Information Security Help!!!

Protecting your Linux box

Postby lambda » Sat Nov 17, 2007 12:37 pm

use pgp instead of ssh passwords? ha ha! there's no end to the depths of your ignorance. i pity the people who have to rely on you at work.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby lambda » Sat Nov 17, 2007 12:45 pm

securitykid wrote:I like your signature
the linked article is worth reading.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby Saad Khan » Sat Nov 17, 2007 6:51 pm

x2oxen wrote:Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.

we should not use passwords for ssh?? that means, ssh is not secured?
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit. :)
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.
Saad Khan
Company Havaldaar Major
 
Posts: 155
Joined: Sun Jun 11, 2006 6:19 pm
Location: Karachi

Postby x2oxen » Sat Nov 17, 2007 6:51 pm

lambda wrote:use pgp instead of ssh passwords? ha ha! there's no end to the depths of your ignorance. i pity the people who have to rely on you at work.


Your any further post ain't gonna make any different to me cause don't pay attention to edicts word's and you are high at your knowledge for sure!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby x2oxen » Sat Nov 17, 2007 7:25 pm

Saad Khan wrote:
x2oxen wrote:Thanks for your comprehensive reply guys. But all forgot to mention a really major point that is we should not use passwords for ssh logins cause any smart middle man can detect it and can harm us. We should always go for PGP and Public-Key Cryptography that will make our systems far away secure than using plain passwords.

we should not use passwords for ssh?? that means, ssh is not secured?
this post really instigating me to know about that person? who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit. :)
correct me, if i am wrong, i would like to increase my skills with your precious replies and suggestions.



Have you ever heard about key logger saad??

In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby securitykid » Sat Nov 17, 2007 7:40 pm

Guys,

Its ok,

I understand what you were saying, actually SSH works with somewhat same mechanism that you were referring to. Correct!, Public Key cryptography and SSL, etc will protect the data theft/temper on wire/transmission. (Man-in-Middle), (Monkey-in-Middle).

Read this to know more about how ssh works:

http://www.eng.cam.ac.uk/help/jpmg/ssh/ssh-detail.html

BUT what if a stealth key logger is tracking your keys?,

there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.

I hope this helps you...

I strongly discourage " Behas brai Behas " if this argues are constructive they are welcome to post.

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby securitykid » Sat Nov 17, 2007 7:42 pm

Hey Guys,

Any one look at the URL that I post in my earlier post?



http://www.masterofit.net/index.php?filter=deck&cid=1

Any comments?

Thanks
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby x2oxen » Sun Nov 18, 2007 12:03 am

Muhammad Islam decleared as Master of IT and this is incredible that a pakistani has made his mark in Internation Ranking! Thats simply austum
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby x2oxen » Sun Nov 18, 2007 12:05 am

BUT what if a stealth key logger is tracking your keys?,

there is a way to even protect it, Any one interested? let me know I will describe how to combat with key loggers which cannot be fixed/clean/detected by traditional AVs.


Definitely I will be interested for sure to know bout it.
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby securitykid » Sun Nov 18, 2007 12:21 am

Guys,

Send me the private message I will reply the solution

Thanks
SecurityKID-ITdotCOM

Security Every Where! BUT where? :)
securitykid
Naik
 
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Postby x2oxen » Sun Nov 18, 2007 2:33 am

is it necessary to discuss this in private messeges?
Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

Postby masud » Sun Nov 18, 2007 2:36 am

x2oxen wrote:Have you ever heard about key logger saad??

In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.


If any one can install a key logger on your system, he can easily copy/use your keys as well. Using keys are just an option and wont help you in securing anything.
--SP--
masud
Havaldaar
 
Posts: 108
Joined: Thu Aug 05, 2004 12:15 am
Website: http://fedoraproject.org/wiki/MasoodMehmood
WLM: silentplayer@internet-criminals.com
Yahoo Messenger: xlx_silentplayer_xlx
Location: Fremont, CA

Postby kbukhari » Sun Nov 18, 2007 2:45 am

x2oxen wrote:Have you ever heard about key logger saad??

In some cases we need to let others access our servers as well for some certain passwords and we do not want to disclose our passwords to them. PGP & Public key encryptography is the best option and uncrackable until now.


your answer is Not to much useful. i never use pgp keys authentication for security or escape from key loggers. well reasone behind usage of ssh keys for me is .....

I dont want to change servers password every time when a person leaves my orgnization.
I dont want to remember all unique and strong type of password.
I dont want to keep them in a file or open that file while some one reading it from my shoulder.

and it requires no time to log me in on server :D
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby lambda » Sun Nov 18, 2007 1:36 pm

Saad Khan wrote:who suggested you to use PGP, instead of ssh usage. or may be i didn't know that, there are some sniffers exist, that sniff your encrypted ssh logins, i would like to have such programs in my toolkit. :)
ignore him. really. there's no reason to set up and use pgp for ssh authentication. just use the ssh-keygen generated keys, like everyone else. the tools and processes for using pgp keys with ssh are not as mature as ssh-keygen's.

if you want more details, read the post i made several months ago in the howto subforum.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby lambda » Sun Nov 18, 2007 1:39 pm

x2oxen wrote:Your any further post ain't gonna make any different to me cause don't pay attention to edicts word's and you are high at your knowledge for sure!
i wish i could be certain about what this means. it's as confusing as most of your advice, if not as flawed.

that's okay with me, you know? you can keep ignoring my comments about how dumb your suggestions are.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 0 guests

cron