Domain: deter.com
Stories and comments across the archive that link to deter.com.
Comments · 9
-
Re:Ubuntu
A program can't wait in the background and get root when someone types sudo.
-
Re:Indeed lack of imagination
4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux
Not really: http://www.deter.com/unix/software/xkey.c
-
Re:One-way data cable
Don't know about any of this HIPPA stuff, but Bellovin mentions snipping the TX line on a network cable (presumably ethernet) in his 1992 paper about attacks on att.com entitled, "There Be Dragons." You can find a PDF off of this page: http://www.deter.com/unix/. Top of page 6. Presumably ethernet would get you a little more bandwidth than serial.
I also remember reading about some NSA (or similar) machine that someone had to feed data to. It did reply when data was sent, but the only reply it ever gave was some sort of OK packet. Maybe someone else has more details.
If I had to do some legally mandated logging, I would definitely use something certified for the job. But for just hacking around, there are some interesting ideas out there.
-
Re:Question & answer in a SHELL
-
Re:IdeasThat's a reasonable idea, but if this is for an important password, you'd probably want to make it a bit stronger (mix case, bung in some non-alphanumeric characters, that kind of thing). It's not necessarily a good idea to have a well-known way of generating your password; if it's mentioned a few times in public places (eg
/.), cracking tools may well get extra features to cope with it. I wouldn't be surprised if some tools guessed things like "2bon2b" along with dictionary words.There are some interesting links at Matt's Unix Security Page, particularly a paper by Daniel Klein on how password crackers could work, though it's bit dated now.
-
Re:IdeasThat's a reasonable idea, but if this is for an important password, you'd probably want to make it a bit stronger (mix case, bung in some non-alphanumeric characters, that kind of thing). It's not necessarily a good idea to have a well-known way of generating your password; if it's mentioned a few times in public places (eg
/.), cracking tools may well get extra features to cope with it. I wouldn't be surprised if some tools guessed things like "2bon2b" along with dictionary words.There are some interesting links at Matt's Unix Security Page, particularly a paper by Daniel Klein on how password crackers could work, though it's bit dated now.
-
On the discussion of locks
I hope this isn't redundant. I don't know how many people have seen this exerpt from long ago.
-
Re:UK's E-mail Scan Is AvoidableThat said, perhaps this should get people to chill out a little bit about carnivore, given that it at least opperates under warrent.
This is not at all "given", in view of the FBI's disgraceful record and its refusal to disclose what's actually inside the little black boxes. With the security-through-obscurity baloney they offer as an excuse for the latter, I can only assume that they're trying to pull another fast shuffle.
/. -
This comes up all the time
IMO, this should be the standard response.