Logjam: How Diffie-Hellman Fails in Practice

We have published a technical report, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also published several proof of concept demos and a Guide to Deploying Diffie-Hellman for TLS.

Source: Logjam: How Diffie-Hellman Fails in Practice

What should I do?

If you run a server…

If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.

Graphics from the command line

This article shows how to perform image manipulation using command-line tools. I do this job quite often, since I’ve picked up a some digital cameras and now manage a library of several thousand happy snaps. For Web developers and administrators who frequently have to batch-process large numbers of images, command line tools are an especially attractive option, because the developer can incorporate them into scripts. But even if you only want to perform a manipulation once or twice, a command-line alternative can save time.

The command line tools discussed in this article are part of the excellent ImageMagick suite, which ships with Red Hat Linux and is freely available online (see Resources). ImageMagick can also be accessed via C, C++, Perl, Python, Java, and several other languages, which Linux programmers will appreciate.

via Graphics from the command line.

how to calculate packet loss from a binary TCPDUMP file

You can measure packet retransmits from the client to the server by counting the number of duplicate sequence numbers.

Packet retransmits from the server to the client can be measured by counting duplicate Ack numbers.

Note that a retransmit is triggered by more than just total loss (= timeout); if the remote machine rejects the packet, or the packet is corrupted, the local machine must also retransmit.

via networking – how to calculate packet loss from a binary TCPDUMP file – Server Fault.

I needed a way to measure this on a wifi network where packet loss can be very high and bursty.  This answer seems relatively simple to implement — just store off  ACK sequence numbers into an array of limited size and count how many times every new ACK matches in that array.  By monitoring this count I can determine where and when certain areas are getting bad and perhaps alert or alarm based upon a certain threshold.

How To Create a Pure CSS Dropdown Menu

With the help of some advanced selectors a dropdown menu can be easily created with CSS. Throw in some fancy CSS3 properties and you can create a design that was once only achievable with background images and Javascript. Follow this tutorial to see the step by step process of building your own pure CSS dropdown menu.

via How To Create a Pure CSS Dropdown Menu.

Also here:  Another Simple CSS3 Dropdown Menu

The beginners guide to breaking website security with nothing more than a Pineapple

What you’re looking at in the image above is a little device about the size of a cigarette packet running a piece of firmware known as “Jasager” (which over in Germany means “The Yes Man”) based on OpenWrt (think of it as Linux for embedded devices). Selling for only $100, it packs Wi-Fi capabilities, a USB jack, a couple of RJ45 Ethernet connectors and implements a kernal mode wireless feature known as “Karma”.

via Troy Hunt: The beginners guide to breaking website security with nothing more than a Pineapple.

But why on earth would a victim connect to the Pineapple in the first place?! Well firstly, we’ve become alarmingly accustomed to connecting to random wireless access points whilst we’re out and about. When the average person is at the airport waiting for a flight and sees an SSID named “Free Airport Wi-Fi”, what are they going to do? Assume it’s an attacker’s honeypot and stay away from it or believe that it’s free airport Wi-Fi and dive right in? Exactly.

How to return to the moon in just four years

In a four-launch scenario, the lander would precede the crew to the moon. The first two launches would be a moon injection stage followed by a lunar lander. These two vehicles would rendezvous in Earth’s orbit before the moon injection stage would send the lander ahead to the moon. The next two Falcon launches would carry a second moon injection stage and then the crew in their capsule/service module. After a similar boost in a moon-injection stage, they would meet up with the lander in lunar orbit.

The rest of the mission would be like the Apollo mission — Americans on the moon, once again taking giant leaps for mankind.

via How to return to the moon in just four years | Fox News.

How to set up your own private instant messaging server

The video below will walk through the process of setting up and installing Prosody, a lightweight Lua-based instant messaging server application. We’ll be using Ubuntu 12.04 for our server, though Prosody is a cross-platform application and will run on Windows, OS X, and a number of different Linuxes. Strap in, grab your server, and let’s roll!

via How to set up your own private instant messaging server | Ars Technica.

Setting up a man-in-the-middle device with Raspberry Pi, Part 1

The regular install on a Raspberry Pi is NOOBS (new out-of-box software) and contains several pre-packaged operating systems. However for the purpose of our MITM device we’ll be using a different Linux distro for our Pi: PwnPi. PwnPi is a distribution of the Raspbian OS that contains many pre-installed packages for security and penetration testing which is naturally right up our alley. So, go ahead and download PwnPi. Once it’s downloaded we’ll need to load it onto our SD card. First, format your SD card using the SD card formatter from the SD association. If the “size” value shown in the formatter is less than the size of your card, be sure to choose “format size adjustment” in the card.

via Setting up a man-in-the-middle device with Raspberry Pi, Part 1 | jeffq, published.

How to Turn An Old Android Phone into a Networked Security Camera

If the idea of a networked security camera that you can remotely view and receive alerts from appeals to you but the $$$ of a commercial model does not, read on as we show you how to turn older generation Android phones into sophisticated security cameras.

via How to Turn An Old Android Phone into a Networked Security Camera.