November 2008 Archives

I teach a basic undergraduate computer security class, which is a mix between ethical hacking, incident response, and a little bit of security management. My students do their assignments in a virtual security lab (7 hosts in a VMWare environment). When class is over, I'll post how I set up this lab in a little more detail.

Getting to work this morning, I found the following message in my mailbox:

Subject: host5 is down
Date: 11/25/2008 2:10 AM

Good Morning,

I crashed host5 by trying to run the following exploit:
http://milw0rm.com/exploits/7091
The files that should be removed: ~mikei/data/1.c    and   ~mikei/data/1

~Apologies

Sometimes I need to play around with some digital certificates and I do not feel like shelling out a lot of money each time to buy real ones. Here's how to set up your own CA (certificate authority) in a quick-and-dirty way. Please do not use this guideline to set up a real CA!

The scenario in which I am interested is to set up a single root-CA, which signs the certificates of two sub-authorities. The sub-authorities are the entities that actually sign the end-user certificates. I will create one sub-authority to issue person certificates and one to issue site certificates.

A detailed description of my efforts has been posted.

I attended a two-hour presentation by Dr. Peter Tippett of Verizon Business's Cybertrust group at the Grant Hyatt Hotel in New York City (nice!) today.

Dr. Tippett is on tour to let the world know about the data breach investigations report that his team put together and published earlier this year. At the very least, the presentation was entertaining, but there were even some interesting bits here and there.

Dr. Tippett is a scientist.