cjitlal + sec   95

Certificates for localhost - Let's Encrypt - Free SSL/TLS Certificates
Sometimes people want to get a certificate for the hostname “localhost”, either for use in local development, or for distribution with a native application that needs to communicate with a web application. Let’s Encrypt can’t provide certificates for “localhost” because nobody uniquely owns it, and it’s not rooted in a top level domain like “.com” or “.net”. It’s possible to set up your own domain name that happens to resolve to 127.0.0.1, and get a certificate for it using the DNS challenge. However, this is generally a bad idea and there are better options.
tools  webdev  dev  sec  ssl  https 
july 2018 by cjitlal
It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.
I spent two years trying to get someone to tamper with my laptop, so I could then detect it. Somewhere along the way, I realized this might never happen.
sec  toread  essay 
may 2018 by cjitlal
GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
sec  list 
july 2017 by cjitlal
7 Security Measures to Protect Your Servers | DigitalOcean
When setting up infrastructure, getting your applications up and running will often be your primary concern. However, making your applications to function correctly without addressing the security needs of your infrastructure could have devastating co
DO  sec  tut 
september 2016 by cjitlal
Why ninety-day lifetimes for certificates? - Let's Encrypt - Free SSL/TLS Certificates
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
ssl  sec  encrypt  cert 
september 2016 by cjitlal
Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks | Ars Technica
"Off-path" attack means hackers can be anywhere with no man-in-the-middle needed.
toread  sec 
august 2016 by cjitlal
Privacy Tools - Encryption against global mass surveillance 🔒
You are being watched! Knowledge, encryption and privacy tools to protect you against global mass surveillance.
sec  tools  toread  hacks 
august 2016 by cjitlal
Building Yourself a DMZ
Eventually, if you get interested enough in information security, you are going to wonder what a DMZ is and why you should or should not have one. DMZ is a
tut  linux  sysadmin  networking  dmz  sec 
august 2016 by cjitlal
Firewalls
You can ask five different people what a stateful firewall is, and you're likely to get at least four answers. The truth is there are only a few types of f
tut  linux  firewall  sysadmin  sec 
august 2016 by cjitlal
Building a Professional Firewall with Linux and Iptables
My first position out of university was working as a firewall engineer for a large credit card processing company. It's where I learned the way of the pack
linux  firewall  sec  tut 
august 2016 by cjitlal
The Birthday Attack
The birthday attack is a statistical phenomenon relevant to (http://en.wikipedia.org/wiki/Information_security "Wikipedia Entry: Information security") tha
tut  sec  toread 
august 2016 by cjitlal
An IPTABLES Primer
iptables is the packet filtering technology that's built into the 2.4 Linux kernel. It's what allows one to do firewalling, nating, and other cool stuff to
firewall  sec  sysadmin  tut  tools  unix  linux 
august 2016 by cjitlal
The Difference Between Red, Blue, and Purple Teams
There is some confusion about the definitions of Red, Blue, and Purple teams within Information Security. Here are my definitions and concepts associated w
tut  sec 
august 2016 by cjitlal
A Bettercap Tutorial
Installation Options Examples Advanced Summary Sniffing (and performing MiTM on) network traffic is one of the security professional's foundational skills.
networking  sec  tut  toread  linux 
august 2016 by cjitlal
GitHub - FallibleInc/security-guide-for-developers: Security Guide for Developers
security-guide-for-developers - Security Guide for Developers
tut  sec  gh  doc  ref  webdev  sysadmin 
july 2016 by cjitlal
Penetration Testing Tools Cheat Sheet
Penetration testing tools cheat sheet, a high level overview / quick reference cheat sheet for penetration testing.
sec  cheat  sheet  ref  tut 
june 2016 by cjitlal
Coding, Learning and IT Security – Typosquatting programming language package managers
Edit: It seems that the blog post and the thesis caused quite some interest. Please contact me under the following mail address, since my mail server on this VPS is constantly down :/ tschachn [|[at]|] hu-berlin [[|dot|]] de In this blog post I will show how: 17000 computers were forced to execute arbitrary code by typosquatting programming language packages/libraries 50% of these installations were conducted with administrative rights Even highly ...
sec  toread 
june 2016 by cjitlal
« earlier      
per page:    204080120160

related tags

ads  algo  apps  apt  asus  awesome  bash  best  blog  book  c  cert  cheat  cheatsheet  checklist  chelsea  china  cli  code  computing  craft  crypto  cs  culture  cyber  debug  dev  dmz  DO  doc  email  encrypt  essay  ethernet  ethics  facebook  facevbook  fb  firewall  free  gh  golang  gpg  hack  hacking  hacks  hash  history  home  hosting  howto  http  https  idtheft  ios  iphone  keys  learn  lecture  lessons  lifehacker  linux  list  mac  macosx  malware  marketing  mon  mosh  ms  mutt  network  networking  networkings  notes  office  openssl  paper  papers  password  pgp  phish  pipe  pki  poli  priv  privacu  privacy  protocol  pw  pwned  py  quickstart  redis  ref  router  sec  servers  setup  sheet  shell  sniffing  ssay  ssh  ssl  string  sysad  sysadmin  talks  tech  terminal  tips  tls  tools  toread  trump  tut  unix  ux  vid  vpn  vps  webapp  webdev  wifi  windows  zeroday 

Copy this bookmark:



description:


tags: