syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption

DASAN H660RM devices with firmware 1.03-0022 (and possibly other) uses a hard-coded key “dasanektks123” for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

This vulnerability was assigned CVE-2019-9975.

Continue reading “syslog_tool.cgi on DASAN H660RM devices with firmware 1.03-0022 uses a hard-coded key for logs encryption”

ESE Key Daemon 1.2.7 released

New version of ESE Key Daemon was released today.

New features include the ability to handle multiple key combinations and distinguish between key presses and releases. A problem with the handling of the last line in a configuration file when there is no newline on the last line is gone. Numeric keys are now also allowed in the configuration file.

Download: esekeyd-1.2.7.tar.gz (.asc)

MD5: 5937ad6d7815dbc6ab6983411a9f37d4
SHA1: 07671be42b61973a3270aaf1b41c3467568ae7ac

nCipher HSM with OpenSSL

I just finished playing with some nCipher’s HSM. Unfortunately there is no integration guide for OpenSSL that cover CHIL interface and nCipher hardware security modules.

nCipher’s installation guide is quite good, but after you finish installing hardware, drivers and daemons, you are on your own.

I found only two helpful sources: Andrea Campi’s blog entry about nCipher NetHSM and OpenSSL and Marek Marcola’s post on openssl-users mailing list.

Both guides ends on key generation and self-signed certificates. Its enough to get CHIL enabled application to work with nCipher’s HSM, but will not help you to convert any existing OpenSSL (not an CHIL-aware) application to use HSM.

Continue reading “nCipher HSM with OpenSSL”

Szwajcarski nóż^Wpendrive oficerski

Szwajcarskie noże oficerskie słyną ze swej funkcjonalności. Odkąd zaczęto produkować wersje z wbudowaną pamięcią flash na USB zastanawiałem się, jak zapewnić oprogramowaniu zainstalowanemu na przenośnej pamięci równie dużą funkcjonalność.

Continue reading “Szwajcarski nóż^Wpendrive oficerski”

Optimizing GNOME for Netbooks

GNOME can be easily optimized for Netbooks using configuration editor. Disabling animations, thumbnails and splash screen speeds up GNOME while scaling down icons saves space on desktop.

Metacity will give the user less feedback by using wireframes, avoiding animations, or other means if /apps/metacity/general/reduced_resources is set to true. This can be set with gconf-editor or from shell with gconftool:

gconftool-2 -s /apps/metacity/general/reduced_resources -t bool true

Continue reading “Optimizing GNOME for Netbooks”

Sptrace 1.4.2 released

New version of sptrace was released today. Sptrace is a secure ptrace() Linux Kernel Module (LKM). It limits users’ access to the ptrace() call. Module was updated to reflect changes in new kernel releases and tested with 2.6.26.

Continue reading “Sptrace 1.4.2 released”