The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,420 other followers

Archive for the ‘Encryption’ Category

Many http headers via 🔎Julia Evans🔍 on Twitter: “some security headers… “

Posted by jpluimers on 2021/07/20

An image on CORS will follow; likely more on related topics too. [WayBack] 🔎Julia Evans🔍 on Twitter: “some security headers… “ about:

Interesting comments in the thread.

More to follow: [Archive.is] 🔎Julia Evans🔍 on Twitter: “going to talk about CORS headers on a different page because that’s a Whole Thing but i’d love to know what else I left out / got wrong here :)” including these:

Read the rest of this entry »

Posted in Communications Development, Development, Encryption, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP | Leave a Comment »

Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.

Posted by jpluimers on 2021/01/11

Cool: [WayBack] Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE.

Their motivation and background: [WayBack] About Internet.nl

–jeroen

Posted in Encryption, HTTPS/TLS security, Power User, Security | Leave a Comment »

mkcert: valid HTTPS certificates for localhost (Windows/Mac/Linux) — a short blog post about it, by FiloSottile

Posted by jpluimers on 2020/12/21

Cool: [WayBack] Filippo Valsorda on Twitter: “mkcert: valid HTTPS certificates for localhost — a short blog post mkcert now that it’s almost done 🔒 “

Blog post: [WayBackmkcert: valid HTTPS certificates for localhost:

The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let’s Encrypt, development still mostly ends up happening over HTTP because no one can get an…

Code: [WayBack] GitHub – FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you’d like.

It is cross platform and works way better than good old Windows makecert (which is from the 2000’s era: [Archive.is] Public Key Infrastructure: Second European PKI Workshop: Research and … – David Chadwick, Greece) European PKI Workshop: Research and Applications (1st : 2004 : Samos Island – Google Books).

Related:

–jeroen

Read the rest of this entry »

Posted in *nix, Apple, Encryption, HTTPS/TLS security, Linux, Mac OS X / OS X / MacOS, Power User, Security, Windows | Leave a Comment »

Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Posted by jpluimers on 2020/10/16

Nice thread as it talks a bit about how keep your own stuff secure with companies doing MitM, or have VPN infrastrcuture.

[WayBack] Facebook ist in Bezug auf Kundenzufriedenheit und Vertrauen in Umfragen zieml…

Most larger TLS based web-sites now have HSTS so detect MitM.

Having a proxy locally helps checking the certificates.

Corporate laptops usually has device management. If they use MitM, their root certificates are usually put back automatically. But not all software uses the same root certificate store (:

In the past, I have used [WayBack] cntlm, or VPN (routing only corporate traffic over VPN).

There are corporate VPN variants, which take over the complete routing table or even run arbitrary scripts as root on your box on connect in order to do “endpoint validation”. And then there is OpenVPN, which routes the traffic that the company shall see to the company and lets you use normal connectivity for the rest.

You want openvpn, in all cases.

Another trick I have used is to VPN/SSH out of a corporate box and route some of the traffic over it.

Finally, for some larger corporate VPN software, there is an open source replacement that has better configuration options: OpenConnect supports AnyConnect, Juniper and GlobalProtect.

Related: picture on the right via [WayBack] Torsten Kleinz – Google+

–jeroen

Posted in Cntlm, Encryption, HTTPS/TLS security, Power User, Security, Windows, Windows-Http-Proxy | Leave a Comment »

SSL certificates – not optional | Open Query Pty Ltd

Posted by jpluimers on 2020/09/04

Some tips on using the certbot for Let’s Encrypt and the support for wildcard certificates through DNS updates: [WayBack] SSL certificates – not optional | Open Query Pty Ltd

–jeroen

Posted in Encryption, HTTPS/TLS security, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

 
%d bloggers like this: