Yesterday my employment contract ended, after more than ten years at a big software company. I feel free now. Weirdly. Cause it’s not like I wasn’t free in my work there. I had a lot of freedom in what I was working on and how I organized my work. And, I was working alongside some …
Tag Archives: security
Shoot yourself in the foot: crypttab edition [en]
I’m running Ubuntu on my laptop, using the standard disk-encryption that the Ubuntu installer provides. (Well, the one it provided a couple of years back, when I last installed from scratch.) This setup uses cryptsetup with LUKS on the main partition. This in turn contains an LVM physical volume, which contains a volume group with …
Continue reading “Shoot yourself in the foot: crypttab edition [en]“
XSS Demo [en]
Finally some good use for my new infrastructure. I’ve had this small Angular app lying around, which I wrote for a presentation/demo on XSS a couple of years ago. So far, I’ve run it locally to demonstrate XSS vulnerabilities and how to exploit them. Now I have a place to put it and share it …
The B in BYOK stands for Bullshit [en]
I’ve recently encountered someone, who insisted on a Bring-Your-Own-Key (BYOK) setup for compliance reason. I’ve always been skeptical about that and I didn’t have to search long for confirmation. This is what the Wikipedia article on BYOK has to say: […] a cloud computing security marketing model […] […] gives the enterprise the perceived control …
Let’s Revoke! [en]
Getting TLS certificates from Let’s Encrypt is easy, but that’s just part of the story. It may sound paranoid, but being able to revoke certs is almost equally important. The premise is that there’s always a chance that your private keys will leak. Maybe it will never happen to me, but it will eventually happen …
Let’s Encrypt! [en]
… is where I’m getting the TLS certificates for this blog nowadays (after moving away from CAcert). I’ve been using Let’s Encrypt at work now and then. Many colleagues in my department are heavy users and my employer is a sponsor. So I knew what to expect and how to get started. Nevertheless, here’s a …
Goodbye CAcert [en]
When I started this blog back in 2010, I wanted HTTPS, but I didn’t want to pay extra for it. Back then that wasn’t as easy as it is today. So I compromised and got my TLS certificates from CAcert. Problem was that almost no OS or browser vendor trusted their certs. Debian and Ubuntu …
OK, Boomer [en]
Looking for a web security challenge? I recommend this XSS Game. Frankly, I’ve even struggled with some of the “easy” warmups. Let alone the challenges. Luckily, they’ve published solutions, too. Kudos to Pwn()!
OpenSSL CLI-Cheat-Sheet [en]
The OpenSSL library is utilized by a wide range of other open-source projects, like web-servers, mail-servers, VPN-servers, etc. When dealing with such software and SSL, it often proves useful to be familiar with the openssl command-line tools. Of course, OpenSSL does have great man-pages, and a quick web-search reveals plenty of usage examples. However, OpenSSL …
Ubuntu Full-Disk-Encryption – A Field Report [en]
Since my old notebook computer recently gave up on me, I had to install a new one from scratch. I finally decided to give Ubuntu a go, after I had been using Debian (testing) for almost a decade. I must say that I’m really impressed with Ubuntu’s lean installation process, which handles diverse aspects like …
Continue reading “Ubuntu Full-Disk-Encryption – A Field Report [en]“