I have always been an advocate on storage security (all types of security, actually). I like how iOS devices keep all files encrypted, even if you do not set a passcode on the device. They do this to facilitate quick erasure of files on the device — to erase all the data, they simply wipe the master key.
Erasing magnetic storage media isn’t difficult, but it is time-consuming. For solid state media such as SSDs and flash drives, the wear-leveling makes it difficult to ensure that all flash blocks have been securely overwritten. The answer to this is to encrypt everything.
Recently I have been busy building a Linux-based NAS and I decided to put this to practice.
What is EAP-SIM?
EAP-SIM is one of the authentication methods that can be used in an 802.1x or WPA Enterprise network. Specifically, it relies on the user’s SIM card to process a presented challenge. This has been used by some telcos to provide WiFi service without having to maintain a separate set of credentials. However, not all phones support EAP-SIM.
Since I’m already using a RADIUS setup at home, the use of EAP-SIM will eliminate the need to install my CA certs onto each device. But of course, there is still a fair bit of work to do…
Last month, I had the opportunity to fly halfway around the world to attend RSA Conference 2013. Everyone was given a lanyard and badge which contains your information entered during registration. When you visit booths, they can then scan your badge to collect your information and follow up by sending you spam.
The scanner varies across different booths, but mostly it’s an Android device that ran a custom software. Since it had a large NXP logo, let’s try to read it with the NFC TagInfo app. Looks like the tag identifies itself as a NDEF message but the data is gibberish.
I just read news that fake SSL certificates were issued by Comodo CA, but more interestingly, browser updates were issued to blacklist the certificates. Why this was necessary since we already have a protocol for doing just that?
I found out from this post on the torproject blog that talks about how OCSP is not properly implemented in browsers:
The browsers treat revocation errors as soft errors and a MITM is deadly for revocation. The browsers believe they have to treat them as soft errors because the CAs are failing to do their job properly and are almost entirely unaccountable.
Here’s how some other browsers fare when OCSP fails.