively safe, flexible and easy way to store passwords and other useful confidential information. I also wanted it to be easily accessible, which meant that I'd like to get at it over a text-only SSH connection. And, I wanted it to be something that could move around from machine to machine without too much trouble.
This article looks at ways of storing passwords securely. With all those password we have to remember it's a good securely practice to store them encrypted.
I have downloaded the beta of Firefox 3 to check out the improvements related to SSL. First, there's the added support for Extended Validation SSL certificates, but I am not very excited about that (I wrote about this previously in Extended Validation SSL certificates not going anywhere, as predicted). It's a nice feature, but it's not going to bring much good overall. On the other hand, I am very happy with the improvements to the handling of invalid SSL certificates.
A much needed improvement to handling invalid SSL certificates were added to Firefox 3. What do you think about the improvements.
gpgdir uses GNU Privacy Guard (GnuPG) to encrypt and decrypt files or a directory tree. You could accomplish the same objective by tarring the filesystem up and then encrypting the tar.gz file with GnuPG, but then you would still have to shred or wipe every file in the original directory tree. With gpgdir the whole tree is encrypted in one command.
Do you use gpgdir? What do you think about it? This article goes through everything you need to encrypt and data on your system.
It turns out that some researchers at Princeton University followed up on earlier research showing that modern computer memories retained their contents even with the power off (known as memory remanence), and that the retention time could be lengthened by cooling the memory. (See the chapter on physical tamper resistance in Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems.
I always file it interesting researching the state of encryptions security. What do you think the future of computer encryptions is? Are we going to have to invent better encryption algorithms?
Do you consider your files "top secret" information? Do you keep sensitive work information or bank account information on your computer? What your gift list for the holiday season? :)
Either way, if you want some serious encryption on you system, look no further than EasyCrypt: a military grade encryption tool that can allow for AES 512-bit Whirlpool encryption.
I tried using TrueCrypt on Ubuntu in the past, but found it annoying to be entering terminal commands several times a day to access the encrypted file. I find Easy Crypt to be a speedy, practical, and easy to use interface on a daily basis.
With the basic Easy Crypt setup, your locked files are saved as a hidden file in your user directory, located at /home/username/.easycrypt-crypt (although using the ‘expert’ mode you can choose to use a crypt saved at any location, including a USB key)
Source: Government Computer News - Posted by Ryan Berens
The OpenSSL library of encryption algorithms has just been patched by the OS Software Institute. This open source module has been utilized at many government agencies, and is an interesting example of two things: the effectiveness of Open Source technologies in the most demanding environments and how the kind of work that still needs to be done in the government sector regarding secure Internet infrastructure: "For FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module," Steve Marquess of OSSI said in the announcement of the patches.
That means that for the time being federal users must continue using the flawed software or patch it and go out of compliance.
Syslog is a clear-text protocol. That means anyone with a sniffer can have a peek at your data. In some environments, this is no problem at all. In others, it is a huge setback, probably even preventing deployment of syslog solutions. Thankfully, there is an easy way to encrypt syslog communication. I will describe one approach in this paper.
Do you use Syslog? Have you thought about encrypting the logs which are being forwarded over the network? Protecting your logs is an important security practice.
The GNU Privacy Guard (GnuPG) allows you to encrypt, decrypt, sign, and verify communications and data, as well as create and manage the keys needed for these tasks. It is a full, open source implementation of the OpenPGP Standard (RFC2440) and is integrated into many Linux applications ranging from clipboard applets to instant messaging clients. These applications make it easy to use GnuPG for digital security in the GNOME desktop environment.
Most user's don't use any form of encryption when sending information over the Internet. Is the problem that it's not alway easy to use encryption? However, with theses GnuPG plugins user's can easily protect all their Internet traffic without touching the command line.
When the Open Source Software Institute (OSSI) sought Federal Information Processing Standards (FIPS) 140-2 validation for its OpenSSL toolkit last year, it was anything but smooth sailing. OSSI has just submitted a new OpenSSL update for FIPS validation but, according to Executive Director John Weathersby, things are bound to go much more smoothly this time around.
OpenSSL, allows programs to securely exchange data over a network. The reason that it took so long was they had complaints about the validity of the code base. Another part of this article which should be noted is government agencies are starting to consider using OpenSSL as a data exchange solution. Have you tested out the new OpenSSL update yet?
Did you ever live with the fear that somebody may break into your system one day and steal your files? Well, those days are over, because you can now have an entire encrypted operating system. This was the first time I thought about taking the time to encrypt my whole operating system. Is encrypting the entire operating system worth the time? I feel encrypting persional information like phone numbers or bank information is important but most of what is on my operating system is things I don;t care that others see. However there is a way to encrypt the whole operating system with a Live CD to protect everything on a Linux users computer.
