Archive for the ‘Security’ Category

New PGP Key !

August 1st, 2009 No Comments »

Here’s my new PGP key, valid until August 1st, 2014. Yeah, I’m kind of sick of generating new ones yearly.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.9 (Darwin)

mQGiBEpzqR8RBADk2w/POIp9FYMdCUOcbRuP5fHEWGyxrAdb19KjTHoHH+L4fk2c
zy5IuvUhYZdC97mBr6S2Pg2bdXcxnSCtCIjeW78q6d6gmjoup0A5dvqNaK4xvWFo
m8LvBochSIl/LjMsyvL7Jbm4rwfKNJVm5aTe5ZcoT97QdI8IxAW10XaLuwCg53R8
F/Ty6yeY2pwxnE7HZGcggCsEAIUbFiGcapUJI1IraYqBQbtjXL8/sX5hqcIdJ3K8
k+LJclIswiR7YYvJPjtiHCe9pe/SnUrOCjN8eygjlQIgWpNYHcMbhobECBR4Q4MU
4CF20tndFmyZU5BkLeUzItn9WE4W4Ib/6Ny5dQYQ7cSipKV4HsOWNXM+onng6N82
/KvxA/9B+5L0e6y7paFbaWkuq9XvcP3UfW3HewAi3WlvChMQ5zWuDSfsgCfEmxIo
1zz9hai6lBcbZinD4pdcWtDI9lHztRoqiSmMMvcZr+TX76ykCERvF1uo++19uH2H
B3pXjTs4wdPZ2XyXfcDWJzl7IrciXLK3J91I+IfLrlYnqRZx3rRcR3VpbGxhdW1l
IFJvc3MgKFRoaXMga2V5IHdpbGwgYmUgdmFsaWQgdW50aWwgQXVndXN0IDFzdCwg
MjAxNC4pIDxndWlsbGF1bWVAYmluYXJ5ZmFjdG9yeS5jYT6IZgQTEQIAJgUCSnOp
HwIbIwUJCWdnoQYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJECFth7cSBE0ry3kA
oMt+O/tKLwELxFE6pct9Sl/bE17yAKCnJml9k4Gj8DyaBlYFnfMzRPkrWbkCDQRK
c6kfEAgAjuBEe96GS3/umwzbdxNBlnh0Fodshq30+aGcxyPOij5muUCeNkw2ieSF
xDefMjfjt2wLqhIms2cPPN0cH3Wg4ZvF1wI51UBfeIj1ivDk7K5EbMbyWsfADNP8
fqAMOpKlWKsSx3C03i0G6Dt+4QyqfT5b5k7SIaFdBRfAbqqdsJtPhn0Q/DbDWt2x
69AapRba7+xROB8I8O1jSH2kM7MiW4bpBIKmkKE4P5gBTk2aWPjhHLap9U4XKdQa
nS6ztLBDyMaH5a4xXKi5xCkWR77Qav9y8uXR8Rr9y7Yw0KTmy8WLRiCKtfNIMTTx
l5mH+vz8dkZhkxw6FstUBfjoVTXtSwADBQf+NLOh1U49bZnyNsRuzrfnoUehgnvk
SgAlWOQhJwEfV5Tv+ysT2+uoEXYrtJo95KPyNkyuzxqP62IFJCI00oHyk6nJZsGb
3Ge5xg8NRoPLfH4Q//wIcZ4sl3rlnZoU8LxmnpvitPAOdLwf5NZ47EIECIdUxt91
Nc7xTJGMhsZPIUmKaMomg/Sq3HS9Z+KQ1q/cp8zpHmV8Oq1EdQjNR/pzRCilz19g
oi8PaWiUkTzOm3bHrvcxf8ijY2RJsSzBdKCu3235Tc5ldXahmR+OPrEUEgiCjJxM
+xoxtkeD5AeOGYlqLD4pfSG/w+IkEaRLYRrV2o967L12eg7I3AZhMmDgOohPBBgR
AgAPBQJKc6kfAhsMBQkJZ2ehAAoJECFth7cSBE0rLQQAn0EzHFSISci9+FSf3psH
7ffGN/K7AJ93zwmaWzjTk0ZOgHXf7llzkZzRVA==
=9tWC
—–END PGP PUBLIC KEY BLOCK—–


Performance impact of clearing your swap file at shutdown

July 6th, 2009 No Comments »

For security reasons, it might be advisable to clear your swap file at shutdown.

It doesn’t provide great security, and you really should be using full drive encryption anways.

But in case anyone is wondering, for a 1.5gig swap file, this option (ClearPageFileAtShutdown) seems to add about 30 to 40 seconds of time to the shutdown procedure as it overwrites the file with zeroes.

Now turn it back off and install Truecrypt!


Interesting discussions about PIFTS.EXE

March 10th, 2009 No Comments »

** Update ** Official word from Symantec

 

My favorite quote from that paragraph is: “ Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users”.

Wow, I guess Norton’s too good, they don’t even need to sign patches. Then why do they ever sign them, if they can push unsigned ones?

Why was that patch hidden, and why did they delete true messages concerning PIFTS before the "spam” appeared?

 

 

PIFTS.exe is generating quite a buzz as nobody seems to really know what it does, and Symantec seems to be putting more effort at moderating posts than explaining what it does."

 

SANS page about PIFTS

Blog post by a guy who thinks that Slashdot is a web 2.0 social networking site for techies:

Digg discussion about that page

Anubis report (who knows if that was done using the real file though):

Slashdot Discussion

Washington Post "Voices"

 

Great screenshot from the Symantec boards, the thread should be gone in a few minutes..

 

image

 

And another one..

 

image

Possibly a great 4chan prank? Who knows, you’d think Symantec would release an official statement if that was the case..