Oscillating Interest

Two years ago, I wrote a post specifically about passwords. However, these days there are a few more things that one should be doing to protect themselves so I will be going over a few digital security topics in this post. Wait! Don't be scared, I know security can sound hard but it doesn't have to be. I'd like this guide to be easy to follow so even someone without an interest in security can quickly start being secure online. Passwords I've covered this before but I'll summarize the post here. Password Setup Steps: Create two very strong, but easy to remember passwords for you password manager and email. You can do this by: Rolling some dice to create a Diceware Passphrase Easy creation site (use 6 words minimum!) and EFF's explanation on how/why   Use the Schneier Scheme Write down these passwords and put them in a safe place. This may sound odd, but even Bruce Shneier has said: If you can't remember your passwords, write them down a...

Image from here . Screen shot from film The Matrix Reloaded If you are like myself, and ssh into multiple remote machines, or even simply use Github over ssh this is for you. The Problem SSH has a lot of settings you can use, but when you're a relatively new developer you're not going to go mucking around in a config file you don't need to when there's work to be done! There are also security concerns with some settings, and issues if you have a lot of ssh keys. Also typing long username@domain strings can be annoying. The Solution The Keymaker   o——m , a small script (fewer than 250 lines) to help create ssh keys for remote machines. What does it do? First it helps you create a config file. If one exists already it will rename it with the suffix ".BACKUP". By default all ssh connections will show a randomart image ( VisualHostKey yes ) based on the public key provided by the host. This randomart image can be used to visually identify t...

Image by: geralt License: CC0 Update October 29, 2019 - I tweeted a link to this and realized it was time for an update. I have switched over to iOS from Android and continue to use 1Password, it works even better on iOS. Fixed tenses/removed irrelevant/old paragraphs, and added notes about lack of sponsorship. Update January 18, 2019 - 1Password uses a monthly pricing model primarily now. I've started using 1Password instead of Keepass due to family sharing, their Watchtower service (powered by haveibeenpwned.com), and the amazing ease of use on all platforms. Update March 18, 2017 - LastPass has changed their business model and the mobile app does not require a subscription. I have also become aware of the Diceware passphrase generation technique. This post has been updated to reflect that. Preamble You can skip this section if you just want to get to the advice. NOTE: I realized I should point out to anyone reading this that I do not run ads on my site, nor a...

The Heartbleed bug is the trending topic online this week and I hope to consolidate some resources and explain what the issue is. The end of this post contains many links that will also help explain the situation. What is it?  It is a security vulnerability that has existed in the OpenSSL software library for two years. Heartbleed allows an attacker to read data that would otherwise be considered protected. This includes things like passwords, emails, and private keys. Unfortunately this act of reading data is undetectable, so we must assume that all passwords have been stolen and an attacker has copied all the private keys. For those unfamiliar with public-key cryptography, a private key is what identifies someone online, allowing them to read encrypted messages sent to them. This can also allows someone to pretend they are Facebook and perform other such attacks.  OpenSSL is used by the most popular web server on the internet, Apache  (approximately 66%...

UPDATE : Please read my update on password security , as this post is no longer good advice but will be left up for archival purposes. Inspired by the xkcd comic Password Strength , I decided to write a python script that will create a password encryption scheme. from xkcd.com The problem I have with idea of choosing four random words is the fact that you still want a different set for each website (in case of attacks). My solution was to create a list with a word associated with each letter from A to Z. The python script takes input from the given word list (aka dictionary) and randomly selects words for each letter and then spits out into a text file. It's quite easy to change the dictionary file just edit the line  filename = "crossword_wordlist.txt" to the file name you want. However the file must contains words that start with each letter (they do not have to be in order though). The seed for the random number generator is based on the current ...