When discussing the machine there are two common comments I get. One is a suggestion that I am putting myself at risk, I think that the risk of visiting random web sites is significantly greater. Another is a challenge to put the machine on my internal network if I really trust SE Linux, as noted I have made mistakes in the past and there have been Linux kernel bugs – but apart from that it’s always best to have multiple layers of protection. […]
|
||||||
|
My Etch back-port repository of SE Linux related packages (which I documented in a previous post) now has a complete set of packages for AMD64. From now on I aim to make AMD64 and i386 be my main supported platforms for SE Linux development. […] At the moment I’ve got more time to work on these things than I have had for a while. I’ve got Etch support going quite well (see my post about my Etch repository [1]), the next step is to back-port some packages for AMD64 to get it working as well as i386. I’ve got an […] In 1996 Peter Gutmann wrote a paper titled “Secure Deletion of Data from Magnetic and Solid-State Memory” [1]. In that paper he mentions the fact that the contents of RAM last longer at lower temperatures and suggests that data could be retained for weeks at a temperature of -60C or lower (while 140C causes rapid […] Matt Bottrell writes about the Oracle Linux offerings presented at LCA 2008 [1] The one thing that Oracle does which I really object to is the “unbreakable” part of their advertising. They have pictures of penguins in armour and the only reasonable assumption is that their system is more secure in some way. As far […] Using the “ulimit” controls over process resource use it is possible to limit RAM for processes and to limit the number of processes per UID. The problem is that this often is only good for accidental problems not dealing with malicious acts. For a multi-user machine each user needs to be allowed to have two […] On the 20th of January (8 days before the start of linux.conf.au) I advertised contest to write blog posts related to computer security for the conference Planet [1]. The aim of the contest was to encourage (by money prizes) people who had no prior experience in computer security to get involved by writing blog posts. […] It seems that my blogging contest idea is a failure. Could the interested people please meet me near the LCA registration desk at the start of the lunch breakh today for a post-mortem. Any last-minute entries can be submitted by telling me the URL then. Related posts: LCA 2008 Security Blogging Contest I have decided to run a contest for security related… |
||||||