The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘https’ Category

Next Entries »

Index of /materials/haxpo2015ams

Posted by jpluimers on 2015/11/27

It feels like yesterday, but haxpo2015ams was already six months ago!

Session materials index:

Index of /materials/haxpo2015ams

[ICO] Name Last modified Size Description
[PARENTDIR] Parent Directory
[ ] D1 – Frank Breedijk – Help my Security Officer is Allergic to DevOps.pdf 2015-05-28 07:19 6.7M
[ ] D1 – Lisha Sterling – Hacking Humanitarian Project for Fun and Profit.pdf 2015-05-27 18:27 6.1M
[ ] D1 – Marc Newlin – ReDECTed.pdf 2015-05-27 16:56 1.7M
[ ] D1 – P. Mason, K. Flemming A. Gill – All Your Hostnames Are Belong to Us.pdf 2015-05-27 16:03 2.8M
[ ] D1 – Wouter van Rooij – Future Privacy.pdf 2015-05-27 16:16 715K
[ ] D2 – Bob Baxley – Privacy and Security in the Internet of Things.pdf 2015-05-28 17:00 7.1M
[ ] D2 – Edwin Sturrus – Data Security and Privacy in the Age of Cloud.pdf 2015-05-28 15:24 1.2M
[ ] D2 – Jessica Maes – Privacy in Digital Society.pdf 2015-05-28 12:18 4.1M
[ ] D2 – Jimmy Shah – BYOD is Now BYOT – Current Trends in Mobile APT.pdf 2015-05-28 15:55 3.6M
[ ] D3 – Jaya Baloo – Crypto is Dead Long Live Crypto.pdf 2015-05-29 17:17 4.4M
[ ] D3 – Jeroen van der Ham – Responsible Disclosure in The Netherlands.pdf 2015-05-29 16:37 1.7M
[ ] D3 – Oliver Matula and Christopher Scheuring – Evaluating the APT App Armor.pdf 2015-05-29 11:55 3.9M
[ ] D3 – R. Schaefer and J. Salazar – Pentesting in the Age of IPv6.pdf 2015-05-29 16:22 1.8M
[ ] D3 – Ruben van Vreeland – New Attack Vectors for Exploiting Web Platforms.pdf 2015-05-29 11:55 816K
[ ] HAXPO HIGHLIGHT – Andrew Tanenbaum – MINIX3.pdf 2015-05-28 15:19 9.2M
[ ] HAXPO HIGHLIGHT – Eleanor Saitta – Designing Security Outcomes.pdf 2015-05-29 15:15 1.4M
[ ] HAXPO HIGHLIGHT – Reuben Paul – The A-to-Z of CyberSecurity.pdf 2015-05-28 15:19 17M
[ ] HAXPO WELCOME – Richard Thieme – Too Much to Know.pdf 2015-05-27 13:37 6.3M
Apache/2.4.7 (Ubuntu) Server at haxpo.nl Port 80

–jeroen

Posted in *nix, *nix-tools, Encryption, Hashing, https, LifeHacker, OpenSSL, PKI, Power User, Public Key Cryptography, Security, Signing | Leave a Comment »

StartSSL indeed offers free Class1 certificates for any subdomain

Posted by jpluimers on 2015/11/20

Thanks Craine for answering:

StartSSL does in fact offer free SSL certs for subdomains, though they are Class 1 certificates.

It works: just start the process for the domain, then when you get to the step for entering a subdomain, enter any one (of course www works, but you can do the process multiple times so register certificates for multiple subdomains).

–jeroen

via: tls – Free second-level domain SSL certificate – Information Security Stack Exchange

Posted in *nix, *nix-tools, Apache2, https, Power User, Security | Leave a Comment »

HTTPS Everywhere Firefox/Chrome/Opera extension – Electronic Frontier Foundation

Posted by jpluimers on 2015/09/11

Over time this has become a must have: HTTPS Everywhere | Electronic Frontier Foundation developed by EFF and TOR.

Too bad many sites still do not work correctly with it.

This is especially true for places or networks where HTTP (or even worse HTTPS) is going through a MitM layer, for instance many mobile providers do this by injecting tracking bits to your traffic:

–jeroen

via: HTTPS Everywhere | Electronic Frontier Foundation.

Posted in https, Power User, Security | Leave a Comment »

Hacking Team had more and more need for SSL MITM

Posted by jpluimers on 2015/07/07

Interesting reads:

–jeroen

Posted in Communications Development, Development, https, Internet protocol suite, LifeHacker, Power User, Security, TCP, TLS | Leave a Comment »

Time to upgrade: SHAAAAAAAAAAAAA | Check your site for weak SHA-1 certificates.

Posted by jpluimers on 2015/06/01

They days of SHA-1 are quickly coming to an end. Chrome has already marked SHA-1 signed TLS/SSL certificates for having an expiration > 2015-12-31 as insecure for a few weeks now. They promised to sunset SHA-1 about 9 months ago.

So if you haven’t done so, upgrade your HTTPS (and HTTP/2 which defaults to TLS) certificates to SHA-2. A great site of help here is SHAAAAAAAAAAAAA | Check your site for weak SHA-1 certificates. It is open source at GitHub.

You’ve less than 6 months now.

More in dept-reading (especially the comments by Ryan Sleevi): Chrome 42 (next stable) will mark SHA-1 signed certs with a validation date >2015 as insecure!.

–jeroen

PS: if you really need to do the balancing act, you technically can serve old certificates to SHA-2 incompatible clients while serving more secure certificates to modern clients. But it’s a risk, so you might as well tell these old clients they’re out.

Posted in https, Power User, Public Key Cryptography, Security, TLS | Leave a Comment »

HTTPS blessing and curse: Security Collapse in the HTTPS Market – ACM Queue

Posted by jpluimers on 2014/09/29

Funny to discover these two articles today:

–jeroen

Posted in https, Power User, Security | Leave a Comment »

Next Entries »