block zero

Tunneling socks via http/s

Posted on 2017-03-31 by Robert Franz

Nowadays many govermental authorities or network administrators think that blocking all the network traffic for security reasons is a good idea. One common approach is to block everything, but allow some traffic that is whitelisted. Thus it is not possible to do all the interesting stuff that the firewall prevents to do. But by blocking http or https no webserver would be available any more. So normally these ports are open and thus this is the way to go. Continue reading →

How to debug encrypted HTTP traffic

Posted on 2016-05-20 by Robert Franz

When developing software, sometime it’s necessary to sniff the traffic that is transmitted between two computer systems. For that purpose tools like wireshark or tcpdump may be useful. Wireshark is a great tool, but when handling encrypted connections it is not possible to decrypt the traffic without having the key used for encryption. When sniffing http traffic the private key of the certificate is required to decrypt the information. But when talking to a foreign server, without having its private key another approach is necessary. Continue reading →

Feeding /dev/random with random data

Posted on 2015-08-24 by Robert Franz

When doing cryptographic operations on a system generating random numbers is required. But accessing /dev/random might be slow in case there is not enough random input. Let’s have a look how to provide some additional random data to improve the speed of random number generation. Continue reading →

Disable root login via ssh

Posted on 2015-03-12 by Robert Franz

As default in many Linux distributions root login via ssh is possible. But depending on your risk awareness this might be a bad idea. E.g. normally you should not work as root, but have a special user that adminsters the system. So why allowing to login as root via ssh? For that reason it’s a good idea to deactivate the possibility to login as root. Continue reading →

Generating secure passwords

Posted on 2014-09-22 by Robert Franz

Normally for each device, service and software there should be used a unique password. As this isn’t an easy tasks, many people use a default password for a number of services and devices. But using Linux there is a small smart tool that generates passwords easily. This tool is called apg. Furthermore storing all the passwords in a safe enhances comfort and security dramatically.
Continue reading →