Tuesday, April 11, 2017

Everything will eventually be compromised - Creating and maintaining your GPG/PGP public and private keys

A company that I interviewed with last year asked me to create a presentation about something related to incident response.  Although not directly related, I decided to write about strategies for creating and maintaining key pairs.  I tied IR into it by talking about what to do when keys were compromised and how to minimize the impact of key compromise.

I was really in favour of the Alex Cabal method, obviously.

I ended up basing the presentation on his method, but advocating the use of short lived encryption and signing keys for travel. Also spelled out the advantages of cross-signing your temporary keys with your master key to extend your web of trust.

The basic steps are:
  1. Create master key with only a signing sub key.
  2. Use the master key for key signing, revolving sub keys, and creating new keys.
  3. Keep the master key offline in a safe.
  4. Using the master key, create a laptop key with encryption and signing sub keys. Short expiration date.
  5. Cross sign the laptop key with the master. Web of trust complete.
  6. Create other short term keys for travel that expire when travel is done.
What problem is it trying to solve? Confidentiality and integrity, maintaining the web of trust.

Solves: Impersonation, loss of signatures, future confidentiality breach, reduction of reputation of keys signed by you
Helps solve: Past confidentiality breach to the extent you expire keys regularly


What it doesn't solve is apathy.

Wednesday, October 5, 2016

Yahoo and Government Spying

Do you want to do something about government spying on your email?

I can show you how to set up and use encrypted email in conjunction with your gmail account. Let me know if you need help and I'll walk you through it. It's really not that hard.

1) Install Thunderbird
https://www.mozilla.org/en-US/thunderbird/

2) Configure Thunderbird for your email account(s)

3) Install GnuPG for your OS.
https://www.gnupg.org/download/index.en.html

4) Install the Enigmail plugin into Thunderbird (search in Tools/Add-Ons)

5) Create your Public/Private key, howto:
https://alexcabal.com/creating-the-perfect-gpg-keypair/

6) Exchange Public keys with friends, or search for them on keyservers, possibly upload your Public key to keyservers


More info: https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages

MacBook Pro upgrades, Time Machine Troubles (part 2)

After I changed the host name I tried to access my Time Machine backups.  Fail!  Apparently Time Machine keys off the host name. You may be able to select the old host name under devices to get to your files.

The solution for me was to change the host name back to the old name.

Good Luck!

Thursday, May 5, 2016

MacBook Pro upgrades, Time Machine Troubles (part 1)

My early 2011 MacBook Pro has been getting slower as time goes on.  I've got the 2.2ghz CPU and the slow 5400 rpm 750GB hard drive, which was nearly full.

Part of the size issue is that I've been trying to get my pictures organized. I have placed them mostly in the huge, monolithic iPhoto and Aperture libraries, which is a horrible idea. Placing them in directories organized by year, date, and project is much better. Then you can add them to photo apps, without copying the photo's into the library.  The metadata and any changes will be maintained in the library, but the size should be manageable.

I have encrypted Time Machine backups for this machine going back to 2014,

I started off with a memory upgrade from 8GB to 16GB.  I was able to use Crucial 8GB DDR3L 1600 SODIMM's, even though 1333 is specified.  The system recognizes that they are 1600.

Then, after 5 years, the graphics card meltdown happened.  Apple had a recall on this and fixed it no charge in 3 days!  Before they fixed it, it took me a while to figure out what the issue was.  The deciding factor was that the system would only boot to the terminal only single user mode.  During this I had to hard power the system off multiple times, and I ran "fsck" multiple times. Fsck found and fixed hundreds of problems.  Because of this, and a desire to speed the system up some more, I decided to upgrade to an SSD and rebuild the system.

I purchased a Samsung 1TB 850 Evo SSD and created an El Capitan recovery drive on a thumb drive.

Whoops, no Torx T6 driver. Off to the hardware store.

I installed the SSD, booted off the recovery drive, configured the new SSD and named it according to my naming scheme, and installed a fresh copy of El Capitan. Then I customized my system preferences and changed the name of the system according to my naming scheme.

- and that's when the problems started.

Tuesday, March 8, 2016

Vegetarian dinner

Michelle and I saw an ad for fresh copper river salmon last week.  We've been waiting for fresh salmon for a while, so we were looking forward to this, and invited a few people over for dinner.

Cut to Saturday, and the store had one small filet of grey fish.

New plan. One of the diners was vegetarian so we decided to go full veg.  We decided on 2 squash recipes from two books.  The first was a spaghetti squash casserole with various cheeses.  The second was a butternut squash recipe from our favorite Ottolenghi book, Jerusalem.

http://www.ottolenghi.co.uk/roast-butternut-squash-and-red-onion-with-tahini-and-za-atar-shop

Saturday, January 30, 2016