This commit is contained in:
Bob Mottram 2014-02-08 09:57:04 +00:00
parent ba001abf5e
commit f45ca4e2db
1 changed files with 6 additions and 1 deletions

View File

@ -132,7 +132,12 @@ ssh-keygen -R <IP address>
#+END_SRC
*** Passwords
It's highly recommended that you use a password manager, such as KeepassX, and make all your passwords long random strings. It's also a good idea to use different passwords for different pieces of software, instead of one or two passwords for the whole system. That compartmentalises the security such that even if an attacker gains access to one system they can't necessarily get access to others.
*** HTTPS
Throughout these instructions self signed SSL certificates are used to implement access to web pages via HTTPS. The whole HTTPS security model upon which much of the internet currently rests seems broken in that it usually depends upon "trusted certificate authorities" who are not really trusted, except perhaps by the maintainers of certain web browser software. So all that HTTPS really guarantees is that you have an encrypted connection, but an encrypted connection /to who/ can be subject to doubt. As was seen in 2013 with the [[https://www.schneier.com/essay-455.html][information coming from Edward Snowden]], and also the [[http://en.wikipedia.org/wiki/Lavabit][Lavabit email service]], it's possible for companies/organisations to be compromised or bribed and SSL private keys for all users can be demanded using gagging orders or secret laws without any individual user ever being able to know that their communications is no longer secure..
Not knowing who you're really connecting to is especially true for self-signed certificates, so it is in principle possible that when logging into a site with a username and password a system such as [[http://arstechnica.com/tech-policy/2013/11/uk-spies-continue-quantum-insert-attack-via-linkedin-slashdot-pages/][Quantum Insert]], or a compromised [[http://en.wikipedia.org/wiki/Domain_Name_System][DNS service]], could be used to direct the user to a fake copy of the login screen for the purposes of obtaining their login details. While this doesn't seem to be a major problem at the time of writing it's something to keep in mind. So if you can't log in or if you log in and what you see doesn't look like your site then it's possible that such a compromise could have taken place. Using a password manager with different login details for each site is one way to ensure that if one system is compromised then the attacker can't necessarily get access to all your other stuff.
** Initial
Plug the microSD card into the BBB and Connect the USB cable to your laptop/desktop, then login via ssh.
#+BEGIN_SRC: bash
@ -906,7 +911,7 @@ service dovecot restart
** Setting up a web site
#+BEGIN_VERSE
/I hope we will use the Net to cross barriers and connect cultures./
/It's important to have the geek community as a whole think about its responsibility and what it can do. We need various alternative voices pushing back on conventional government sometimes./
-- Tim Berners-Lee
#+END_VERSE