Do randomized PIDs bring more security?
The issue I read an article in the french magazine MISC (no. 74 - July/August, 2014) publishing a flaw affecting stunnel and libssh. To make things short, this flaw relies on the fact that a hello...
View ArticleCan SELinux really confine the root user?
Several projects such as [this one][play_root] propose a free root access to a Linux box in order to demonstrate SELinux confinement abilities. Even given a root access on a box, SELinux still prevents...
View ArticleWhat is the difference between HTTP and HTTPS with a self-signed certificate?
Security difference First, let’s talk about SSL (now called TLS by the way), which adds the ‘S’ at the end of HTTPS and is in charge of “securing the communication“. The clue to answer this question is...
View ArticleHow to examine Android SELinux policy
Examining SELinux policy should be a trivial thing, but Android turns this into some kind of nightmare. In fact, Google has designed Android mainly from a consumer perspective, and not for power users....
View ArticleIsolate your services using jails and containers
Containers and jails allow you to make your system more secure, more reliable, more flexible and, at the end of the day, easier to manage. Once you get used to it, it become difficult to conceive to...
View ArticleSELinux System Administration & SELinux Cookbook (Sven Vermeulen)
Sven Vermeulen, the author of these two books, is deeply involved in the Gentoo community. Quoting his biography from the book introduction: In 2003, he joined the ranks of the Gentoo Linux project as...
View ArticleSELinux cheatsheet
This page is only designed as a memory-refresher. SElinux may be a complex thing to get right, if you are not familiar with it yet I highly encourage you to read Sven Vermeulen books. SELinux state To...
View ArticleHow to (more) safely use the Firefox password manager
Security professionals often recommend to use a dedicated password manager software, such as KeePass1, which allows to easily prevent password reuse while ensuring a safe storage of the passwords. Did...
View ArticleRSA key lengths, elliptic curve cryptography and quantum computing
Some tools, like PGP, are still stuck1 to legacy cryptography, mainly the RSA algorithm. For such tools, RSA-2048 is often described as strong enough for any foreseeable future, anything above being...
View Article