If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
Linux
low footprint/hardware assisted virtualization with Linux and GrSec
Sun, 05/30/2010 - 02:21 | wishi
In short
I used
- a 2.6.32.12 Linux Kernel (newly introduced: Kernel Samepage Merging can lower a virtualization solution's memory consumption)
- patched it with the Linux-VServer grsec patch
- applied the standard Ubuntu 10.4 Lucid Server configuration
- applied grsec "High" preference and customized it (details are in the Kernel config section)
- optimized it for KVM, VMware (software binary translation gets switched on by internal heuristics - chpax is still necessary if you want that feature and that is intended that way), and of course Vserver (just works). KVM Qemu works due KVM works.
wishi's blog | 
Add new comment | 1+[encrypted]+#b94+ | 
Tags: Configuration, Linux, Security Tools, Setup
Postfix troubleshooting - a security nightmare
Sat, 05/29/2010 - 21:31 | wishi
Why to hate typical Unix mailserver setups
I hate that stuff - and it's not that Postfix in particular sucks. But integrating with Postfix is absurd. Surely it works, and as long as it works nobody changes that stuff on how it's designed.
Even deploying an SSL/TLS setup is challenging. But no, you also need to install proper authentication. Locally, Postfix (for unknown reasons) is chrooted. People think that this is a security feature.
A practically secure mail setup - counter spammers with Linux mail-servers
Wed, 02/24/2010 - 23:03 | wishi
Who needs this?
Yay, free mails in a sustaining setup!
This is a tutorial on how to practically setup a relatively secure mail-server.
It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.
The reference system this setup works with is a Debian GNU Linux with:
- Maildrop - instead of Procmail for more flexible filter rulesets
- Postfix and Postfix-pcre ~ 2.7
wishi's blog | Add new comment | 1+[encrypted]+#b94+ | Tags: Configuration, Debian, Internet Protocols , Linux, pwnage, Security Tools, Unix
Building a cheap home-hacking lab
Sat, 11/21/2009 - 17:27 | wishi
wishi's Fuzz-Box
A Fuzz-Box for me is a standalone machine. It has to:
- host multiple virtual machines at once (max 2 in my case)
- effectively manage ~4 GB RAM
- be Linux compatible with, stable clean device drivers
- energy efficient and ergonomically able to run 24h/day 7d/week...
Scaling Hardware?
You don't want a performance monster. - Or a gaming machine. And you do not want trash, because you're going to spend valuable time with it.
Best of securitytube for RE and security
Sun, 09/13/2009 - 14:22 | wishi
A collection of tutorials, videos and fun
I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:
Programming
Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.
Stack is protected: so we don't need secure coding?
Fri, 09/11/2009 - 18:36 | wishi
Do anti-exploitation strategies displace secure programming?
Rumors say you were able to change the color from blue to red.
Get grsecurity for Debian now
Tue, 05/26/2009 - 23:19 | wishi
Setting up the server
If you do this, you want three things:
- a clean and secure setup, that ensures your availability - even if you're working on a remote-server
- easy steps
- drinking a coke or a coffee during this setup. No beer. Because kernel-upgrades and beer don't work together
Okay, what's grsecurity and why do I need it
Easily said: it's doing everything to prevent successful exploitation, like we recently saw happening on Linux through SCTP, ptrace or UDEV.
