karolszafranski.info

Linux geekiness taken professionally
Archive for November 2013

One-Time Passwords on Debian Linux for SSH and VNC

2013-11-15 by Karol Szafrański, tagged as linux, otp, personalsec

Let's imagine your employer openly implements spyware on employees' computers as part of their DLP policy. Upon signing your contract you're warned that there is a program somewhere there that "monitors all user activity and could prevent some of it" and instructed that the attempts of killing, removing or tampering with the tool would be awarded with dismissal. They would log all visited websites, take screenshots at any time, and record all keystrokes. So every time you access your personal machine from work, you put your precious, lenghty, complex password (you have such one, right?) at risk of being recorded and stored in some audit database in plaintext for unspecified people to see.

Or maybe you are pretty comfortable with the security of the OS you're using but need to keep away a coworker/roommate/competitor spy looking over your shoulder, either directly or by some sophisticated means?

I came across a similar issue some time ago. And people around carrying RSA SecurID tokens made me wonder. So, let's render a captured SSH password useless.

Read more »

Hello

2013-11-03 by Karol Szafrański

Hi, this is the first post on karolszafranski.info.

My personal page is going to serve as a place to share stuff that I hope may be useful to general public but till now it either has been sitting somewhere in my head or gathering digital dust on my disk. Most of it will relate to Linux, security and privacy. Of course it will also provide you with the ways to contact me.

For now I decided to stick to static pages generated with Blazeblogger. While I am aware of the fantastic oportunities given by full-blown CMSes (and I also gave a local installation of WordPress a try for a while), I think a reasonable tool for managing static content will serve me well enough. We'll see. Next one in the queue for review is Chronicle. A proper (not self-signed) HTTPS certificate is also on my to-do list.