Category Archives: Security

openbox-passmenu

I recently started to manage my passwords with the pass(1) password store. I integrated access into Firefox via passff and also found a nice GUI with QtPass. While this works nicely, in places outside the browser, it was still quite cumbersome for me to enter passwords. I was still required to open a terminal window to run pass or use the QtPass GUI to copy and paste the password.

I had seen others using passmenu together with dmenu to copy or insert a password anywhere. That seemed very elegant, as it could be used everywhere.

However, I prefer to use tools that are less minimalistic. For years, my Linux desktop has been LXDE with the Openbox window manager. I discovered that it is possible to write dynamic menu for Openbox, which seemed like a perfect fit for this task.

The result is now openbox-passmenu, a script that provides a menu for Openbox to access the passwords inside the pass(1) password store.

If you also want to use this, please head over to the GitHub project for instructions on how to install and where it has to be integrated with the Openbox configuration.

How to run rsync on remote host with sudo

Sometimes I want to transfer files including ownership. This is not possible as normal user as the chown(2) system call requires special privileges, that is: uid == 0. However, I do not want to open ssh access for root, but go with the usual way to elevate my privileges: sudo.

I will go through common solutions presented on the web and explain why these do not work at all without significant modifications on the remote host and then present a working solution using X11-Forwarding that is less invasive.

Continue reading

Should we distrust Comodo after issuing a rogue SSL certificate for Windows Live?

About a year ago, I wrote an article why I no longer trust StartSSL. Back then, I said I switched to a paid certificate issued by Comodo under the PositiveSSL brand instead. A reader now brought a recent issue with a Comodo certificate erroneously issued for Microsoft’s Windows Live to my attention and asked whether I would still prefer them over StartSSL.

Arno wrote this comment (link):

Do you still trust Commodo to be more trustworthy than StartCom just because they asked for money to handle revocations? Think twice – a guy from Finland managed to get a valid certificate from Commodo for “live.fi”, (Microsoft Live in Finland), just because he was able to register “hostmaster@live.fi” as his e-mail-address:

http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/

I started to type my answer as a comment as well, but soon I realized my explanation just became too long to be a comment, so I turned it into an article on its own.
Continue reading