Verifying a CD/DVD against an ISO image

One way of verifying that a CD/DVD matches an ISO image is to calculate a hash sum (e.g. SHA-256) of both the CD/DVD and the ISO image and compare them afterwards.

For the ISO image this could look like that...

$ sha256sum original.iso

...and for the optical drive:

$ sha256sum /dev/cdrom

Though you might get matching hash sums in many cases you won't. This post is about why that happens and how you can compare them the right way.

Read more...

Using the Linux kernel's USB authorization support to lockdown USB

USB is not secure. The way a USB device looks, doesn't necessarily indicate its real functionality. A device which looks like a USB flash drive could act as a keyboard once it is plugged into a machine and inject arbitrary key strokes (thus possibly allowing arbitrary malicious stuff). With BadUSB or devices like the USB rubber ducky such attacks are even more easy to achieve and available to the masses.

This post is about how you can use the Linux kernel's USB authorization support to lockdown USB and check a USB device before you allow the kernel to load the driver.

Read more...

Replacing the battery in a Philips HQ 7740 Coolskin

The Philips HQ 7740 Coolskin is battery powered shaver. The built-in battery of my Philips HQ 7740 didn't charge properly any longer, so I replaced it. I didn't find instructions on how to change the battery, so this is how I did it...
Read more...

NGINX: Why limiting request methods is not necessary

If you want to harden nginx you might come across this piece of configuration:

if ($request_method !~ ^(GET|HEAD|POST)$ )
{
  return 405;
}

The idea behind this is that nginx checks for any incoming request, if the request method is either GET, HEAD or POST. If the request method is different, nginx will return HTTP status code 405 ("Method is not allowed"). There are other examples which return nginx' non-standard return code 444 ("Connection closed without response") instead. Here is why I think you can omit that piece of configuration and save some CPU cycles...

Read more...