The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Archive for the ‘Security’ Category

« Previous Entries
Next Entries »

The Toxic Smog of the Information Age | Literary Hub

Posted by jpluimers on 2020/03/03

From 5 years ago, but now more relevant than it ever was: [WayBack] The Toxic Smog of the Information Age | Literary Hub

SCROOGLED

Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him. –Cardinal Richelieu

We don’t know enough about you. –Google CEO Eric Schmidt

Via:

–jeroen

Posted in History, Opinions, Security | Leave a Comment »

Very nice “Appendix A. Introduction to TCP/IP security” on digests, hashing, encryption, asymetric/symmetric, VPN and much more

Posted by jpluimers on 2020/03/03

For me this is still a primary starting point in case I need to know something about security which has clear pictures: [WayBack] Appendix A. Introduction to TCP/IP security (sg245383.pdf/ftp://ftp.www.ibm.com/…/sg245383.pdf, thanks to Jac Las) all on one web page.

The links are to the “Digital signatures” portion, as that’s what I needed at the time, but they are just anchors in the page.

These were the diagrams I was after:

If you want much more in-depth slide then, then go for [WayBackCryptography, from Theory to Practice which you can find back searching for IBM “Cryptography, from Theory to Practice” or “sign then hash” or “hash then sign”.

It is very different from the equally interesting presentation

–jeroen

Posted in Development, Encryption, Power User, Security, Software Development | 2 Comments »

When you have physical access to a machine, assume it is compromised

Posted by jpluimers on 2020/02/24

When you have physical access to a machine, assume it is compromised.

Sometimes the compromise can be as simple as a HID device access:

–jeroen

Read the rest of this entry »

Posted in Power User, Security | Leave a Comment »

Does anyone knows a existing implementation of bcrypt or scrypt for delphi?

Posted by jpluimers on 2020/02/19

For my link archive: [WayBack] Does anyone knows a existing implementation of bcrypt or scrypt for delphi? – Fabian S. Biehn – Google+:

–jeroen

Posted in Delphi, Development, Encryption, Power User, Security, Software Development | Leave a Comment »

Happlink / PlugUp died, but you can still use their U2F USB key

Posted by jpluimers on 2020/01/31

Nothing lasts, so the company behind the U2F key on the right is long gone, but their site is archived in Archive.is and the WayBack machine. Since the U2F protocol is open, you can still set up the device and use it. Here is how for your Google account (for instance with GMail), it works in a similar way for other providers:

Archived links:

Some of their videos are also still online (embedded links at the bottom of the post):

U2F (or Universal 2nd Factor – Wikipedia) has an open protocol by FIDO Alliance – Wikipedia. More on that in these links below.

One final odd note:

The FIDO alliance still listed Happlink on their web-site when I wrote this blog post.

It used to be at this address: Happlink, 4 rue Jehan Le Povrmoyne, 76240 Le Mesnil-Esnard, France

Read the rest of this entry »

Posted in Power User, Security, U2F FIDO Security Keys | Leave a Comment »

Viewing certbot installed certificates and their expiry dates

Posted by jpluimers on 2020/01/24

A simple tip on the certbot command-line from [WayBackUser Guide — Certbot 0.19.0.dev0 documentation – Managing certificates (Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.):

To view a list of the certificates Certbot knows about, run the certificates subcommand:

certbot certificates

This returns information in the following format:

Found the following certs:
  Certificate Name: example.com
    Domains: example.com, www.example.com
    Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

Via: [WayBack] It there a command to show how many days certificate you have? – Server – Let’s Encrypt Community Support

–jeroen

Posted in Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

I’m harvesting credit card numbers and passwords from your site. Here’s how.

Posted by jpluimers on 2020/01/14

Below is one of the reasons I try to stay on the back-end side of things. Those are complex enough to focus on for me.

[WayBackI’m harvesting credit card numbers and passwords from your site. Here’s how.

It basically comes down to:

  • anything in the same page has access to anything happening on that page.
  • be careful when using npm and ad networks.
  • perform security operations in a light-weight iframe that is scrutinized.

The source of any npm package might be different from the source you find in a the underlying repository. This recursively holds for all the other npmit pulls in.

–jeroen

via: [WayBackJeroen Wiert Pluimers – Google+

Posted in Development, Power User, Security, Software Development, Web Development | Leave a Comment »

Diffie-Hellman Key Exchange graphically explained – Wikipedia/Computerphile

Posted by jpluimers on 2019/12/31

Sometimes a picture or video is better than a thousand words.

I wish that back when I learned about the mathematics of the Diffie–Hellman key exchange – Wikipedia

I had seen the picture on the right from File:Diffie-Hellman Key Exchange-modified.png – Wikipedia (via DHKE General overview) which inspired the Computerphile and Art-Of-The-Problem videos below doing the same dynamically with colorised liquids and paint.

Art-Of-The-Problem has a similar video on RSA as well which is also below.

Usually Diffie-Hellman is combined with RSA to prevent man-in-the-middle and allow for perfect forward secrecy. That’s what the final computerphile video is about.

Excellent!

Finally, Computerphile also posted a video with the mathematics. If you’re into that: nice work too!

Via:

–jeroen

Read the rest of this entry »

Posted in Development, Encryption, Power User, Security, Software Development | Leave a Comment »

Meet Inrupt: for a decentralized web and new data ownership model

Posted by jpluimers on 2019/12/27

On my list of things to try:

Tim Berners-Lee, inventor of the World Wide Web, launches Inrupt, a start-up that will take the Solid open source platform and “Solid movement” to the next level with the backing of Glasswing Ventures. A look at the what and why.

For now, I have two WebIds and need to figure out how to link them (:

Hopefully the video below will help with that.

–jeroen

Read the rest of this entry »

Posted in GDPR/DS-GVO/AVG, LifeHacker, Power User, Privacy, Security | Leave a Comment »

if you allow users to register email addresses on your domain, make sure they can’t get: admin@ administrator@ hostmaster@…

Posted by jpluimers on 2019/12/16

Great tip from: [Archive.isMichal Špaček on Twitter: “Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get: admin@ administrator@ hostmaste… https://t.co/wUHXrQC2J0”:

 Friendly reminder: if you allow users to register email addresses on your domain, make sure they can’t get:
  • admin@
  • administrator@
  • hostmaster@
  • postmaster@
  • webmaster@ (and others from RFC 2142)

otherwise users might be able to get an HTTPS certificate for your domain.

–jeroen

Read the rest of this entry »

Posted in Encryption, https, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »