crazylazy.info

Who needs this?

Yay, free mails in a sustaining setup!

This is a tutorial on how to practically setup a relatively secure mail-server.

It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.

The reference system this setup works with is a Debian GNU Linux with:

• Maildrop - instead of Procmail for more flexible filter rulesets
• Postfix and Postfix-pcre ~ 2.7

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

A collection of tutorials, videos and fun

I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:

Programming

Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.

A slight update

Here's a slight update on my sandbox-exec script for Safari 4.x. I prefer Safari for browsing for numerous reasons, however as a security minded individual I couldn't stand the access-permissions Safari by default has.

Apple developers left doors open. Threats come out.

About the idea

Currently I'm doing some research on vulnerability discovery techniques, speaking of black-boxing, white-boxing and yes... gray boxing, too. These are general code-review techniques for source-code auditing, automated function-auditing and formal software verification.

Teaching?

What took the most of us to learn,
is what we teach best.

I found a good collection of IT security specific learning materials. Even if you're an old hand in the fields, you might catch something new, nevertheless I guess it's a university course intended for starters.

Introduction and Source Code Analysis, Dan Guido
Reverse Code Engineering, Stephen A. Ridley
Memory Corruption, Dino Dai Zovi
Fuzzing, Mike Zusman
Client-side attacks and Post-Exploitation, Dean De Beer
Web Hacking, Erik Cabetas

About good people in IT being too good and bad guys playing better

Bugs flew in the Eniac and caused errors. Since ages bugs cause trouble in IT. Now it's time to exterminate them?