backtrack

It turns out that the install of R1 pretty much uses up close to 8GB, actually about 7, but who's counting. Thanks to Tim who left a comment to this effect.

Anyway, this doesn't leave enough room to do much of anything, including install future updates. For that reason I have increased the minimum drive size to 16 GB for R1 and change the lvcreate command to use '-l 100%FREE' which makes it a bit easier.

This does not affect the how-to that uses persistence.

Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption

-Kevin

{ 0 comments }

Minor Update to the Backtrack 4 How-tos

by kriggins on August 9, 2010

in Announcement, Tips

Both Backtrack 4 how-tos have had minor updates made. The Full Disk encryption how-to has had the boot partition increased to 120 MB and the USB/Persistent Changes/Nessus how-to has had the FAT partition increased to 2500 MB.

So far these are the only two changes that had to be made. There will be further updates coming in the near future to help with common problems and questions.

Backtrack 4 - Bootable USB Thumb Drive with "Full" Disk Encryption

Backtrack 4 - USB/Persistent Changes/Nessus

-Kevin

{ 0 comments }

Good afternoon everybody! I hope your day is going well.

Here are today's Interesting Information Security Bits from around the web.

  1. OT, but very cool. Make your own QR code temporary tatoos.
    QR Code Temporary Tattoos Howto | The Guerilla CISO
    Tags: ( general )
  2. I think I pointed to something about this a bit ago, but here is more on chip and pin having issues.
    Light Blue Touchpaper >> Blog Archive >> Chip and PIN is broken
    Tags: ( chip-and-pin )
  3. Fun stuff here. Using WCF to scan inside the perimeter.
    Abusing WCF to Perform Remote Port Scans - Gotham Digital Science
    Tags: ( scanning )
  4. Dave opines about 5 reasons your security program may be struggling.
    ShackF00 >> 5 Reasons Your Security Program is a Failure
    Tags: ( general security-program )
  5. Just in case you were not aware of it, OWASP has a broken web application project. It's a VM with vulnerable apps.
    owaspbwa - Project Hosting on Google Code
    Tags: ( webappsec education )
  6. Join the rant against the term "best practice." Drives me nuts, just like it does Adam.
    Best Practices for Defeating the term "Best Practices" << The New School of Information Security
    Tags: ( general )
  7. Josh has some good point about social networking and its use are work.
    Josh More - Starmind Blog >> Should we allow our employees to engage in social networking?
    Tags: ( social-networking )
  8. Check it out if you are in Europe or have a really big travel budget.
    Pimping the Security Non-Cons: Troopers 2010 | Rational Survivability
    Tags: ( conferences )
  9. Some cool and interesting stuff going on in the A6 world. Check out Chris's post about A6 and CloudAudit.
    The Automated Audit, Assertion, Assessment, and Assurance API (A6) Becomes: CloudAudit | Rational Survivability
    Tags: ( cloud a6 cloudaudit )
  10. Fun with social engineering and Metasploit.
    Social-Engineering Toolkit (SET)
    Tags: ( social-engineering metasploit )
  11. .:[ Layered Security ]:.: 802.11n card that works with BackTrack 4 - woohoo!
    Tags: ( backtrack tools wireless )
  12. Security-Shell: NoMore AND 1=1 - Web Application Testing Tool released
    Tags: ( webappsec sql-injection )
  13. 7 Things Every Information Security Professional Should Know -- My Information Security Job
    Tags: ( careers )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 0 comments }

Hi there folks. I know it's been awhile since we've had a bits post, but never fear. I did not just click 'mark all read' and am making my way through the back log. For the next few days you should see a bits post for that day and a catch-up post. This is the first catch-up post. I apologize, but the catch-up posts will probably be commentless like this one.

