Samstag, 27. März 2010

TrueCrypt and Ubuntu 9

Today I installed True Crypt on an Ubuntu box. Tried apt-cache to search truecrypt without success. Cause I'm a damn good rftm'er I continued using google. Every page suggested to compile the sources. Not that I'm afraid of compiling source code but hey that's Ubuntu not Gentoo. So I stopped doing the rtfm stuff and had a look at the homepage of True Crypt. Downloaded a tar archive, extracted it and run the extracted executable. A few seconds later I got True Crypt running on the box. Why are all the linux guys always trying to compile things...

Freitag, 26. März 2010

Debian Bacula vulnerability / security leak

Another shorty: Bacula is a neat backup tool and Debian provides maintained packages for it. But the install script opens a big security hole. It generates all the necessary configuration files for the file and storage daemons, the director and the console client. It also generates the user names depending on the host name. And it seems to do this job in a secure way cause the passwords for the Bacula users are long enough to be very secure. This is indeed very important cause the file daemon runs as root. This is necessary so the file daemon is able to backup the whole system. The only downside is that those passwords are neither generated nor is the installer asking for them. This makes many users believe that those passwords are generated and not have to be changed. Combining those facts leads to the following situation: Every default Bacula installation in Debian is using the same password to secure the file daemon which is capable of reading all the files of the system as root. So every non privileged user is able to use this daemon to get access to files he has no access to. |-|4\/3 4 L07 0Ph p|-|U|\|...

  © Blogger template 'Morning Drink' by 2008

Back to TOP