Category Archives : Security


Re: Heartbleed Bug: Public urged to reset all passwords

A friend of mine asked me on that article on BBC whether you should change all your password due to that Heartbleed bug within SSL. It seems there are a few things floating around, a few misconceptions and misunderstanding about the problem. First of all, when you access – a banking site for example, you usually […]


GBit connection but only ~12MBytes/s transferrate over SSH?

I came about that my SSH setup was only able to transfer ~12MBytes/s. After some digging I found out that SSHv2 is by default using “3des” as the cipher. When I set it specifically with “-c blowfish” to a another secure, but much faster block cipher, I got ~24MBytes/s. If you want you can configure […]


Comment on “Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key”

I just came across  Symantec SSL certificates feature cryptography 10k times harder to break than RSA-bit key and Symantec/VeriSign Expands Encryption Options For SSL Digital Certificates. I must say, I am stunned. AFAIK no certificate has been “broken” yet, and those few ones what have, were implementation errors or via MD5 collision attacks. And then […]


Two factor authentication with YubiKey

Two factor authentication with OTP – as provided by YubiKey – makes you sleep well at night again. I recently figured that these substantially increase your password security – with what you know and what you have. They are very easy integrated into PAM – and the good news is most services on Linux can […]


Enabling HSTS on nginx II

I have to add a correction to my previous article “Enabling HSTS on nginx“: You can and should enable it on http as well, so that visitors of your website offer from this additional security benefit as well – when they come back.


Enabling HSTS on nginx

If you want to enable HSTS on your nginx webserver, this is how you do it: add_header Strict-Transport-Security “max-age=315360000; includeSubdomains”; You need to put this only on the https server, not on the http only server – it wont work on http only.


Strange DNS queries when Google Chrom(ium) is running – Part 2

I wrote – quite some time ago about those strange DNS queries what I have seen when Chromium (with the latest version of 17.0.963.79 (Developer Build 125985 Linux) Ubuntu 11.10 as well) is running, like this one: mmxavuhjug.home.lan. I was still puzzled and wanted to know whats going on, what this is for. First problem […]


Strange DNS queries when Google Chrom(ium) is running

I noticed something strange lately, when Google Chrom(ium) 12.0.742.112 (90304) on my up-to-date Ubuntu 11.04 is running, it sends in 10 seconds interval always DNS queries out similar to these: 09:28:54.892711 IP linux.home.lan.52626 > ipv4gw.home.lan.domain: 55443+ AAAA? www.google.com. (32) 09:28:54.899660 IP linux.home.lan.33455 > ipv4gw.home.lan.domain: 13122+ PTR? 1.1.168.192.in-addr.arpa. (42) 09:28:54.900955 IP ipv4gw.home.lan.domain > linux.home.lan.33455: 13122* 1/0/0 […]