From 23ac9f57b9b4c761cb8edc5bfa0c0de77ec89326 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 30 Sep 2017 14:06:22 -0300
Subject: Change extension to .md

---
 research/security.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 research/security.md

(limited to 'research/security.md')

diff --git a/research/security.md b/research/security.md
new file mode 100644
index 0000000..38e32ce
--- /dev/null
+++ b/research/security.md
@@ -0,0 +1,33 @@
+[[!meta title="Security"]]
+
+Research and development in security:
+
+* [Creepy - Geolocation OSINT Tool](http://www.geocreepy.com/) ([package](https://packages.debian.org/wheezy/creepy)).
+* [Qubes OS](https://www.qubes-os.org/):
+  * [Qubes - Debian Wiki](https://wiki.debian.org/Qubes).
+  * [i3 | Qubes OS](https://www.qubes-os.org/doc/i3/).
+  * [Qubes OS 3.2 [LWN.net]](https://lwn.net/Articles/705827/).
+* bitmask and LEAP.
+* port knocking.
+* hardened systems: apparmor, gradm2, firejail, seccomp, etc.
+* sshd:
+  * https://stribika.github.io/2015/01/04/secure-secure-shell.html
+  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
+  * http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh
+  * https://charlieharvey.org.uk/page/ssh_port_pros_and_cons
+* fuzzy testing: fusil, etc.
+* router: serial console to other boxes with dhe luks! :)
+* [Mailcap, HTML and AppArmor](http://www.justgohome.co.uk/blog/2014/02/mailcap-html-apparmor.html).
+* Increased security on smtp/imaps password storage:
+  * https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password
+  * http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent
+  * http://mah.everybody.org/docs/mail/fetchmail_check
+* Enhanced shell:
+  * Add a counter-measure to prevent SSH timing attacks:
+    http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
+    http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay
+    http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited
+* https://shodan.io
+* https://censys.io
+* https://keybase.io
+* https://github.com/shadowsocks/shadowsocks-go
-- 
cgit v1.2.3