Security

RC3

Security

some cool Movies/Audios from “Remote Chaos Experience” RC3

RC3 Video, ordered by ViewCount

Amateurfunk hacken

Spot the Surveillance

DevOps Disasters 3.1

Elektrogruselkabinet Indien-Edition

36C3 - Boeing 737MAX: Automated Crashes

36C3 - BahnMining - Pünktlichkeit ist eine Zier

36C3 - Finfisher verklagen

36C3 - Hirne Hacken

35C3 - Du kannst alles hacken – du darfst dich nur nicht erwischen lassen

35C3 - Hackerethik - eine Einführung

Any Comments ?

sha256: ec267b020ffdde11711eff23057df1a9b74a0fed1c262c0ab9dd28b5c08d512e

Bug in OpenSSH / Config Checker

Security

stumpled upon a bug in openssh … did a small config change in sshd_config, deployed it with ansible … and lost connectifity to all these boxes immediately … and of course, i did a config check before reloading the sshd daemon, and the config check was fine.

i can’t belife that nobody else found this before, as it’s really simple to reproduce. and it’s working with openbsd, debian, centos and mostly on all system which have opensshd implemented (and that’s a lot of …)

Nginx with Client Certificate

OpenBSD, Security

NGINX with Client Certificates

root@debian:/etc/nginx/sites-available#
server {
  listen 80;
  listen [::]:80;

  server_name host198.planet;
  root /var/www/host198.planet;

  access_log /var/log/nginx/host198.planet;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name host198.planet;
  root /var/www/host198.planet;

  ssl_certificate /etc/ssl/private/fullchain.crt;
  ssl_certificate_key /etc/ssl/private/host198.planet.key;

  ssl_protocols TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;

  ssl_client_certificate /etc/ssl/private/ca.crt;
  ssl_verify_client optional;

  access_log /var/log/nginx/host198.planet;
  index index.html;

  #location / {
  #        try_files $uri $uri/ =404;
  #}
  location / {
    # if the client-side certificate failed to authenticate, show a 403
    # message to the client
    if ($ssl_client_verify != SUCCESS) {
      return 403;
    }
  }
}
Any Comments ?

sha256: dbf64919ee3864f77b78f71f2b4b70d6794d96dd3dbbe1ae9ce3442cda571c26

Ed25519

Security

like ssh and secure keys ?

Generate Secure Key

ssh-keygen -o -a 100 -t ed25519 -C "MyFamousComment"
ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname)"
ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname) at $(date \"+%Y-%m-%d\")"
ssh-keygen -o -a 100 -t ed25519 -C "$(whoami)@$(hostname) at $(date \"+%Y-%m-%d %H:%M\")"

What’s ed25519 ?

Wikipedia about Curve25519

2^{{255}}-19

Distribute Key

ssh-copy-id user@remotehost

Connect to Remote

Connect to Remove without Agent Forwarding (use this unless you know what you’re dooing …)

ssh -a remotehost

Connect with Agent Forwarding

or if you need Agent Forwarding