Archives

Categories

Xen for Training

I’m setting up a training environment based on Xen. The configuration will probably be of use to some people so I’m including it below the fold. Please let me know if you have any ideas for improvements.

The interface for the user has the following documentation:

sudo -u root xen-manage create centos|debian [permissive] Create an […]

November 7th, 2007 | Tags: , , | Category: Security, Virtualisation | Comments are closed

Squid and SE Linux

Is Squid not returning some data you need on a SE Linux system?

The default configuration of the SE Linux policy for Squid only allows it to connect to a small number of ports which are used for web servers. For example ports http (80) and https (443) are labelled as http_port_t which permits serves […]

November 6th, 2007 | Tags: , | Category: Security | 2 comments - (Comments are closed)

SecureCon 2007

I am running a tutorial and giving a talk about SE Linux at SecureCon 2007 [1].

The tutorial will go for 3 hours on Wednesday the 7th of November and will cover using SE Linux in CentOS 5 and Debian Etch, it will be a hands-on tutorial where every delegate gets ssh access to their […]

October 30th, 2007 | Tags: | Category: Security | 2 comments - (Comments are closed)

New SE Linux Play Machine Online

After over a year I have finally got a SE Linux Play Machine online again.

The details for logging in are at this link [1]. I’ve created T-shirt and mug designs with the login details too, they are on cafepress.com LINK [2]. For fun wear such a shirt to a conference (or even when shopping […]

October 29th, 2007 | Tags: | Category: Security | 2 comments - (Comments are closed)

Xen and Security

I have previously posted about the difference between using a chroot and using SE Linux [1].

Theo de Raadt claims that virtualisation does not provide security benefits [2] based on the idea that the Xen hypervisor may have security related bugs.

From my understanding of Xen a successful exploit of a Xen system with a […]

October 28th, 2007 | Tags: , , | Category: Security, Virtualisation | 3 comments - (Comments are closed)

0wned a DVD Player

Above is a picture of a DVD player I saw on sale in Dick Smith Electronics [1] (a chain store that used to sell mostly electronics hobbyist gear but now mostly sells consumer electronics gear). I asked one of the staff why it said “root”, tests revealed that the DVD caused any player to […]

October 26th, 2007 | Category: Security | 6 comments - (Comments are closed)

Banking with an Infected Computer

Bruce Schneier summarised a series of articles about banking security [1]. He mentioned the fact that banks don’t seem to care about small losses and would rather just deal with the problem (presumably by increasing their fees to account for losses).

There are some other interesting bits in the article, for example banks are planning […]

October 19th, 2007 | Category: Security | One comment - (Comments are closed)

My SE Linux Etch Repository

deb http://www.coker.com.au etch selinux

The above sources.list line has all the i386 packages needed for running SE Linux with strict policy on Etch as well as a couple of packages that are not strictly needed but which are really convenient (to solve the executable stack issue).

gpg --keyserver hkp://subkeys.pgp.net --recv-key F5C75256 gpg -a --export F5C75256 […]

October 19th, 2007 | Tags: , , | Category: Security | 3 comments - (Comments are closed)

Insider Threats and Small Storage Devices

Danny Angus writes about the potential threat posed by small storage devices with large capacity [1]. His post was prompted by a BBC article about Hitachi’s plans for new hard drives [2], they are aiming for 4TB of data on a single drive by 2011 and a 1TB laptop drive. One thing I noticed about […]

October 17th, 2007 | Category: Security | 12 comments - (Comments are closed)

AUUG 2007

Today was the final day of the AUUG 2007 conference [1].

Yesterday I gave a talk about SE Linux for about an hour (not sure exactly as I forgot to make an MP3). AUUG is well known for having conferences with very technical delegates and I wasn’t expecting an easy audience. At the start of […]

October 14th, 2007 | Tags: | Category: Security | Comments are closed
« Newer Entries  
  Older Entries »