Tag Archives: security

KeePassX: The Perfect Password App

October 16, 2011

Recently, I’ve been having some trouble with passwords. Either the login name is a string I never use, and therefore never commit to memory (like my real phone number that I mask with Google Voice), or the password policy forces me to use a password that I’ll never remember (like sites that keep track of your past passwords, or require 11 characters of alternating symbols, letters and numbers, etc.). Since I use spamgourmet, any site that requires an email address [...]

Implementing Mozilla’s Content Security Policy

June 30, 2009

I recently discovered this page, which describes Mozilla’s solution for prevention of XSS (Cross-Site Scripting) available as a Firefox Extension. Here’s the HTTP response from my site: hank@tardis:~$ wget -S http://www.ralree.com –2009-06-30 09:52:13– http://www.ralree.com/ Resolving www.ralree.com… 74.54.115.108 Connecting to www.ralree.com|74.54.115.108|:80… connected. HTTP request sent, awaiting response… HTTP/1.1 200 OK Date: Tue, 30 Jun 2009 13:49:54 GMT Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.1.3 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.8 X-Pingback: http://www.ralree.com/newblog/xmlrpc.php Last-Modified: Tue, 30 Jun 2009 13:49:21 GMT X-Content-Security-Policy: allow self; img-src [...]

Pitfalls with digital health records

April 8, 2009

The more I hear about digital national health records, the more I worry about them with regards to security. Various interpretations of the new legislation in the 2009 Stimulus bill could mean anything from implementing something like SAFEHealth, a decentralized system, to something like Google Health, which would centralize medical records. I expect that a decentralized system will not be what the government will choose. Proper usage of a decentralized system would be fine, but removes a lot of the [...]

RSA Made Easy

February 27, 2009

After obsessing over it today, I decided to write a quick primer on RSA Encryption you can do in your head. It’s pretty simple, and to the point. The numbers are very small. Try it out! I plan to write some code implementing the algorithm. That should be fun.

I’m the newest GSWoT GSI

July 19, 2007

I have joined the GSWoT. I am the newest Gossamer Spider Web of Trust Introducer! This is a great honor, and I’d like to thank Kara Denizi for giving me the chance to join. Above, I’ve posted the current state of the keyring. It also includes an outlier from my personal keyring. Props to sig2dot for creating that graph. Here’s the commands: wget -O gswot.keyring “http://biglumber.com/x/web?keyring=5802;download=1″ sudo apt-get install graphviz imagemagick wget http://www.chaosreigns.com/code/sig2dot/sig2dot.pl gpg –list-sigs –keyring ./gswot.keyring | perl sig2dot.pl [...]

HOWTO: Export and Import Private GPG Keys

March 7, 2007

I had a problem today. I wanted to encrypt something with my GPG Key. It was only on my laptop. Here’s what I did: gpg –export-secret-keys > gpgkeyfile gpg -c gpgkeyfile shred -u gpgkeyfile Then move gpgkeyfile.gpg to another computer. To import them again: gpg -d gpgkeyfile.gpg > gpgkeyfile gpg –import gpgkeyfile gpg: key 9140A8C7: secret key imported gpg: key 9140A8C7: *** 1 new signature gpg: key 5EF4A221: secret key imported gpg: key 5EF4A221: public key *** imported gpg: key [...]

WordPress is unsafe – pwned AGAIN!

March 3, 2007

Well, it’s official: WordPress is a joke!! Mephisto Wins!