UPDATE: Fixed link to cached Obama image thx to notice from JB While the two front-running candidates engaged in a bizarre, Klingon-esque ritual of hubris regarding which one was the better killer, their respective technical campaign staffers were failing to make the grade on security when it comes to taking your donations. Earlier this week,… Continue reading
Post Category → Certificates
Slaying the BEAST in nginx
Just a quick post as I noticed that my nginx configuration was vulnerable to the BEAST attack thanks to the #spiffy SSL Certificate Tester from Qualys (I scored an “A”, btw :-). The nginx docs show how to do this, now, and it’s pretty simple (very similar to the Apache configuration, in fact): ssl_ciphers RC4:HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers… Continue reading
DNSChanger Detector
The FBI made a tool to help you determine if you were a victim of the DNSChanger malware. If you’re like many casual Internet users, you have no idea how to get the information to plug into the input box. Unfortunately, the security model of most modern browsers makes it impossible to easily retrieve this… Continue reading
WEIS 2011 :: Session 2 :: Identity :: The Inconvenient Truth About Web Certificates
Nevena Vratonjic Julien Freudiger Vincent Bindschaedler Jeane-Pierre Hubaux Presentation [PDF] Twitter transcript #weis2011 Overview of basic ssl/tls/https concepts. Asking: how prevalent is https, what are problems with https? #weis2011 Out of their large sample, only 1/3 (34.7%) have support for https, login is worse! only 22.6% < #data! #weis2011 (me) just like Microsoft for patches/vulns,… Continue reading
“Repairing” Strict Transport Security in Chrome on OS X
One of my subdomains is for mail and I was using an easy DNS hack to point it to my hosted Gmail setup (just create a CNAME pointing to ghs.google.com). This stopped working for some folks this week and I’ve had no time to debug exactly why so I decided to go back to a… Continue reading