Linux / Unix Security

The latest in-depth reviews, guides, news, howtos and other information on IT security, Linux, open source, firewalls, networks, privacy, encryption, cryptography, attacks, vulnerabilities, and much more ( rss feed ).

It is important to store the passwords of user accounts in a secure fashion. There have been many high profile incidents where a security breach resulted in hackers obtaining database dumps of user passwords. The 2012 LinkedIn hack and the recent Adobe hack are two out of many similar cases. Due to the fact that the passwords were stored in an inappropriate fashion, the hackers (read as crackers) were able to recover the passwords of many user accounts and publish them on the Internet, resulting in an embarrassing PR fiasco for the companies.

{ 0 comments }

Kali Linux is the successor of the BackTrack Penetration Testing Linux distribution has been released. From the official project page:

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.

{ 10 comments }

Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users.

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

{ 13 comments }

Dear nixCraft,

I carry my Linux powered laptop just about everywhere. How do I protect my private data stored on partition or removable storage media against bare-metal attacks where anyone can get their hands on my laptop or usb pen drive while traveling?

Sincerely,

Worried about my data.

{ 27 comments }

Using the same password on different servers allows attackers to access your accounts if cracker manage to steal your password from a less secure server. This is true for online website accounts too. So solution is to create unique passwords for server accounts like your email, sftp and ssh accounts. General guideline to create a strong and unique password is as follows:

{ 2 comments }