Blog Tags: 
security
bitcoin
bitkey

The closest you can get to perfectly secure Bitcoin transactions (without doing them in your head)

Liraz Siri - Tue, 2014/07/22 - 20:27 - 29 comments

@pa2013 helpfully posted Alon's BitKey announcement from last week to the Bitcoin Reddit, which sparked an interesting discussion regarding whether or not you can safely trust BitKey to perform air-gapped transactions. I started responding there but my comment got so long I decided to turn it into a blog post.

Read more and discuss
Blog Tags: 
security
squeeze
legacy
lts

Enabling Debian 6.0 LTS Security Support

Liraz Siri - Mon, 2014/06/02 - 19:43

This announcement is for Debian 6.0 (AKA Squeeze / TurnKey 12) users who have not yet upgraded to Debian 7.0 (AKA Wheezy / TurnKey 13):

~# cat /etc/issue.net
Debian GNU/Linux 6.0

Support for security updates to Debian 6.0 officially ended on Saturday May 31 2014.

As you may have heard, for the first time Debian is experimenting with a five year Long Term Support (LTS) program that will extend support until Feb 2016:

Read more and discuss
Blog Tags: 
security
announcement

TurnKey 13 critical security issue (Heartbleed / CVE-2014-0160)

Alon Swartz - Wed, 2014/04/09 - 14:45 - 44 comments

Without action, your TurnKey 13 installations may remain vulnerable to the critical Heartbleed OpenSSL attack (DSA-2896-1 CVE-2014-0160). This is not a theoretical attack.

Read more and discuss
Blog Tags: 
news
security
ubuntu

Important security notice: Your TurnKey system may no longer be receiving automatic security updates

Liraz Siri - Thu, 2011/06/16 - 20:37 - 5 comments

I have some bad news and some good news. The bad news is that if your TurnKey installation is older than 2 weeks you may no longer be receiving security updates.

The good news is that you are reading this and there is a very easy fix. Either reboot your system, or log in and restart the cron service:

/etc/init.d/cron start

Until you start recron, security updates and other scheduler related services (e.g., daily backups) will not work.

Read more and discuss
Blog Tags: 
aws
security
ec2
cloud
hub
amazon

Secure, flexible and scalable Amazon EC2 instance preseeding

Alon Swartz - Mon, 2011/01/03 - 10:43

I'd like to introduce Joe. He is a good looking, experienced sys-admin and like all good sysadmins, he has more stuff to do than time to do it.

Joe wants to get up and running on Amazon EC2 with a Wordpress installation, and chooses to do so with a pre-configured appliance. These are the steps Joe performs:

Read more and discuss
Blog Tags: 
research
security
passphrase
appliances

Making TurnKey more turnkey - the end to default passwords

Alon Swartz - Mon, 2010/12/20 - 10:55 - 13 comments

In our quest to make the upcoming TurnKey 11.0 release more "turnkey", I set out to extend the firstboot inithooks to include application specific configuration hooks such as setting of the admin password, email and domain to serve (where applicable).

I'm glad to announce that the quest is now over, and that puts the end to default passwords.

Read more and discuss
Blog Tags: 
backup
security
passphrase
tklbam

Passphrase dictionary attack countermeasures in tklbam's keying mechanism

Liraz Siri - Mon, 2010/09/13 - 11:14

Background: how a backup key works

In TKLBAM the backup key is a secret encrypted with a passphrase which is uploaded to the Hub.  Decrypting the backup key yields the secret which is passed on to duplicity (and eventually to GnuPG) to be used as the symmetric key with which backup volumes are encrypted on backup and decrypted on restore.

Read more and discuss
Blog Tags: 
security
ssl

Self signed and trusted SSL certificates

Alon Swartz - Wed, 2010/04/07 - 13:25 - 23 comments

Important note: Please note that current appliances include support for getting free Let's Encrypt SSL certificates. Please see the Let's Encrypt docs within the new Confconsole doc pages for full details.

Read more and discuss
Blog Tags: 
ssh
admin
security
ssl

We don't need no stinking SSL

Liraz Siri - Mon, 2010/02/15 - 08:34

Why we disabled SSL and use an SSH tunnel for web site administration

Content managements systems like the one we're using for the web site (Drupal) need to provide a privileged administration interface which you usually want to access securely. Due to the insecure nature of the Internet, it's reasonable to assume your traffic may be intercepted at some point. So how do you prevent that?

Up until recently, we used SSL. You could access the web site from both:

Unfortunately, as the site grew in complexity this created a range of subtle but annoying paper-cut type problems.

Read more and discuss

Pages