security

All posts tagged security

Encryption without LVM on Devuan

2018-11-24
, , , ,

These instructions were tested, and re-tested multiple times on devuan_ascii_2.0.0-rc_i386_dvd-1 on bare metal. They worked fine, but they magically stopped working, and so I'm giving up on this technology; it's too fucking hard to use.

Computer security: Devuan + dm-crypt >

Devuan's installer has an encryption feature, but it formats your whole hard drive and uses LVM, neither of which I want.

  • Given a hard drive which has regular partitioning and not LVM.

  • Where a / (root) partition is encrypted (dm-crypt) and in use.

    • Such as with an earlier release of Devuan

  • Install Devuan, re-using the encrypted partition without re-encrypting/formatting from scratch.

    Note - I will be writing separate instructions on how to manually make and manage encrypted partitions.

For more information on encryption, see dm-crypt.

Continue Reading

Comment

dm-crypt

2016-11-05
, , , , , , , , , , ,

TODO - tested and working, though my most recent Lubuntu experimentation has problems I'm still troubleshooting.

At best, my computer hangs when prompting for a password. I think this is related to the 4.4.14 kernel but have not confirmed this.

dm-crypt
https://gitlab.com/cryptsetup/cryptsetup
https://www.fsl.cs.sunysb.edu/docs/cryptfs/cryptfs.html

These instructions are a lot easier than they seem, and a smart and patient beginner will be able to follow them!

  • These notes were made from instructions from Slackware "current", as of 2016-11-05, and have been tested on Slackware 14.2, and 14.2 32bit.

  • These notes were made on an everyday system with one hard drive which I completely formatted for this purpose.

    • If you are a new user, it is strongly recommended that you remove all hard drive's your using and do this on a spare unused/empty drive.

  • This concept and these notes build a full-disk Slackware installation which also uses LVM. You can safely ignore the entire LVM post and just follow this one.

Continue Reading

Comment

SUPERAntiSpyware

2016-03-13
, , , , , , , , , , , ,
SUPERAntiSpyware header

(on Wikipedia)
http://www.superantispyware.com/

A malware scanner.

Mostly-meh.

  • Their portable scanner is still just an installer.

  • It found an Wajam plugin from Magic Camera, presumably installed for either Internet Explorer or Edge.

    • During scanning, it claims to have found infected files, but those files were neither reported at the end of its scan nor found in its quarantine. What gives?
Comment

An example of The Chain of Trust

2016-03-11
, , , , , ,
Padlock-light-silver.png

A long while back, this blog lost its database. That's why it went dark for some months.

The host claimed that the database was dropped using it's hosting control panel. This post is an examination of that claim using The Chain of Trust.

It tries to break down that claim and other possibilities to understand their likelihood and difficulty. This is a method to untangle claims to line them up and go down that list. If at any point a link in that chain is seen to be impossible, then the entire claim falls apart.

This is the reasoning that should be done with any discussion, especially something as important as the law. Make a bulleted list, go down it from start to finish. For each link, show another chain coming off of it. Any link from that parent-chain that branches must itself have one single unbroken chain.

This could be demonstrated physically, even graphically, but is straightforward to do in a top-down list (a post), a bulleted list for the main chain, bulleted lists for each link, and hyperlinks for any shared problems.

I don't know that I demonstrated this very well, but I'll give it a shot with a real-world claim.



Continue Reading

Comment

Who Am I - Kein System ist sicher - (2014 movie)

2016-03-07
, , , , , , , , , , , , , , , , , ,
Who Am I - Kein System ist sicher (2014) poster

Entertainment > Movies >

(on Wikipedia)
https://youtu.be/5vnjheCqRIs
http://www.imdb.com/title/tt3042408/

A young, broken, man, enters an underground community of computer crackers, trying desperately to prove himself but with consequences.

An extremely good movie. While not quite mandatory, it's definitely a proper advancement of the "hacker kid" movies that have sullied past movies. Highly recommended, even for people that "know their stuff", as it doesn't lay on the techno-babble which describes everything painfully wrong. Instead, it takes a reasonable middle ground, staying away from pop culture and fairly-firmly on the social side of storytelling.



Continue Reading

Comment