SSH Proxy: Server and Client Side of Using an SSH User Without Shell as Proxy Server

Imagine you want one of your machines to become a proxy - for external users to be able to access local resources or the internet as if they were on that machine. You could run a dedicated proxy server for that - but if the machine provides SSH and you want an easy solution, you can use SSH as well - without risking any shell-related issues.

Git security: enabe fsckobjects in ~/.gitconfig:

In order to prevent possible tampering with code in git repositories you work with (e.g. malicious manipulation of objects during clone, fetch, push...), check if these lines exist in your ~/.gitconfig and add them, if they don't.

Cracking RC4 messages that use weak RC4 reinitialization for each message part

This post deals with a short excerpt of a security and hacking related exercise at the University of Applied Sciences Upper Austria, Campus Hagenberg: we obtain the plaintext from an intercepted RC4 encoded message, from which we know that it uses an easy to crack re-initialization of the RC4 cipher for each message part.

Facedetection with JavaCV and different haarcascades on Android

The pan shot face recognition prototype from 2013 has been embedded in the prototypical face module of the mobilesec android authentication framework. The face module uses 2D frontal-only face detection and authentication, but additionally showcases pan shot face detection and authentication.