Profile cover photo
Profile photo
Danny Fullerton
81 followers -
One day, someone told me I was a delinquent with jugement.
One day, someone told me I was a delinquent with jugement.

81 followers
About
Communities and Collections
View all
Posts

Post has attachment
We were tired of crappy and insecure router. The APU2 is a beast. https://github.com/northox/openbsd-apu2  #DIY #OpenBSD #router
Add a comment...

Post has attachment
Saturday fun. I finally bought an Objective 2. Not that I need it but mostly because it's an icon, a symbol, a piece of collection for the Open Source world and a severe blow at the #Audiophile community. Thanks http://NwAvGuy.com #amplifier #headphone #music
Add a comment...

Post has attachment
New post: Enhancing QubesOS with Rumprun unikernels. https://danny.mantor.org/qubes-rumprun/ #qubesos #security #unikernel #rumprun
Add a comment...

Post has attachment

Post has attachment
Add a comment...

Post has attachment
Little #RaspberryPi box for Stratum1 NTP via GPS (userland PPS included) and 1080p HD time laps. It's waterproof and has temperature/humidity sensors along with an heat pad to keep everything running smoothly with the worst Canadian temperature.

northox@overkill~$ ntptrace 
localhost: stratum 1, offset -0.000172, synch distance 0.000000, refid 'UPPS'
northox@overkill~$ ntpq -p
remote   refid  st t when poll reach   delay   offset  jitter
=============================================
*SHM(1)     .UPPS.     0 l   10   16  377    0.000   -0.172   0.015

At some point I'll include my 3D accelerometer.
PhotoPhotoPhotoPhoto
RaspberryPi
4 Photos - View album
Add a comment...

Post has attachment
Here’s a very nice presentation about the impact of the technology behind Trusted Computing when used to “lock-down” device (like Apple is doing on the iPhone/iPad, Microsoft Xbox, Sony Playstation, etc).

It's not a technological problem, it's a social problem, it's a legal problem, it's a political problem... It's no different than our current computers. They caused such problems in all of those spheres and still do. It can be used for the good or the bad. Simply said, it’s a disrupting technology. Don't ditch the technology because it is disturbing to our society. In fact we (InfoSec) have to do the complete opposite. We need to learn about it and prepare ourselves just like anything else. It has been happening for centuries, it is happening today, its called evolution, nothing else and it won't be stopped, get over it.

One thing I'd like to clarify, the difference between device lock-down (like Apple) and Trusted Computing is that on your iPhone, Apple is the owner of the platform. From a technical point of view this means they are the one who have initialized the platform keys - the one protected by the chip and which is used to form the Core Root of Trust (the security chain anchor). Simply said, they control what can or cannot run on the platform.

Now that's a very big difference. With Trusted Computing, YOU are the owner, you set the keys. In fact, the TPM is not even initialized at purchase. Oh and by the way Apple does not use a TPM. They can't. It's not compliant. It's their own DRM-oriented implementation. Nothing to do with Trusted Computing but only with some concepts use behind it (chain of trust). Please make this distinction.
Add a comment...

Post has attachment
Here's something pretty useful: edit your github repository online. Especially great for Jekyll powered website/blog.
Add a comment...

Post has attachment
Just released a vulnerability for Dropbear SSH server. An authenticated user can execute arbitrary code under root privilege. Dropbear is used in a variety of embedded device and is included in multiple operating system such as OpenWRT and DD-WRT.

https://www.mantor.org/~northox/misc/CVE-2012-0920.html
Add a comment...

Post has attachment
Two factors authentication have always been a simple band-aid over a much more important problem: if the underlying system cannot be trusted, you are doomed.

Tokens has only force attackers in using active attack instead of passively monitoring for password. The security industry should be investing more in serious solution such as Trusted Computing.
Add a comment...
Wait while more posts are being loaded