The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,651 other followers

Archive for the ‘Security’ Category

CAA Mandated by CA/Browser Forum | Qualys Blog

Posted by jpluimers on 2019/07/22

[WayBack] CAA Mandated by CA/Browser Forum | Qualys Blog

Certification Authority Authorization (CAA), specified in RFC 6844 in 2013, is a proposal to improve the strength of the PKI ecosystem with a new control to restrict which CAs can issue certificates…

Related:

–jeroen

Posted in Conferences, Event, Power User, Internet, Security, Encryption, DNS, Conference Topics, HTTPS/TLS security | Leave a Comment »

UPC Cable Modem / Ziggo Connect Box / Compal CH7465LG · Issue #122 · reverse-shell/routersploit

Posted by jpluimers on 2019/07/22

I wonder if this one is still exploitable: UPC Cable Modem / Ziggo Connect Box / Compal CH7465LG · Issue #122 · reverse-shell/routersploit

–jeroen

Posted in Power User, Security | Leave a Comment »

Government & Govt Owned – Netherlands – Phishing Scorecard

Posted by jpluimers on 2019/07/12

The archive is of late 2017; I wonder what the state is now: [WaybackGovernment & Govt Owned – Netherlands – Phishing Scorecard

This Phishing Scorecard is the current situation of the security of e-mail stream banks compared. If a bank is one of the technical building blocks to implement in their e-mail security the red cross will be a green check mark. Once a bank’s security policy has only green check marks will stand up and protect them 40% of their customers.

–jeroen

Via: [WayBack‘Mailservers Tweede Kamer missen beveiliging tegen e-mailspoofing’ – update – IT Pro – Nieuws – Tweakers

De mailservers van de Tweede Kamer missen beveiligingsmaatregelen die e-mailspoofing tegen moeten gaan, waardoor het mogelijk is om uit naam van politici e-mails te versturen. Dat blijkt uit een onderzoek van Follow the Money.

Posted in Power User, Security | Leave a Comment »

Some links about the TCP SACK PANIC attacks on Linux and FreeBSD Kernels

Posted by jpluimers on 2019/06/20

The TCP SACK vulnerabilities as found by Netflix: [WayBack] security-bulletins/2019-001.md at master · Netflix/security-bulletins · GitHub.

Easy, but slow workaround from [WayBack] linux – How to disable TCP SACK for CentOS? – Super User:

Temporary (until boot):

echo "0" > /proc/sys/net/ipv4/tcp_sack

Permanent (even after boot):

echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf
sysctl -p

Coverage:

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Security, TCP | Leave a Comment »

The Absurdly Underestimated Dangers of CSV Injection in Excel

Posted by jpluimers on 2019/06/14

Reminder to self: see if this is till a thing in spreadsheet applications: [WayBackThe Absurdly Underestimated Dangers of CSV Injection.

That 7 was "=2+5" in the CSV, but it got much worse.

–jeroen

via: [WayBack] The Absurdly Underestimated Dangers of CSV Injection #Security – ThisIsWhyICode – Google+

Posted in Power User, Security | Leave a Comment »

 
%d bloggers like this: