{"id":400,"date":"2011-03-24T05:53:54","date_gmt":"2011-03-24T10:53:54","guid":{"rendered":"http:\/\/rud.is\/b\/?p=400"},"modified":"2017-03-27T09:39:26","modified_gmt":"2017-03-27T14:39:26","slug":"repairing-strict-transport-security-in-chrome-on-os-x","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/","title":{"rendered":"“Repairing” Strict Transport Security in Chrome on OS X"},"content":{"rendered":"

One of my subdomains is for mail and I was using an easy DNS hack to point it to my hosted Gmail setup (just create a CNAME pointing to ghs.google.com<\/code>). This stopped working for some folks this week and I’ve had no time to debug exactly why so I decided to go back to a simple HTTP 301 redirect to avoid any glitches (for whatever reason) in the future – or, at least ensure the glitches were due to any ineptness on my part. Unfortunately, this created an interesting problem that I had not foreseen. <\/p>\n

I started playing with Strict Transport Security<\/a> (HSTS) a while ago and – for kicks & some enhanced WordPress & Drupal cookie security – moved a couple domains to it. I neglected to actually pay for a cert that would give me wildcard subdomain usage and only put in a couple domains for the cert request. I neglected to put the mail one in and that caused Chrome to not honor the redirect due to the certificate not being valid for the mail domain.<\/p>\n

I tweaked theStrict-Transport-Security<\/code> header setting in my nginx<\/code> config to not include subdomains, but it seems Chrome had already tucked the entry into (on OS X):<\/p>\n

[code padlinenumbers=”false” gutter=”false”]~\/Library\/Application Support\/Google\/Chrome\/Default\/TransportSecurity[\/code]<\/p>\n

and was ignoring the new expiration and subdomain settings I was now sending. Again, no time to research why as I really just needed to get the mail redirect working. I guessed that removing the entry would be the easiest way to bend Chrome to my will but it turns out that it’s not that simple since the browser seems to hash the host value:<\/p>\n

[code]"wA9USN1KVIEHgBTF9j2q0wPLlLieQoLrXKheK9lkgl8=": {
\n "created": 1300919611.230054,
\n "expiry": 1303563439.443086,
\n "include_subdomains": true,
\n "mode": "strict"
\n },[\/code]<\/p>\n

(I have no idea which host that is, btw.)<\/p>\n

I ended up backing up the TransportSecurity<\/code> file and removing all entries from it. Any site I visit that has the cookie will re-establish itself and it cleared up the redirect issue. I still need to get a new certificate, but that can wait for another day.<\/p>\n

