The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,824 other followers

Archive for the ‘Security’ Category

Positive Technologies – learn and secure : Disabling Intel ME 11 via undocumented mode

Posted by jpluimers on 2017/09/04

Interesting: [WayBack/Archive.isPositive Technologies – learn and secure : Disabling Intel ME 11 via undocumented mode

Repository: ptresearch/unME11: Intel ME 11.x Firmware Images Unpacker

More archived links:

Via: [WayBack] The NSA is running Intel machines with ME off, and so can you: http://blog.koehntopp.info/index.php/2508-turning-off-the-intel-management-engine-me/ – Kristian Köhntopp – Google+

–jeroen

Posted in Power User, Security | Leave a Comment »

ssl/ssh multiplexer

Posted by jpluimers on 2017/08/07

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.

Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.

sslh supports IPv6, privilege dropping, transparent proxying, and more.

Interesting…

–jeroen

Posted in *nix, https, Linux, OpenSSL, OpenVPN, Power User, Security | Leave a Comment »

Reminder to self: testssl.sh has supported IPv6 for a long while if the OpenSSL binary supports it

Posted by jpluimers on 2017/07/31

testssl.sh has supported IPv6 for a long while if the OpenSSL binary supports it

See the below thread, specifically the mentioned comments.

–jeroen

Posted in OpenSSL, Power User, Security, testssl.sh | Leave a Comment »

Sending various HTTP request kinds using curl

Posted by jpluimers on 2017/07/25

I’ve been using cURL but always had a feeling not to its potential basically because the cURL man page [WayBack] is both massive and lacks concrete useful practical examples.

For instance, I knew about the --header and --verbose options (I always use verbose names even though shorter -H and -v exist) to pass a specific header and get verbose output, but the man page basic examples like this by Tader:

curl --header --verbose "X-MyHeader: 123" http://www.google.com

source: How to send a header using a HTTP request through a curl call? – Stack Overflow [WayBack]

There are some more examples at bropages.org/curl but they’re hardly organised or documented.

So I was really glad I found the below answer [WayBack] by Amith Koujalgi to web services – HTTP POST and GET using cURL in Linux – Stack Overflow.

But first note that recent versions (around 7.22 or higher) of cURL now need to combine the --silent and --show-error (or in short -sS) parameters to suppress progress but show errors: linux – How do I get cURL to not show the progress bar? – Stack Overflow [WayBack]

Back to the examples

Read the rest of this entry »

Posted in *nix, Communications Development, cURL, Delphi, Development, HTTP, https, Internet protocol suite, JavaScript/ECMAScript, JSON, Power User, REST, Scripting, Security, Software Development, TCP, TLS, XML, XML/XSD | 1 Comment »

Posted by jpluimers on 2017/06/30

It’s such an all time classic from 2006 that people even kept scans of the original 2006 Computer World publication by [WayBack] John Klossner.

Over the last few years, it has done its round over the internet a few times, so I did some digging for the scans, colour and mono originals.

Data security versus Human Error.

In this corner, we have firewalls, encryption, antivirus software, etc. And in this corner, we have Dave!!

[WayBackJohn Klossner Cartoons: Computer World has the original black and white version: it’s even a gif!

Way better than the scan from paper: [WayBackShackF00 » Weekend Round-up: Google Issues and a Sad-but-True Comic

In 2014, Spiceworks re-ran the black and white one: [WayBackAnd in THIS corner we have Dave! (Funny cartoon) – IT Security – Spiceworks

In 2015, Wombat Security published a coloured version on social media, and even bigger too: not just large, huge as well (:

–jeroen

via: [WayBack] Dave – CodeProject – Google+

Read the rest of this entry »

Posted in Encryption, Firewall, Fun, Power User, Security | Leave a Comment »

 
%d bloggers like this: