Status of SE Linux in Debian LCA 2009Status of SE Linux in Debian LCA 2009
This morning I gave a talk at the Security mini-conf of LCA about the status of SE Linux in Debian. Here is a summary of the issues I covered: General[...]
Category: Security
Security Lessons from a FerrySecurity Lessons from a Ferry
On Saturday I traveled from Victoria to Tasmania via the ferry (to attend LCA), they grossly failed in their security measures and provide three lessons for others: Make it possible[...]
Security Enhanced PostgreSQLSecurity Enhanced PostgreSQL
Today was the first day of Linux Conf Au 2009 [1]. KaiGai Kohei was unable to attend the conference and give a database mini-conf presentation about his work on Security[...]
Debian Multimedia and SE LinuxDebian Multimedia and SE Linux
I have just had a need to install packages from Debian-Multimedia.org to correctly play .3gp files from my mobile phone (the stock Mplayer in Debian would not play the sound).[...]
Per-process Namespaces – pam-namespacePer-process Namespaces – pam-namespace
Mike writes about his work in using namespaces on Linux [1]. In 2006 I presented a paper titled “Polyinstantiation of directories in an SE Linux system” about this at the[...]
SE Linux and Decrypted DataSE Linux and Decrypted Data
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone[...]
EC2 SecurityEC2 Security
One thing that concerns me about using any online service is the security. When that service is a virtual server running in another country the risks are greater than average.[...]
The Security Benefits of Being UnimportantThe Security Benefits of Being Unimportant
A recent news item is the “hacking” of the Yahoo mailbox used by Sarah Palin (the Republican VP candidate) [1]. It seems most likely that it was a simple social-engineering[...]
RPC and SE LinuxRPC and SE Linux
One ongoing problem with TCP networking is the combination of RPC services and port based services on the same host. If you have an RPC service that uses a port[...]
DKIM and Mailing ListsDKIM and Mailing Lists
Currently we have a problem with the Debian list server and Gmail. Gmail signs all mail that it sends with both DKIM and DomainKeys (DomainKeys has been obsoleted by DKIM[...]