The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,231 other followers

Archive for the ‘Encryption’ Category

Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.

Posted by jpluimers on 2021/01/11

Cool: [WayBack] Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.

Their motivation and background: [WayBack] About Internet.nl

–jeroen

Posted in Encryption, HTTPS/TLS security, Power User, Security | Leave a Comment »

mkcert: valid HTTPS certificates for localhost (Windows/Mac/Linux) — a short blog post about it, by FiloSottile

Posted by jpluimers on 2020/12/21

Cool: [WayBack] Filippo Valsorda on Twitter: “mkcert: valid HTTPS certificates for localhost — a short blog post mkcert now that it’s almost done 🔒 “

Blog post: [WayBackmkcert: valid HTTPS certificates for localhost:

The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let’s Encrypt, development still mostly ends up happening over HTTP because no one can get an…

Code: [WayBack] GitHub – FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you’d like.

It is cross platform and works way better than good old Windows makecert (which is from the 2000’s era: [Archive.is] Public Key Infrastructure: Second European PKI Workshop: Research and … – David Chadwick, Greece) European PKI Workshop: Research and Applications (1st : 2004 : Samos Island – Google Books).

Related:

–jeroen

Read the rest of this entry »

Posted in *nix, Apple, Encryption, HTTPS/TLS security, Linux, Mac OS X / OS X / MacOS, Power User, Security, Windows | Leave a Comment »

Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Posted by jpluimers on 2020/10/16

Nice thread as it talks a bit about how keep your own stuff secure with companies doing MitM, or have VPN infrastrcuture.

[WayBack] Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Most larger TLS based web-sites now have HSTS so detect MitM.

Having a proxy locally helps checking the certificates.

Corporate laptops usually has device management. If they use MitM, their root certificates are usually put back automatically. But not all software uses the same root certificate store (:

In the past, I have used [WayBack] cntlm, or VPN (routing only corporate traffic over VPN).

There are corporate VPN variants, which take over the complete routing table or even run arbitrary scripts as root on your box on connect in order to do “endpoint validation”. And then there is OpenVPN, which routes the traffic that the company shall see to the company and lets you use normal connectivity for the rest.

You want openvpn, in all cases.

Another trick I have used is to VPN/SSH out of a corporate box and route some of the traffic over it.

Finally, for some larger corporate VPN software, there is an open source replacement that has better configuration options: OpenConnect supports AnyConnect, Juniper and GlobalProtect.

Related: picture on the right via [WayBack] Torsten Kleinz – Google+

–jeroen

Posted in Cntlm, Encryption, HTTPS/TLS security, Power User, Security, Windows, Windows-Http-Proxy | Leave a Comment »

SSL certificates – not optional | Open Query Pty Ltd

Posted by jpluimers on 2020/09/04

Some tips on using the certbot for Let’s Encrypt and the support for wildcard certificates through DNS updates: [WayBack] SSL certificates – not optional | Open Query Pty Ltd

–jeroen

Posted in Encryption, HTTPS/TLS security, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

Cipher: a command-line tool to decrypt/encrypt files and directories (een recursively) on Windows

Posted by jpluimers on 2020/07/03

A while ago, I had to mass encrypt a lot of directories and files on Windows for some directories in an existing directory structure.

This helped me to find out which ones were already done (it lists all encrypted files on all drives; the /n ensures the files or encryption keys are not altered):

cipher.exe /u /n /h

This encrypted recursively in one directory B:\Directory:

cipher /D /S:B:\Directory /A

It also has options to wipe data (/W), export keys into transferrable files (/X) and many more.

If you like the Windows Explorer more then to encrypt/decrypt (it is a tedious process): [WayBack] How do I encrypt/decrypt a file? | IT Pro.

Via:

–jeroen

Posted in Encryption, NTFS, Power User, Security, Windows | Leave a Comment »

 
%d bloggers like this: