August 2016 – Odinn Security

Investigating the security of anonymous messaging over the Internet

By Edward Thomson | August 27, 2016 | Comments 0 Comment

The topic of strongly encrypted communication has been receiving a lot of press coverage over the last few years and is a politically sensitive issue. Adding the possibility of making such communication anonymous makes it more sensitive. This work is based upon the thesis that I submitted for my MSc. The layout of the sections plus some of the wording has been tweaked to fit better as blog posts. The intent is to present the information across several pages.

Anonymity over the internet — Can we be anonymous on the Internet?

In this post I am introducing a new section of the blog which will be devoted to anonymity and privacy.

This blog will investigate to what degree anonymous communication over the Internet is possible. The result is unclear: theoretically possible but unlikely to be true in most real situations. Sources will be provided where necessary and may be acaedmia in nature or from the media. The combination of the two will show the cultural relevant of the topic and to highlight the interface between researchers, software developers and the general public who have no formal training in this area.

…

Creating better passwords

By Edward Thomson | August 14, 2016 | Comments 0 Comment

TL;DR: use a password manager.

Allow me to suggest Password Safe (https://pwsafe.org/). Forgive the lack of design on that website but the product is free and was created by security expert and cryptographer Bruce Schneier.

Password Memes

Everyone has undoubtedly seen the memes that illustrate our common frustrations in picking a password for a new account. A new website has gone live and everyone is racing to join it and try out the new service. There is a large fear of missing out (aka #FOMO), but you may need to pick a username that hasn’t already been taken. John1 has likely been taken even if you’re an early bird, but in the case where you just have to use your email address as your username there is always the dreaded next step of choosing a password. We scratch our heads and feel the sensation of guilt when our brain falls into the groove of recalling our favourite password.

I will outline the usual problems with password creation and storage, and then make the case for password managing software. My aim is not to complain about bad behaviour nor chastise anyone for having a weak password. We’ve all been there. I’ve even typed passwords into group chats: “MyCompany789!$”. Oops! I’ve had a few moments of embarrassment while I frantically change a terrible password that I shared with everyone.

This is a non-technical article and should be readable without any specialist knowledge! This is intended for everyone and to help improve real world security for people in their personal and professional life.

…

Setting up a secure Linux web server

By Edward Thomson | August 14, 2016 | Comments 0 Comment

Goal: by the end of this guide you should have a reasonably secure Linux web server.

Part of the reason I set up this was to improve my understanding of creating a secure website. I know how to assess a website for security problems but I didn’t have as much practical knowledge on the implementation side. As I worked through various online guides and books I decided that it made sense to document what I was doing and then share it here.

I could have just created a static website made purely from HTML and congratulate myself on having a secure server, but there are almost no real world scenarios where this is useful. Most people want a feature and content rich website which is also secure.

Many of the principles apply equally well to Microsoft IIS servers but from my own personal perspective going the Linux route is easier.

[Currently a work in progress]

…