crazylazy.info

Who needs this?

Yay, free mails in a sustaining setup!

This is a tutorial on how to practically setup a relatively secure mail-server.

It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.

The reference system this setup works with is a Debian GNU Linux with:

• Maildrop - instead of Procmail for more flexible filter rulesets
• Postfix and Postfix-pcre ~ 2.7

It's the famous data-kraken! He'll get us all.

When I was playing around with Facebook lately to setup an excuse account with my valid eMail address, in case some retard wants to impersonate me, I found out that social networks not only collect member data. Newer (iPhone/i* - stuff) applications for example make users synchronize their phone contacts into these web-services.

Malicious Office Documents

On very common entry point these days are malicious office documents. If you've got no idea on how interactive these "documents" can get, take the test at decloak.net (Start button). You'll get a .doc file that's performing network connections and in this case bypassing antonymization technologies.

Reach the registers

nowadays with "Agent Smith sunglasses" and TFT

We don't teach you...

I recently joined a channel on Freenode IRC and asked where to find some documentation for a special Metasploit auxiliary module, that was very new in the SVN repro. hdm sometimes is lurking around, people there normally are very friendly and helpful. It turned out not to be that typical day: "We don't teach you how to hack [...] use Google" - But we use your exploits?!

For Hackers and Reverse Engineers?

"Security professional" as a term doesn't really sell that well? In any case the book in Germany was hard to get. Maybe because some people get especially nosy if they read the "Hacker" term - even if referenced by the MIT definition.

It turns out that's not the only reason why it's hard to get. Reverse Engineering skills in today's Malware infested distributed systems, like internet or LANs, are essential to maintain a certain amount of effective countermeasures. Speaking of Stormworm or Confickr, where it's intelligence vs. intelligence.

So it's not that surprising: the book begins, introducing setups, and with debugging examples. But that's briefly and introductorily. The more advanced stuff starts in chapter 3.

About IT security and more

hey guess what: the trojan horse has got a black hat :)

The conference material at BH is always kewl. Attending to this con is highly expensive because it's far away - in my case. Well... here's the material publicly available. For personal entertainment: Follow this link.

Highlights for the moment