Documentation

Implementing Encrypted Incremental Backups with S3cmd

Details: Category: Linux; Published: Monday, 25 August 2014 14:12; Written by Ben Tasker

I've previously detailed howto use S3cmd to backup your data from a Linux machine. Unfortunately, because of the way that s3cmd works, if you want an incremental backup (i.e. using 'sync') you cannot use the built in encryption.

In this documentation I'll be detailing a simple way to implement an encrypted incremental backup using s3cmd, as well as a workaround if you're unable to install GPG - instead using OpenSSL to encrypt the data. Obviously we'll also be exploring how to decrypt the data when the backups are required

It's assumed that you've already got s3cmd installed and configured to access your S3 account (see my earlier documentation if not

Version 1.16

Details: Category: Release Notes; Published: Saturday, 09 August 2014 22:11; Written by Ben Tasker

Version 1.16 of PHPCredlocker has been released and can be obtained from https://github.com/bentasker/PHPCredLocker

Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters

Details: Category: Security; Published: Wednesday, 23 July 2014 09:15; Written by Ben Tasker

As I posted recently, I've been playing around with some of ON Network's PL500 HomePlugAV Adapters. Given my previous experience with Powerline adapters, as part of that tinkering I thought I'd see whether they contain (or are) a security issue.

Unfortunately the news isn't great, as I can now get effective physical network access using the HomePlugAV adapters as my entry point. It does, of course require some proximity to the target network, but is otherwise pretty straight forward.

As I don't have $5,000 to spare, I did this without reading the HomePlugAV technical specification.

Responsible Disclosure: Before publishing, I contacted the HomePlug Alliance to notify them of the issues I'd identified, but have had no response

Minor Information Disclosure Vulnerability - Versions earlier than 1.16

Details: Category: Disclosures; Published: Saturday, 09 August 2014 22:00; Written by Ben Tasker

A minor Information Disclosure Vulnerability exists in PHPCredlocker versions earlier that 1.16.

Communicating with HomePlugAV Devices using Python

Details: Category: Development/Programming; Published: Monday, 07 July 2014 03:13; Written by Ben Tasker

I've got a couple of pairs of ON Networks' PL 500 HomePlugAV Powerline Adapters and have been playing around with them to see how they compare to the Computrend 902 devices I played around with 5 years ago.

I'm still playing around with the kit, but thought I'd document a very basic example of how to send commands to the devices using Python - the instructions should work for any kit based on Qualcomm's INT6x00 and AR7x00 chipsets (mine use the AR7420/QCA7420) - we'll be changing one of the encryption keys (the NMK) that the devices use

BenTasker.co.uk

Documentation

Implementing Encrypted Incremental Backups with S3cmd

Version 1.16

Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters

Minor Information Disclosure Vulnerability - Versions earlier than 1.16

Communicating with HomePlugAV Devices using Python

More Articles ...