The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,798 other followers

Archive for the ‘https’ Category

« Previous Entries

Some ChromeCast URLs

Posted by jpluimers on 2017/02/01

I need to check these against a Chromecast v2 as the below URLs are from a v1 device:

More is possible by using cURL: Chromecast Hacking Has Begun | fiquett.com

sleep 8h; while true; do
curl -H "Content-Type: application/json" http://192.168.71.113:8008/apps/YouTube -X POST -d 'v=somevideo';
done

–jeroen

via:

https://www.reddit.com/r/Chromecast/comments/24i8x3/thoughts_on_a_chromecast_alarm_app/

Posted in Chromecast, Communications Development, Development, Google, Hardware Interfacing, HTTP, https, Internet protocol suite, REST, Security, TCP | 3 Comments »

List of “Plain Text Offenders”; hopefully someone publishes a list of https offenders too

Posted by jpluimers on 2016/10/24

This Plain Text Offenders site lists email screenshots of organisations sending back plain-text passwords they kept on file (According to Robert Love, Idera/Embarcadero should be on the list as well).

It is one of the most horrible things that can be done for a password.

Business and IT do many horrible things, so I really hope someone will start a similar site about SSL Labs F-rated domains. The ones that are so broken that they degraded their https to virtually plain-text http quality.

In the past, a notorious example of this was Embarcadero, who in the past managed to get F-rating or had wrong configurations on the below domains, therefore preventing me from logging in and getting new products from them (which is far worse than them not cleaning up their bug database):

Read the rest of this entry »

Posted in Delphi, Development, Hashing, https, OpenSSL, Power User, Public Key Cryptography, QC, Security, Signing, Software Development | 3 Comments »

Heittps enabled – a hardest part of https-ing a suite of sites is getting rid of “Mixed Content”

Posted by jpluimers on 2016/09/26

“Heittps enabled.” and working for most parts: Verschlüsselung: heise online und Heise-Onlinedienste per HTTPS erreichbar heise.de [WayBack]

A hard part in getting there is fixing “Mixed Content” errors. Report them at https://www.heise.de/newsticker/meldung/Verschluesselung-heise-online-und-Heise-Onlinedienste-per-HTTPS-erreichbar-3331421.html

Earlier this Dutch tech site did the same: Tweakers stapt over op https – Waarom https? – Achtergrond – Tweakers [WayBack] and faced similar “Mixed Content” fixing challenges [WayBack].

–jeroen

Source: Na endlich. РKristian K̦hntopp РGoogle+

 

Posted in https, Security | Leave a Comment »

Cool: HTTPSWatch tracks the HTTPS support of prominent websites.

Posted by jpluimers on 2016/09/23

HTTPSWatch tracks the HTTPS support of prominent websites.

Source: HTTPSWatch | Global

Like on the right side.

https isn’t everywhere yet, but growing.

–jeroen

Posted in https, Power User, Security | Leave a Comment »

Windows Flaw Reveals Microsoft Account Passwords, VPN Credentials

Posted by jpluimers on 2016/08/08

Attack from the ’90s resurfaces more deadly than before

Source: Windows Flaw Reveals Microsoft Account Passwords, VPN Credentials

TL;DR: block LAN->WAN port 445

Note this won’t affect web-dav shares like \live.sysinternals.com\DavWWWRoot as that uses ports 443 and 80.

–jeroen

via:

Posted in Communications Development, Development, https, Internet protocol suite, Microsoft Surface on Windows 7, NTLM, Power User, Security, SMB, TCP, WebDAV, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows XP | Leave a Comment »

« Previous Entries
 
%d bloggers like this: