tech

how many factors, anyway?

 crypto, risk, security, tech  Comments Off on how many factors, anyway?
Feb 242017
 
how many factors, anyway?

I’ve been using Google’s 2 factor authentication for awhile now, it’s simple to use and seems effective (and is probalby the most commonly used 2F on earth.) But how many factors is it, really? But perhaps I could try to distill this even a bit more, and go radical… is the 2nd factor really necessary or just a productivity hit/distraction? Once per month or so it dutifully asks me […]

trivial command line…..

 ipmi, tech  Comments Off on trivial command line…..
Sep 112016
 

Was just noticing the shell option in ipmitool.. wondered if you could echo a set of commands to it via stdin, and sure enough… the final bit is sending it a ctrl^D via \003 and echo -e. This sends a chassis power status as well as a sol, channel, and mc info to BMC – $ echo -e "chassis power status\nsol info\nchannel info 0\nmc info\n\004" | ipmitool -I lanplus […]

 Permalink  crypto, security, tech, web  Comments Off on
Feb 052016
 

The free certs from https://letsencrypt.org/ do indeed work as described. I wanted to check them out for some public facing services I wanted to run. To get the certificate you run a program on a host that DNS resolves to the cert you want to get – so if “foo.example.com” resolves to 10.6.6.6, you need to install the cert generation program on 10.6.6.6, and have either 80 or 443 free (I […]

really, really, really nuke iptables

 code, security, tech  Comments Off on really, really, really nuke iptables
Feb 092015
 
really, really, really nuke iptables

I think this is the way to really clear out all the stuff in iptables, the arcane packet filtering thing for Linux. At least… I think. My take on it, at least. For somewhat modern Linuxes at the time of this writing, IPv4 only. Basic method: loop over all the types of tables, flushing… then loop over all the builtin tables for the various types, reset the policies… then […]

<3 Policy

 art, audit, dinosaur, philosophy, security, tech, work  Comments Off on <3 Policy
Dec 082014
 
<3 Policy

Security Policies Let us praise, slay, and bury security policies together. A security policy is perhaps the best way to deal with the security monster. It concerns itself with business and organizational issues, and is designed to assist the organization succeed in spite of human nature. I sometimes not-so-glibly say that a security policy is simply an expression of your desire. What do you want to see within your organization […]

© 2012 trouble Suffusion theme by Sayontan Sinha