Bookmark
Let’s encrypt automation on Debian
eblog.damia.net/2015/12/03/lets-encrypt-automation-on-debian/, posted 2015 by peter in howto linux security
Free SSL certificates for everyone! the https://letsencrypt.org/ initiative backed by Akamai, Cisco, Mozilla and EFF, is going to offer free certificates. On this post I am going to explain how I have automated the process of creation and renewal of certificates, on a Debian server with a lot of virtualhosts with the minimal modification of the apache conf files.
Bookmark
Mass Surveillance Isn’t the Answer to Fighting Terrorism - NYTimes.com
mobile.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.html?_r=1&referer=, posted 2015 by peter in fascism opinion privacy security terrorism usa war
It’s a wretched yet predictable ritual after each new terrorist attack: Certain politicians and government officials waste no time exploiting the tragedy for their own ends. The remarks on Monday by John Brennan, the director of the Central Intelligence Agency, took that to a new and disgraceful low.
Speaking less than three days after coordinated terrorist attacks in Paris killed 129 and injured hundreds more, Mr. Brennan complained about “a lot of hand-wringing over the government’s role in the effort to try to uncover these terrorists.”
Bookmark
The sad state of SMTP encryption
https://blog.filippo.io/the-sad-state-of-smtp-encryption/, posted 2015 by peter in email opinion security
This is a quick recap of why I'm sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.
Bookmark
Is there an Internet-of-Things vigilante out there? | Symantec Connect
www.symantec.com/connect/blogs/there-internet-things-vigilante-out-there, posted 2015 by peter in communication hardware linux networking security
Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.
Bookmark
OAuth Has Ruined Everything
developer.telerik.com/featured/oauth-has-ruined-everything/, posted 2015 by peter in api development opinion security social webdesign
Nobody has ever implemented an OAuth flow for their application and then said, “That was fun. Let’s do it again.”
Don’t believe me? Just go to Twitter and search for “OAuth Sucks”. Or just search “OAuth”. Or best of all just follow the OAuthSucks Twitter account. It’s a sentiment that’s so common, it has it’s own Twitter account. How did I find this account? I tried to register it of course.
But why is OAuth so awful? And does it have to be this way? In this post, we’ll take a look. OAuth (2.0 specifically) has a litany of problems, starting with the fact that the 2.0 spec itself essentially allows anything to be considered “OAuth compliant”.
Bookmark
Dockerfiles considered harmful
blog.wercker.com/2015/07/28/Dockerfiles-considered-harmful.html, posted 2015 by peter in deployment docker opinion security
There are some obvious issues with running third-party Dockerfiles. Like most of the Docker ecosystem, Dockerfiles were designed for personal use by an individual with root access. Once you start distributing them, however, you’re essentially giving root to a stranger. This blog post is about why you shouldn’t even be using Dockerfiles for your own projects.
Bookmark
Securing Debian Manual
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html, posted 2015 by peter in howto linux reference security
This document describes security in the Debian project and in the Debian operating system. Starting with the process of securing and hardening the default Debian GNU/Linux distribution installation, it also covers some of the common tasks to set up a secure network environment using Debian GNU/Linux, gives additional information on the security tools available and talks about how security is enforced in Debian by the security and audit team.
Bookmark
Why your A grade SSL is outdated cryptography on Chrome
https://certsimple.com/blog/chrome-outdated-cryptography, posted 2015 by peter in howto networking security
So you've installed your certificate, it doesn't use SHA1, your preferred cipher suites use forward secrecy, RC4 is disabled and your site gets an 'A' rating in the SSL Labs handshake test.
Then someone visits your site in Chrome and notices the following:
Your connection to example.com is encrypted with obsolete cryptography.
Bookmark
TLS-O-MATIC.COM
https://www.tls-o-matic.com/, posted 2015 by peter in development online security testing
This is a site you use to test clients – mobile apps, browsers, and many other applications that use HTTP applications and TLS – the Transport Layer Security protocol. We have designed a lot of tests that checks if your browser or client application really checks the identity of the server it’s trying to connect to. It is important that developers understand how TLS works and how site verification works.
|< First < Previous 31–40 (222) Next > Last >|