  1. The Ethical Hacker Network - SSHliders
    Tags: ( challenge )
  2. Nikto 2.10 released << Ramblings of the anal security guy
    Tags: ( nikto tools webappsec )
  3. Twitter Risks | The Infosec Cynic
    Tags: ( twitter humor )
  4. Syn: Abusing VLANs With BackTrack
    Tags: ( vlans backtrack )
  5. Carnal0wnage Blog: Oracle Hacker's Handbook Book Review
    Tags: ( book review oracle )
  6. Securosis Blog | IDM: Reality Sets In
    Tags: ( idm )
  7. Do the Evolution... - fudsec.com
    Tags: ( profession )
  8. Are Security "Best Practices" Unethical? << The New School of Information Security
    Tags: ( best-practices risk-management )
  9. Information Escapology << wirewatcher
    Tags: ( passwords logging )

That's it for today. Have fun!

Subscribe to my RSS Feed if you enjoy these daily Interesting Bits posts.

Kevin

{ 1 comment }

Yup. You guessed it. A new how-to that walks you through creating a bootable Backtrack 4 USB thumbdrive. This time we don't need to worry about updating Firefox or nmap though. You can find it at the link below.

Backtrack 4 - USB/Persistent Changes/Nessus

As always, let me know if you find any problems or have any suggestions.

-Kevin

{ 3 comments }

Hi there. Here are today's interesting bits.

From the Blogosphere.

F-secure has posted a notice about two Mac OSX trojans.

Adobe is in the news again with a patch for yet another critical PDF Reader flaw. Head-up provide by Zero Day.

Via TaoSecurity, a post by Pascal Meunier, Virtualization Is Successful Because Operating Systems are Weak, puts forth an interesting way to look at virtualization.

What it looks like is that we have sinking boats, so we’re putting them inside a bigger, more powerful boat, virtualization...

Chris Eng at Veracode has Part 1 of Minimizing the Attack Surface up. Good read.

Security4all points us at a way to get Nessus 3 installed on Backtrack 3. Very cool, but watch that new licensing.

From the Newsosphere.

Verisign has been picked by Microsoft as the OpenID provider for users of HealthVault.

The Marshall Islands, a small country in the South Pacific, was effectively denied access to email by a denial of service attack.

Yahoo! Mail was vulnerable to a XSS attack which allowed access to confidential information. It's fixed now.

Some HSBC websites are also susceptible to XSS attacks.

Surprise, Surprise, China networks host a large number of the websites pushing malware.

That's it for today folks.

Have a good one.

Kevin

Technorati Tags: , , , , , , ,

{ 0 comments }

And another Friday dawns. I hope yours goes well. Here we go with today's bits.

From the Blogosphere.

Via Alan over at StillSecure, the Aberdeen Group is looking for some data on IT Security Patch and Vulnerability Management. To get it, they are asking for us to participate in a survey. We get a shiny report gratis if we do. I probably will.

There is post up over at tssci-security that is taking a look at a several of topics all mashed together, the value of the CISSP certification, specialist or generalist when it comes to InfoSec and a new project being put together by the OWASP group, the People Certification Project. Some interesting thoughts in both the post and comments. BTW - he references Dan Greer's Source Boston keynote speech. It is well worth reading several times as I believe I have noted before.

Looks like there are some local root shennanegins that can be excersized on a Mac with versions 10.4 and 10.5 of Mac OS X installed. Good old suid fun, but does it really matter? Check out Zero Day's post and come to your own conclusions.

The Princess of Antiquity is tackling fairly daunting task in bringing a series of articles to us about cryptography that are couched terms the layman can understand. The first is up and is well written. Check it out.

Tom over at Spylogic gave a talk about Online Social Networks: 5 threats and 5 ways to use them safely. He has made his presentaion available here.

JJ has some good guidance for us if we are considering the implimentaion of 802.1x. Very good stuff.

Via Security4All, Backtrack 3 Final has been released.

From the Newsosphere.

Via NetworkWorld, Mitchell Ashley reports to us that Red Hat has decided to develop their own virtualization platform based on the Kernel Virtual Mode which is built into the Linux kernel. Go read his article for the reasons for this decision.

From Hack in the Box and ARN, a new report is out about a skills shortage in IT positions, including security specialists, is causing salaries to rise. Good for those down under.

Have a great Friday and wonderful weekend.

Kevin

Technorati Tags: , , , , , , , , , ,

{ 0 comments }