kill -9 $$

June 26th, 2012 Comments off

I hate it when I keyed in a password on a shell prompt and pressed enter already.

This is short, easy to remember and doesn’t do nasty things like editing your history file…

PS: Works definitely with bash, dont know about others.

Categories: Scripting Tags:

Two factor authentication with YubiKey

June 24th, 2012 Comments off

Yubikey with penguinTwo factor authentication with OTP – as provided by YubiKey – makes you sleep well at night again.

I recently figured that these substantially increase your password security – with what you know and what you have. They are very easy integrated into PAM – and the good news is most services on Linux can be configured to use PAM as an authentication source.

SSH, Dovecot, Apache… no problems.

The good thing is, these tokens are not expensive at all – 25 USD and they are yours or for 10 USD more you can even get one with RFID integrated. What more do you want?

Unfortunately still, there are only a few websites what are supporting these tokens, there are certainly plugins for some web applications like WordPress or SqurirrelMail. These are what I know of, there a certainly more.

I wrote a short article about these nearly 2 years ago – you can find it here.

Categories: Security Tags:

T-Shirt: “I own a /48 and I am not afraid to use it.” and other IPv6 gimmicks from HE

June 24th, 2012 Comments off

I recently got this T-Shirt on Hurricane Electric’s website:

I've got a /48 and I am not afraid to use it.

   And also this coffee mug:

HE's IPv6 mug

Categories: Fun Tags:

Enabling HSTS on nginx II

June 24th, 2012 Comments off

I have to add a correction to my previous article “Enabling HSTS on nginx“:

You can and should enable it on http as well, so that visitors of your website offer from this additional security benefit as well – when they come back.

Categories: Security Tags:

Nginx + IPv6: “98: Address already in use”

April 12th, 2012 Comments off

If you get this message, you have to change your “listen” statement from

listen 94.229.77.82:80;
listen [2a01:348:226:dead:beef:dead:beef:dead]:80;

to

listen 94.229.77.82:443;
listen [2a01:348:226:dead:beef:dead:beef:dead]:443 ipv6only=on;

For some add reason the first statement (without “ipv6only”) was working for me for some time… odd.

Categories: New technology Tags: