By Unknown Lamer from Slashdot's why-all-the-hate department
writes with this bit from IT World: "In an effort to foil crackers' attempts to cover their tracks by altering text-based syslogs, and improve the syslog process as a whole, developers Lennart Poettering and Kay Sievers are proposing a new tool called The Journal. Using key/value pairs in a binary format, The Journal is already stirring up a lot of objections."
Log entries are "cryptographically hashed along with the hash of the previous entry in the file" resulting in a verifiable chain of entries. This is being done as an extension to systemd
). The design doesn't just make logging more secure, but introduces a number of overdue improvements
to the logging process. It's even compatible with the standard syslog interface
allowing it to either coexist with or replace the usual syslog daemon with minimal disruption.Read Replies (0)
By timothy from Slashdot's pre-thanksgiving-treat department
As a security researcher, Moxie Marlinspike
has played a big role in explaining what can go wrong in using Certificate Authorities
to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates
. On that front, he's lately come up with a system designed to circumvent CAs entirely
, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system.
Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall
, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized
on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post
.Read Replies (0)