The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,769 other followers

Archive for the ‘Security’ Category

CSP and bookmarklets

Posted by jpluimers on 2019/10/25

If you find out bookmarklets like the [WayBack] Press-This or [Archive.is] SubToMe do not work on some pages but to on others.

Often it’s not the bookmarklet, but a combination the site disabling CSP (Content Security Policy) and browsers not coping well with that, see for instance:

via:

–jeroen

Posted in Bookmarklet, CSP, Power User, Security, Web Browsers | Leave a Comment »

Researchers “unblur” images to gain access to Bitcoin wallet. The lesson here…

Posted by jpluimers on 2019/10/18

via: [WayBack] Researchers “unblur” images to gain access to Bitcoin wallet. The lesson here is that blurring sensitive images is no longer safe. – Kevin Powick – Google+:

Background information:

–jeroen

 

Posted in Bitcoin, Cryptocurrency, Power User, Security | Leave a Comment »

Bill Scannell on Twitter: Locked-out of a medical record after 60 seconds, becausesecurity?

Posted by jpluimers on 2019/10/14

When security prohibits getting work done, people will work around it.

Source: [WayBackBill Scannell‏ @scannell Locked-out of a medical record after 60 seconds, becausesecurity? This is an actual workaround spotted today in the wild.

via:

–jeroen

Posted in Power User, Security | Leave a Comment »

Running a feature branch from the letsencrypt certbot

Posted by jpluimers on 2019/09/27

So I won’t forget; the steps below based on and assumes ~/Versioned is the directory where you keep repositories in:

# cd ~/Versioned
# git clone https://github.com/certbot/certbot.git
...
# cd certbot
# git fetch --all
Fetching origin
# git checkout alt_override
Branch 'alt_override' set up to track remote branch 'alt_override' from 'origin'.
Switched to a new branch 'alt_override'
# ./certbot-auto --os-packages-only
OS packages installed.
# ./tools/venv.sh
... very long log ...
Please run the following command to activate developer environment:
source venv/bin/activate
# source ./venv/bin/activate
[venv] # venv/bin/certbot renew --force-renewal

–jeroen

Posted in Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

There are still sites limiting password lengt to low values like 20 or 15. Don’t!

Posted by jpluimers on 2019/08/26

There are still sites limiting password lengt to low values like 20 or 15. Don’t!

The why at [WayBackImplement Proper Password Strength Controls: Password Length has been in place since October 2012, since when cracking passwords has become way faster, so risk at length 20 back then is now a risk at something like length 40.

Password Length

Longer passwords provide a greater combination of characters and consequently make it more difficult for an attacker to guess.

  • Minimum length of the passwords should be enforced by the application.
    • Passwords shorter than 10 characters are considered to be weak (NIST SP800-132).

While minimum length enforcement may cause problems with memorizing passwords among some users, applications should encourage them to set passphrases (sentences or combination of words) that can be much longer than typical passwords and yet much easier to remember.

  • Maximum password length should not be set too low, as it will prevent users from creating passphrases. Typical maximum length is 128 characters.
    • Passphrases shorter than 20 characters are usually considered weak if they only consist of lower case Latin characters.

–jeroen

via:

 

Posted in LifeHacker, Power User, Security | Leave a Comment »

 
%d bloggers like this: