Category Archives: Security

Fail2ban fails to work, I built my own

Intro I’ve sung the praises of fail2ban as a modern way to shutdown those annoying probes of your cloud server. I recently got to work with a Redhat v 7.4 system, so much newer than my old CentOS 6 server. … Continue reading

Posted in Admin, Linux, Security | Tagged | Leave a comment

Verifying a pkcs12 file with openssl

Intro The easy way How to examine a pkcs12 (pfx) file $ openssl pkcs12 ‐info ‐in file_name.pfx It will prompt you for the password a total of three times! The hard way I went through this whole exercise because I … Continue reading

Posted in Linux, Security | Tagged , | Leave a comment

Google Authenticator – not tough to self-host

Intro I wanted to learn a bit more about digital currencies. I’ll certainly be posting about them in the future. The best way to get some is to open an account with coinbase. But for security reasons – and I … Continue reading

Posted in Security, Web Site Technologies | Tagged , , , | Leave a comment

The latest on handling of SHA-1 certificates by the major browsers

Intro A certain organization is still using SHA-1 certificates internally, in spite of years of warnings, as I write this in February, 2017. But in the security world lack of action = eventual weakness. Ignorance is not bliss and putting … Continue reading

Posted in Security | Tagged , , , , | Leave a comment

The IT Detective agency: the case of the incompatible sftp client

Intro I was asked for assistance with this sftp problem: $ sftp <user@host> DH_GEX group out of range: 1536 !< 1024 !< 8192 Couldn’t read packet: Connection reset by peer We actually spoke with the operator of the sftp server … Continue reading

Posted in Network Technologies, Security | Tagged , | Leave a comment

drjohnstechtalk now uses HTTP Strict Transport Security, HSTS

Intro I was reading about a kind of amazingly thorough exploit which could be done using a Raspberry Pi zero. Physical access is required, but the scope of what this guy has figured out and put together is really amazing. … Continue reading

Posted in Admin, Apache, Network Technologies, Security | Tagged | Leave a comment

Roll your own dynamic DNS update service

Intro I know my old Cisco router only has built-in support for two dynamic DNS services, dyndns.org and TZO.com. Nowadays you have to pay for those, if even they work (the web site domain names seem to have changed, but … Continue reading

Posted in CentOS, DNS, Linux, Network Technologies, Raspberry Pi, Security, Web Site Technologies | Tagged , , , | Leave a comment

Internet Explorer can’t access https page – maybe a client CERT is needed?

Intro I don’t see such issues often, but today two came to my attention. Both are quasi-government sites. Here’s an example of what you see when testing with your browser if it’s Internet Explorer: The details Just for the fun … Continue reading

Posted in Network Technologies, Security | Tagged , | Leave a comment

IP address wall of shame

Intro It can be very time-consuming to report bad actors on the Internet. The results are unpredictable and I suppose in some cases the situation could be worsened. Out of general frustration, I’ve decided to publicly list the worst offenders. … Continue reading

Posted in Admin, Network Technologies, Security | Tagged | Leave a comment

Idea for free web server certificates: Let’s Encrypt

Intro I’ve written various articles about SSL. I just came across a way to get your certificates for free, letsencrypt.org. But their thing is to automate certificate management. I think you have to set up the whole automated certificate management … Continue reading

Posted in Admin, Apache, CentOS, Network Technologies, Security, Web Site Technologies | Tagged , , , | Leave a comment