Just posted a Video on Youtube:
While working on different stuff I was searching for a collection of APIs that are related of useful for security researchers, incident response people or threat intel.
Unable to find a good list of REST APIs decided to start it. The collection is hosted on a Security API list, and pull requests or issues mentioning missing APIs are highly welcome.
Why did I produce such a list? More and more people want to automate their workflows, Security Orchestration is the new Buzzword after last years Threat Intelligence, but basically containing the same, they both have in common to facilitate already available data, with Orchestration not storing that much data but enriching dots collected.
However the challenge is, what to integrate, everyone has their „go to“ tools they use on a daily base risking to miss some golden nuggets that are handy.
The list is divided (at the moment) in tools that are mostly on prem., online tools, SIEMs and various. With an increasing number of APIs that ordering might change of course.
So I really hope the list is useful and people can use it and that it can grow.
Einfach göttliches Video
One day to go till the Backfischfest in Worms is starting and we can say, the 9TageTicket this year is again a big success. With more then 650 tickets pre ordered, we are on almost the same level as last year, showing that there is a constant interest in the free tickets that show other visitors the commitment to the Backfischfest.
For the first time we will have flyer for the showman explaining the idea behind 9TageTicket.
Had an issue to find all authorized_keys on a server, so I came up with a little shell script that will itterate to all your home directories and show the authorized_keys and authorized_keys2.
Find the script on github
The following error message:
Forbidden (403) CSRF verification failed. Request aborted More information is available with DEBUG=True
Might occur if you are using an apache / nginx running behind another Apache as a proxy.
To read more about CSRF go to wikipedia. It is basically an interception of a session exploiting the trust a browser has to a site.
So it is an security feature, that is interfered by the proxy.
You have most likely something like:
ProxyPass / https://$yourhost/ ProxyPassReverse / https://$yourhost/
In your apache config. That needs to be extended to:
ProxyPass / https://$yourhost/ ProxyPassReverse / https://$yourhost/ ProxyPreserveHost On
Quote from apache doc:
When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.
This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.
Da öffnet man Amazon ohne böse Vorahnung und bekommt einen Hinweis:
wir freuen uns, Ihnen heute das Amazon Fire TV vorzustellen.
Und noch schöner, bis Montag gibt es das Amazon Fire TV für Amazon Prime Kunden zum Vorzugspreis von 50 Euro statt 99 Euro.
PS: Das Fire TV bietet neuen und existierenden Prime-Mitgliedern noch mehr. Sie können Tausende beliebte Filme und Serienepisoden mit Prime Instant Video sofort unbegrenzt streamen und erhalten in den nächsten fünf Tagen das Fire TV für nur 49 EUR statt regulär 99 EUR.
Zuschlagen lohnt sich also.
Edit: Golem schreibt nun auch darüber
There have been some ongoing discussions about Facebook Messanger / Whattsapp – security, encryption, privacy etc.
Just a few days ago Facebook made a big move pushing more users to the Facebook Messenger.
And now a new big player enters the field of messengers: Deutsche Post.
They announced a product called „Sims Me“ being a „free and secure messenger on iOS and Android“.
Of course Deutsche Post has some expirience with delivering messages for hundrets of years. But this is not the first App Deutsche Post is providing, officially the apps are developed by „DP IT Brief GmbH“.
Key Features of SimsMe
– End to end encryption
– everything stored on servers
– self destructive messages *
– Ability to connect to your existing contacts (but only by granting SimsMe access to your contacts)
– Confirm users by QR code (same like Threema)
– App is password protects -> if your possword got lost, your app data is gone, you have to reinstall it.
* only for th first million users for free
There is a good FAQ on the page.
The starting phase was a bit to much for Deutsche Post as to much users tried the service, but for now it is okay, some bugs have to been fixed, there is some space for improvement regarding UI, but overall a nice product.
Of course stating „it is end-to-end encrypted“ does not mean anything. I haven’t seen a Audit of the App, even if it would be open source, there is no evidence that the open source code is the code DP IT Brief GmbH is sending to Apple / Google. And there is no way to check wether the app uploaded from DP IT Brief GmbH to Apple / Google is the App that you are downloading to your device (they are in a position to madify apps). That said, having a big company providing an app with end to end encryption is better than using a plain-text or not properly encrypted app. But still, if you want to exchange sensitive stuff, face to face is the way to go.
Since serveral month, many Pis are in use within my network. I am using them for XBMC Raspberry, Syslog Raspberry, Kippo Raspberry Pi, surveillence pi, Nagios Raspberry Pi, Backup Pi a TOR Raspberry pi and of course they are using UPS for power supply.
But since some of the use cases are not that trivial, the tech specs of the raspberry are not high enough. But now a new pi is on the road: Banana Pi.
Specs of the Banana Pi (bold most important ones):
SoC: Allwinner A20*
(ARM Cortex-A7 dual-core, 1GHz, Mali400MP2 GPU)
System Memory 1GB DDR3 DRAM
Storage: SD card slot, Extensible with SATA connection
Video output: HDMI, Composite, Extensible with on-board LVDS connector
Audio I/O: HDMI,3.5mm stereo jack output,On-board microphone input
Connectivity: Gigabit Ethernet
USB: 2* USB 2.0 ports, 1* OTG micro USB port,1* micro USB for power supply**
Expansion: Extensible 26-pin headers, Camera connector, Display connector for LVDS and touch screen
Misc: 3* on-board buttons, (Power, Reset, Uboot key), IR receiver
Dimensions: 92mm X 60 mm
Weight: 48 g
Wow! It has gigabit onboard, an faster CPU (with integrated GPU!) , double Sytem memory, is compatible to extension modules of the original Raspberry Pi.
Especially for multimedia use cases, like HD (1080p and even higher) streaming the Banana Pi looks quite nice. At the moment, XBMC is not fully compatible to the banana pi, but the bigger the fan group the faster XBMC will work on supporting the new toy.
I will try to get one of the boards to get a first impression and will write about it in the future.
A good review of Banana pi is available at: http://raspi.tv/2014/banana-pi-review-first-impressions. The author is describing some problems while installation, but I think that is a common problem for new products. One particular complaint is very interesting, he mentioned that the linux SD card image is bigger then needed, because they included free space to the image – what a pitty.
Mal ein etwas spaßiger Beitrag. Bei Amazon ist ein Messer besonders beliebt bei Kunden: Misono UX10 Petty 5.9″ (15cm) – Right (japan import)
Das Messer kann unter anderem:
– durch 0 teilen
– einen Messergriff anbieten, der auch schneiden kann
– Laserschwerter kürzen
– die anstehende Arbeit teilen
– einen aktuellen Status auf Facebook mitTEILEN
– es beeindruckt sogar Chuck Norris
Das passt auch zu dem anderen legendären Messer auf Amazon: Wenger Schweizer Offiziersmesser Giant Messer, mit Schatulle
Mit über 800 Kommentaren auch nicht schlecht.
Wer ein ganz normales nettes Messer haben möchte kann für weniger als 20 Euro zu dem nicht minder schlechten: Victorinox Taschenwerkzeug Offiziersmesser Huntsman, Rot, 91mm, 1.3713