caught with my pants down.
Neat. I found the following in my drafts. I thought I had lost it...
I need to re-build my entire system. Someone broke in to colliertech.org and used the system to send huge amounts of spam. This cost my upstream provider a ton of money. I then misplaced my USB disk which contains a(n admittedly obscure) filesystem with my PGP key, colliertech.org's private root x.509 key and the same for my family.
I could assume that whoever found my usb disk would pass it on to a lost-and-found location without having torn it apart, figured out how to mount the filesystem, brute-forced the password out of the pgp key and x.509 keys, etc, etc. But I won't. I will now admit defeat and start over.
But first, I'm going to read chapter 19.34 of teh RCW, some books on intrusion detection and prevention, some docs on MAC, specifically SELinux as it pertains to Debian.
My mentor and owner/operator of the largest ISPs on the Kitsap Peninsula during the late 1990s said something about the incident that made me think. He said something to the tune of "you were trained better than that."
I don't know that I had ever been trained in security, other than during my stint at Security Portal... But I only worked on writing Perl code there... I was only tangentally associated with any security stuff...
So now I'm going to edumacate myself :)
I need to re-build my entire system. Someone broke in to colliertech.org and used the system to send huge amounts of spam. This cost my upstream provider a ton of money. I then misplaced my USB disk which contains a(n admittedly obscure) filesystem with my PGP key, colliertech.org's private root x.509 key and the same for my family.
I could assume that whoever found my usb disk would pass it on to a lost-and-found location without having torn it apart, figured out how to mount the filesystem, brute-forced the password out of the pgp key and x.509 keys, etc, etc. But I won't. I will now admit defeat and start over.
But first, I'm going to read chapter 19.34 of teh RCW, some books on intrusion detection and prevention, some docs on MAC, specifically SELinux as it pertains to Debian.
My mentor and owner/operator of the largest ISPs on the Kitsap Peninsula during the late 1990s said something about the incident that made me think. He said something to the tune of "you were trained better than that."
I don't know that I had ever been trained in security, other than during my stint at Security Portal... But I only worked on writing Perl code there... I was only tangentally associated with any security stuff...
So now I'm going to edumacate myself :)