Source: Government Computer News - Posted by Ryan Berens
The OpenSSL library of encryption algorithms has just been patched by the OS Software Institute. This open source module has been utilized at many government agencies, and is an interesting example of two things: the effectiveness of Open Source technologies in the most demanding environments and how the kind of work that still needs to be done in the government sector regarding secure Internet infrastructure: "For FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module," Steve Marquess of OSSI said in the announcement of the patches.
That means that for the time being federal users must continue using the flawed software or patch it and go out of compliance.
Syslog is a clear-text protocol. That means anyone with a sniffer can have a peek at your data. In some environments, this is no problem at all. In others, it is a huge setback, probably even preventing deployment of syslog solutions. Thankfully, there is an easy way to encrypt syslog communication. I will describe one approach in this paper.
Do you use Syslog? Have you thought about encrypting the logs which are being forwarded over the network? Protecting your logs is an important security practice.
The GNU Privacy Guard (GnuPG) allows you to encrypt, decrypt, sign, and verify communications and data, as well as create and manage the keys needed for these tasks. It is a full, open source implementation of the OpenPGP Standard (RFC2440) and is integrated into many Linux applications ranging from clipboard applets to instant messaging clients. These applications make it easy to use GnuPG for digital security in the GNOME desktop environment.
Most user's don't use any form of encryption when sending information over the Internet. Is the problem that it's not alway easy to use encryption? However, with theses GnuPG plugins user's can easily protect all their Internet traffic without touching the command line.
When the Open Source Software Institute (OSSI) sought Federal Information Processing Standards (FIPS) 140-2 validation for its OpenSSL toolkit last year, it was anything but smooth sailing. OSSI has just submitted a new OpenSSL update for FIPS validation but, according to Executive Director John Weathersby, things are bound to go much more smoothly this time around.
OpenSSL, allows programs to securely exchange data over a network. The reason that it took so long was they had complaints about the validity of the code base. Another part of this article which should be noted is government agencies are starting to consider using OpenSSL as a data exchange solution. Have you tested out the new OpenSSL update yet?
Did you ever live with the fear that somebody may break into your system one day and steal your files? Well, those days are over, because you can now have an entire encrypted operating system. This was the first time I thought about taking the time to encrypt my whole operating system. Is encrypting the entire operating system worth the time? I feel encrypting persional information like phone numbers or bank information is important but most of what is on my operating system is things I don;t care that others see. However there is a way to encrypt the whole operating system with a Live CD to protect everything on a Linux users computer.
This article is a step-by-step guide to using two passwords with EncFS. The primary password is required and may be used to secure all data; the secondary password is optional and may be stored on USB stick or other removable media and used to secure more sensitive data. EncFS can also be combined with block device encryption for maximum security
The Camellia Block Cipher is a new encryption algorithm which was developed by NTT and has been specified in several Internet RFCs as well as being one of the approved encryption methods to be used by the European Union.
Developers on the FreeBSD project worked with researchers from NTT to integrate their code, under a BSD license, into the CURRENT branch of FreeBSD, which will become the 7.0 release in the near future.
Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail's interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.
PGP has two uses. First, it is an encryption system that uses public-key cryptography. Each user has a public key and a private key. In simple terms, you can encrypt a message using someone's public key and they can decrypt it using their private key. (A one-off session key is actually involved.) If the private key has been kept truly private, no one else can read the message.
Source: DiderStevens - Posted by Benjamin D. Thomas
Steganography is the art of hiding messages so that uninitiated wouldn't suspect the presence of a message. A rainbow table is a huge binary file used for password cracking. This is the first in a series of posts on research I've done on how to hide data in rainbow tables, and how to detect its presence.
There are several steganography algorithms to hide data in pictures. They often involve changing the least-significant-bits of the numbers representing the color or another visual property of a pixel. This minute difference cannot be perceived by the naked eye, but it this there. The size of the data you can hide in a picture is limited by the size of the picture and by the numbers of bits involved in the steganography algorithm. It’s impossible to hide large files, like audio or video files, in a picture, unless you split the files and use a lot of pictures. To hide a large amount of data in a single file, you need a large file.
