Here is a quick’n dirty and maybe incomplete guide on howto turn a CentOS PC into an internet router. I mainly focused on network/firewall setup. Continue reading “CentOS as DSL-Router/Firewall HowTo”
Category: security
STARTLS and courier mail server
I finally managed to use STARTTLS together with the Courier Mail Server. SSL connections (imapd-ssl and esmptd-ssl) already worked with the generated certificate. But although SSL worked trouble free and TLS options had nearly the same settings I could not get STARTTLS to work.
The overall reason was that the certificate file was owned 600 by root. With SSL this is not a big problem as the daemon which listens on port 465 and 993 does all the crypto handshake itself and runs under root. But with STARTTLS the connection is already forwarded to a non-privileged process before TLS starts its handshake (in fact it is initiated by the client over a cleartext connection).
So the solution was quite easy: Just give the certificate file the same owner the non-privileged courier processes run under – user “daemon” in case of CentOS 4/5.
Update: Yes, the solution appears to be quite obvious. But in fact courier doesn’t give any usefull information about the missing permissions. Instead it is handled as there would no no certificate file at all and SSL is disabled silently.
Show-Effekt für “echte” Hacker
So kann man unbedarfte Windows-Anwender mit seinen Hacker-Kenntnisse beeindrucken:
$ cat /dev/urandom | hexdump -C
Gefunden im Blueblog.
Windows 2000/XP auf einem Notebook mit Domänenanbindung
Standardmäßig speichert Windows 2000/XP die 10 zuletzt benutzten Passwörter von Domänenbenutzern (bzw. die Hashes davon) auf dem lokalen Rechner.
Ist ein Notebook Mitglied in einer Windows-Server-Domäne und soll von unterschiedlichen Personen auch offline verwendet werden können, bietet es sich an, den Passwort-Cache zu erhöhen. Continue reading “Windows 2000/XP auf einem Notebook mit Domänenanbindung”
ssh key fingerprints on your palmpilot
When you work on different computers with ssh you have the problem that on every first time connect ssh asks you to accept the fingerprint of the server. Most people just type “yes”, because they can’t memorize the fingerprints. But if you care about security (which you should do when using ssh …) this is not really an option. One possible solution is to carry with you all the fingerprints you have in your palmpilot. Continue reading “ssh key fingerprints on your palmpilot”