ewook

Yeah, that demo was .. really nice :).

Here's the deal - if you wanna run a exit node for tor, I'd strongly recommend that you implement your own safetynets - as well, a simple example - remove all the porn... Since you get the pure information flow, traffic-restricting this in the sense of "removing not-so-etical-content", I see no problem with it, because it's not part of the tor filosophy to allow access all things in that sense, it's to remove sensorship. Yes yes, one might argue that "well, now you are restricting it!" - not really. You are safekeeping your interests and makes sure that you can without having a cup of paranoia everytime you fire up the exit node, that you servre the tor user a legitime at better internet - protecting both of you ;).

There's more fun.. with Valve porting Left4Dead 2, they got the attention of gfx-makers if I'm not mistaken.

Out of date? http://support.microsoft.com/lifecycle/?p1=3198

I'd recommend any "suite" that fills your req's. A simple AV you can get for free, check the specs of your faviourites, what bang you can get for the buck... Depending on how your env is behaving and the needs of it - I'd say go for a whitelisting approach if you can, there's a few options on the market - and adding up that with an extended FW (Host and Network IPS should be considered as well).

Hah, or she'll learn how to bypass it ;).

Hey lostngone, sorry for the speedy return. Sadly, I simply re-solder another type of connector that goes with my AC adaptor, so no pics available. Sorry.

Trivs du med BBB? ;) For the majority of the audience - here's another tip, when it comes to hardening deb-based systems: http://www.debian.org/doc/manuals/securing-debian-howto/ Mind, it's long, large and not the pretiest bird around - but if you're truly interested in the basic steps, parse through it :).

Here's a simple one: OUTF=duplicates.sh; echo "#! /bin/sh" > $OUTF; find "$@" -type f -print0 | xargs -0 -n1 md5sum | sort --key=1,32 | uniq -w 32 -d --all-repeated=separate | sed -r 's/^[0-9a-f]*( )*//;s/([^a-zA-Z0-9./_-])/\\\1/g;s/(.+)/#rm \1/' >> $OUTF; chmod a+x $OUTF; ls -l $OUTF Change sed -r 's/^[0-9a-f]*( )*//;s/([^a-zA-Z0-9./_-])/\\\1/g;s/(.+)/#rm \1/' >> $OUTF; to sed -r 's/^[0-9a-f]*( )*//;s/([^a-zA-Z0-9./_-])/\\\1/g;s/(.+)/rm \1/' >> $OUTF; if you wish to delete it when running the shell-script it creates (duplicates.sh). On windows? Well, mount your win-drive over smb and run it from a *nix system or cygwin it from within windows.

Woh! I did not know that - If I had, I'd still have my setup, thanks for the info tho!

IPcop, zeroshell m0n0wall pfsense etc etc. But turning a deb(based) dist into a fw isn't hard at all. Here's a extremely simple version: #!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward # and some good stuff to have enabled.. #no spoofing echo "net.ipv4.conf.default.rp.filter=1" >> /etc/sysconf.conf echo "net.ipv4.conf.all.rp_filter=1" >> /etc/sysconf.conf #no broadcasts #echo "net.ipv4.icmp_echo_ignore_broadcasts" = 1 >> /etc/sysconf.conf echo "net.ipv4.icmp_ignore_bogus_error_responses" = 1 >> /etc/sysconf.conf #more.. echo "net.ipv4.conf.all.secure_redirects = 1" >> /etc/sysconf.conf #echo "net.ipv4.conf.all.send_redirects = 1" >> /etc/sysconf.conf echo "net.ipv4.conf.all.accept_source_route = 1" >> /etc/sysconf.conf #echo "net.ipv6.conf.all.accept_source_route = 1" >> /etc/sysconf.conf # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT #yes, you should have fail2ban ;) #/etc/init.d/./fail2ban restart #fix tap0 forwarding etc. #clarify - eth1 internet #clarify - eth0 lan # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A INPUT -m state --state NEW -i eth1 -j REJECT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i eth1 -o eth1 -j REJECT # portforwarding-rules #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport [port] -j DNAT --to [ip:port]

I'm hoping I'm wrong here - but you have a managed (open)PGP installation, without a administrative key tied to every user-key, thus not enabling you to do a decrypt on PGP-encrypted material? I'd say sorry, without first of the private portion of the key or the recipient key (if any?) there's a big black hole on recovering that information.

I'd say look into portknocking or at least the reasoning behind it - you'll get plenty of lovely ideas from that ;).

Kudos for the pics! Did that myself in like 2005 (I think), but scratched it after the dog pulled it down from the tv-counter and I didn't have the energy to mod a nes-controller :/.