Windows and Linux folk should be able to find that file pretty easily in their home directories if they are experiencing any similar issue. If you can’t find it, drop a note in the comments and I’ll dig out the locations.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of my subdomains is for mail and I was using an easy DNS hack to point it to my hosted Gmail setup (just create a CNAME pointing to ghs.google.com). This stopped working for some folks this week and I’ve had no time to debug exactly why so I decided to go back to a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[60,57,59,56,58],"tags":[107,743,244,398,178,385,736,125,396,397,140],"class_list":["post-400","post","type-post","status-publish","format-standard","hentry","category-certificates","category-chrome","category-hsts","category-ssl","category-strict-transport-security","tag-computing","tag-dns","tag-google","tag-google-chrome","tag-http","tag-http-cookie","tag-linux","tag-mac-os-x","tag-nginx","tag-system-software","tag-web-development"],"yoast_head":"\n"Repairing" Strict Transport Security in Chrome on OS X - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\""Repairing" Strict Transport Security in Chrome on OS X - rud.is\" \/>\n<meta property=\"og:description\" content=\"One of my subdomains is for mail and I was using an easy DNS hack to point it to my hosted Gmail setup (just create a CNAME pointing to ghs.google.com). This stopped working for some folks this week and I’ve had no time to debug exactly why so I decided to go back to a […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-03-24T10:53:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T14:39:26+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"“Repairing” Strict Transport Security in Chrome on OS X\",\"datePublished\":\"2011-03-24T10:53:54+00:00\",\"dateModified\":\"2017-03-27T14:39:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/\"},\"wordCount\":415,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"Computing\",\"DNS\",\"Google\",\"Google Chrome\",\"http\",\"HTTP cookie\",\"Linux\",\"Mac OS X\",\"Nginx\",\"System software\",\"Web development\"],\"articleSection\":[\"Certificates\",\"Chrome\",\"HSTS\",\"SSL\",\"Strict Transport Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/\",\"name\":\"\\\"Repairing\\\" Strict Transport Security in Chrome on OS X - rud.is\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\"},\"datePublished\":\"2011-03-24T10:53:54+00:00\",\"dateModified\":\"2017-03-27T14:39:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/2011\\\/03\\\/24\\\/repairing-strict-transport-security-in-chrome-on-os-x\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/rud.is\\\/b\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"“Repairing” Strict Transport Security in Chrome on OS X\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#website\",\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/rud.is\\\/b\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/rud.is\\\/b\\\/#\\\/schema\\\/person\\\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/rud.is\\\/b\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\\\/\\\/rud.is\"],\"url\":\"https:\\\/\\\/rud.is\\\/b\\\/author\\\/hrbrmstr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\"Repairing\" Strict Transport Security in Chrome on OS X - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/","og_locale":"en_US","og_type":"article","og_title":"\"Repairing\" Strict Transport Security in Chrome on OS X - rud.is","og_description":"One of my subdomains is for mail and I was using an easy DNS hack to point it to my hosted Gmail setup (just create a CNAME pointing to ghs.google.com). This stopped working for some folks this week and I’ve had no time to debug exactly why so I decided to go back to a […]","og_url":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/","og_site_name":"rud.is","article_published_time":"2011-03-24T10:53:54+00:00","article_modified_time":"2017-03-27T14:39:26+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"“Repairing” Strict Transport Security in Chrome on OS X","datePublished":"2011-03-24T10:53:54+00:00","dateModified":"2017-03-27T14:39:26+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/"},"wordCount":415,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["Computing","DNS","Google","Google Chrome","http","HTTP cookie","Linux","Mac OS X","Nginx","System software","Web development"],"articleSection":["Certificates","Chrome","HSTS","SSL","Strict Transport Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/","url":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/","name":"\"Repairing\" Strict Transport Security in Chrome on OS X - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-03-24T10:53:54+00:00","dateModified":"2017-03-27T14:39:26+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/03\/24\/repairing-strict-transport-security-in-chrome-on-os-x\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"“Repairing” Strict Transport Security in Chrome on OS X"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-6s","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":4267,"url":"https:\/\/rud.is\/b\/2016\/04\/11\/clandestine-dns-lookups-with-gdns\/","url_meta":{"origin":400,"position":0},"title":"Clandestine DNS lookups with gdns","author":"hrbrmstr","date":"2016-04-11","format":false,"excerpt":"Google recently [announced](https:\/\/developers.google.com\/speed\/public-dns\/docs\/dns-over-https) their DNS-over-HTTPS API, which _\"enhances privacy and security between a client and a recursive resolver, and complements DNSSEC to provide end-to-end authenticated DNS lookups\"_. The REST API they provided was pretty simple to [wrap into a package](https:\/\/github.com\/hrbrmstr\/gdns) and I tossed in some [SPF](http:\/\/www.openspf.org\/SPF_Record_Syntax) functions that I had\u2026","rel":"","context":"In "APIs"","block_context":{"text":"APIs","link":"https:\/\/rud.is\/b\/category\/apis\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2016\/04\/Fullscreen_4_11_16__1_10_AM.png?fit=1173%2C1013&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2016\/04\/Fullscreen_4_11_16__1_10_AM.png?fit=1173%2C1013&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2016\/04\/Fullscreen_4_11_16__1_10_AM.png?fit=1173%2C1013&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2016\/04\/Fullscreen_4_11_16__1_10_AM.png?fit=1173%2C1013&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2016\/04\/Fullscreen_4_11_16__1_10_AM.png?fit=1173%2C1013&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":12060,"url":"https:\/\/rud.is\/b\/2019\/03\/05\/heads-up-roll-your-own-http-headers-investigations-with-the-hdrs-package\/","url_meta":{"origin":400,"position":1},"title":"Head’s Up! Roll Your Own HTTP Headers Investigations with the ‘hdrs’ Package","author":"hrbrmstr","date":"2019-03-05","format":false,"excerpt":"I blathered alot about HTTP headers in the last post. In the event you wanted to dig deeper I threw together a small package that will let you grab HTTP headers from a given URL and take a look at them. The README has examples for most things but we'll\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12016,"url":"https:\/\/rud.is\/b\/2019\/03\/03\/cran-mirror-security\/","url_meta":{"origin":400,"position":2},"title":"CRAN Mirror “Security”","author":"hrbrmstr","date":"2019-03-03","format":false,"excerpt":"In the \"Changes on CRAN\" section of the latest version of the The R Journal (Vol. 10\/2, December 2018) had this short blurb entitled \"CRAN mirror security\": Currently, there are 100 official CRAN mirrors, 68 of which provide both secure downloads via \u2018https\u2019 and use secure mirroring from the CRAN\u2026","rel":"","context":"In "Cybersecurity"","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2969,"url":"https:\/\/rud.is\/b\/2014\/04\/25\/moving-from-system-calls-to-rcpp-interfaces\/","url_meta":{"origin":400,"position":3},"title":"Moving From system() calls to Rcpp Interfaces","author":"hrbrmstr","date":"2014-04-25","format":false,"excerpt":"Over on the [Data Driven Security Blog](http:\/\/datadrivensecurity.info\/blog\/posts\/2014\/Apr\/making-better-dns-txt-record-lookups-with-rcpp\/) there's a post on how to use `Rcpp` to interface with an external library (in this case `ldns` for DNS lookups). It builds on [another post](http:\/\/datadrivensecurity.info\/blog\/posts\/2014\/Apr\/firewall-busting-asn-lookups\/) which uses `system()` to make a call to `dig` to lookup DNS `TXT` records. The core code\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":14213,"url":"https:\/\/rud.is\/b\/2023\/07\/09\/new-r-package-hhhash\/","url_meta":{"origin":400,"position":4},"title":"New R Package For HTTP Headers Hashing","author":"hrbrmstr","date":"2023-07-09","format":false,"excerpt":"HTTP Headers Hashing (HHHash) is a technique developed by Alexandre Dulaunoy to gen\u00aderate a fingerprint of an HTTP server based on the headers it returns. It employs one-way hashing to generate a hash value from the list of header keys returned by the server. The HHHash value is calculated by\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12790,"url":"https:\/\/rud.is\/b\/2020\/07\/10\/a-look-at-pan-os-versions-with-a-bit-of-r\/","url_meta":{"origin":400,"position":5},"title":"A Look at PAN-OS Versions with a Bit of R","author":"hrbrmstr","date":"2020-07-10","format":false,"excerpt":"The incredibly talented folks over at Bishop Fox were quite generous this week, providing a scanner for figuring out PAN-OS GlobalProtect versions. I've been using their decoding technique and date-based fingerprint table to keep an eye on patch status (over at $DAYJOB we help customers, organizations, and national cybersecurity centers\u2026","rel":"","context":"In "Cybersecurity"","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=400"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/400\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}