A friend of mine asked me on that article on BBC whether you should change all your password due to that Heartbleed bug within SSL. It seems there are a few things floating around, a few misconceptions and misunderstanding about the problem. First of all, when you access – a banking site for example, you usually […]
I came about that my SSH setup was only able to transfer ~12MBytes/s. After some digging I found out that SSHv2 is by default using “3des” as the cipher. When I set it specifically with “-c blowfish” to a another secure, but much faster block cipher, I got ~24MBytes/s. If you want you can configure […]
If you want to have your car for a long(er) time, you usually do your servicing, or in other words, you look after it. This is the same what you should be doing with your servers/services/applications what you are responsible for. You look after them, you do a regular oil-change (ie. “updates and/or patches”), you […]
I just came across Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key and Symantec/VeriSign Expands Encryption Options For SSL Digital Certificates. I must say, I am stunned. AFAIK no certificate has been “broken” yet, and those few ones what have, were implementation errors or via MD5 collision attacks. And then […]
Two factor authentication with OTP – as provided by YubiKey – makes you sleep well at night again. I recently figured that these substantially increase your password security – with what you know and what you have. They are very easy integrated into PAM – and the good news is most services on Linux can […]
I have to add a correction to my previous article “Enabling HSTS on nginx“: You can and should enable it on http as well, so that visitors of your website offer from this additional security benefit as well – when they come back.
If you want to enable HSTS on your nginx webserver, this is how you do it: add_header Strict-Transport-Security “max-age=315360000; includeSubdomains”; You need to put this only on the https server, not on the http only server – it wont work on http only.
I wrote – quite some time ago about those strange DNS queries what I have seen when Chromium (with the latest version of 17.0.963.79 (Developer Build 125985 Linux) Ubuntu 11.10 as well) is running, like this one: mmxavuhjug.home.lan. I was still puzzled and wanted to know whats going on, what this is for. First problem […]
I noticed something strange lately, when Google Chrom(ium) 12.0.742.112 (90304) on my up-to-date Ubuntu 11.04 is running, it sends in 10 seconds interval always DNS queries out similar to these: 09:28:54.892711 IP linux.home.lan.52626 > ipv4gw.home.lan.domain: 55443+ AAAA? www.google.com. (32) 09:28:54.899660 IP linux.home.lan.33455 > ipv4gw.home.lan.domain: 13122+ PTR? 126.96.36.199.in-addr.arpa. (42) 09:28:54.900955 IP ipv4gw.home.lan.domain > linux.home.lan.33455: 13122* 1/0/0 […]
A new version of the Core Rule Set (CRS) for ModSecurity was release a couple of days back. I wanted to blog about it, as I find the changes to the previous version 2.0.9 are quite amazing, but I did not find the time to do that. So here is my list what I really […]