The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Power User’ Category

« Previous Entries
Next Entries »

Windows Firewall: Block rules take precedence over Allow rules

Posted by jpluimers on 2018/05/07

Reminder to self for Windows Firewall: Block rules take precedence over Allow rules (see * below as actually it is even more complex); [WayBackFirewall Rule Properties Page: General Tab has

Firewall rules are evaluated in the following order:

  1. Allow if secure with Override block rules selected in the Customize Allow if Secure Settings dialog box.
  2. Block the connection.
  3. Allow the connection.
  4. Default profile behavior (allow or block as specified on the applicable Profile tab of the Windows Firewall with Advanced Security Properties dialog box).

Within each category, rules are evaluated from the most specific to the least specific. A rule that specifies four criteria is selected over a rule that specifies only three criteria.

Which means that this will block TCP port 1024 traffic to bar.exe:

The Block rules are inserted by Windows if you click “Cancel” on a dialog like this (note the lowercase path, despite the application being at C:\Program Files (x86)\Foo\Bar.exe):

Read the rest of this entry »

Posted in Firewall, Infrastructure, Power User, Windows | 1 Comment »

CoreFreq – A Powerful CPU Monitoring Tool for Linux Systems

Posted by jpluimers on 2018/05/07

I need to check out if it finally got available for OpenSuSE: [WayBackCoreFreq – A Powerful CPU Monitoring Tool for Linux Systems

via:

Read the rest of this entry »

Posted in *nix, *nix-tools, Linux, openSuSE, Power User, ps, SuSE Linux | 2 Comments »

How to move Gmail sub-label out of hiearchy – Web Applications Stack Exchange

Posted by jpluimers on 2018/05/04

Source: [WayBack] How to move Gmail sub-label out of hiearchy – Web Applications Stack Exchange

  1. Hover over the label
  2. Click the down error
  3. Choose Edit
  4. Change the nesting

–jeroen

Posted in GMail, Google, Power User | Leave a Comment »

Old Google+ versions and photo backup may stop working on May 20, 2018 – Google+ Help

Posted by jpluimers on 2018/05/04

This message was sent because you may have an older version of the Google+ app installed on one of your mobile devices.

Now if the message would tell on which device, I could find it….

Source: [WayBackOld Google+ versions and photo backup may stop working on May 20, 2018 – Google+ Help

–jeroen

Posted in G+: GooglePlus, Google, Power User | Leave a Comment »

Penetration Testing Tools and nmap Cheat Sheets

Posted by jpluimers on 2018/05/04

Via [WayBack] Penetration Testing Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ #Security – This is why I Code – Google+

Penetration testing tools cheat sheet, a high level overview / quick reference cheat sheet for penetration testing.

Source: [Archive.isPenetration Testing Tools Cheat Sheet

Nmap Cheat Sheet, examples and practical examples

Source: [Archive.isNmap Cheat Sheet

Posted in *nix, *nix-tools, nmap, Power User | Leave a Comment »

Dear Twitter: masked passwords are not the same as hashed passwords. Please refrain from storing them in any recoverable form.

Posted by jpluimers on 2018/05/04

Apparently Twitter not only logged plain text passwords, but they handle them in a masked form:

Keeping your account secure

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. Learn more

Go to Settings
Skip

This seems to imply passwords are not hashed, but can be recovered into plain text.

Please Twitter, ensure that passwords are never recoverable.

Note: after changing your password at https://twitter.com/settings/password visit https://twitter.com/settings/applications

–jeroen

Posted in LifeHacker, Power User | Leave a Comment »

Happy Password day – BTW: Use a password manager. Don’t reuse passwords. – The Isoblog.

Posted by jpluimers on 2018/05/04

Since it is password day, please read [WayBackUse a password manager. Don’t reuse passwords. – The Isoblog.

Background:

Lock it down. Add another layer to your password. PasswordDay.org #PasswordDay

–jeroen

Posted in LifeHacker, Power User | Leave a Comment »

GitLeaks – Search Engine for exposed secrets on the web

Posted by jpluimers on 2018/05/03

via: [WayBack] Yet another reason to be very careful with what you put in version control: GitLeaks – Search Engine for exposed secrets on the web https://gitleaks.com/This is why I Code – Google+

[Archive.isGitLeaks – Search Engine for exposed secrets on the web

–jeroen

 

Posted in Development, Security, Software Development | Leave a Comment »

Client-Side Password Hashing – DelphiTools

Posted by jpluimers on 2018/05/03

Interesting thought on client-side password hashing: [Archive.isClient-Side Password Hashing – DelphiTools.

I’ve ambivalent feelings on it, especially since it will expose salt and other settings to the client.

On the other hand it tremendously helps when there are transparent proxies in between. Read the article for full details; here is just one quote below.

Maybe dual hashing would be in place: once at the client to prevent plain-text to go over MITM channels, and a second hash server side with different settings like salt to prevent brute force attacks.

I need to give this more thought.

The quote:

If you are using a regular Windows and a regular browser, access to HTTPS will go through the regular certificate chain, using regular certificate authority. You also benefit from extra security layers like Public Key Pinning.

But when a custom Root CA is installed, all that goes through the window: the custom Root CA allows the corporate proxies to issue “valid” certificates for any website (even google.com and the rest), and the public key pinning features are disabled:

How does key pinning interact with local proxies and filters?

Chrome does not perform pin validation when the certificate chain chains up to a private trust anchor. 

A key result of this policy is that private trust anchors can be used to proxy (or MITM) connections, even to pinned sites. “Data loss prevention” appliances, firewalls, content filters, and malware can use this feature to defeat the protections of key pinning.

All the major browsers have a similar behavior… because it is required to allow transparent proxies. And transparent proxies are the means through which the legal logging requirements are fulfilled.

So besides introducing a major MITM opportunity, this also means that there are legally-required corporate logs somewhere of all that went through HTTPS… including plain text passwords, if you did not hash them on the client-side.

These logs will have varying degrees of security when in the corporate domain… and next to none if they are ever requested by the legal system for an investigation.

–jeroen

 

Posted in Algorithms, Design Patterns, Development, Hashing, Power User, Security, Software Development | Leave a Comment »

Intel SSD 600p Series NVMe SSD Temperatures: ensure you cool it properly even for moderate use

Posted by jpluimers on 2018/04/30

A short while ago, I installed a pair of 1TB Intel 600p NVMe SSD devices.

Performing a straight rsync backup of some 100 gigabyte of data managed to shutdown both of them: the throttling was so much that VMware ESXi lost the volumes on it and showed “Permanently inaccessible device”.

I was quite surprised as the initial reviews did not mention any temperature problems, but apparently there are.

Since then I’ve put a 120mm fan near to it which made the problems go away, but it still every now and then jumped to over 60 degrees Celsius.

Later I “fixed” it in a better way for cooling getting the idle temperature around 30 degrees Celsius and heavy duty temperatures around 40 degrees Celsius:

I did not have to mount any M.2 heatsinks on them yet; they probably won’t fit under the fan anyway

Related links and products:

Related:

–jeroen

Posted in Hardware, NVMe, Power User, SSD | 1 Comment »

« Previous Entries
Next Entries »