Category Archives: Security

Suppress /apple-touch-icon URLs on an F5 ASM

Intro Displaying the ASM event log is slow – it can take minutes on our older equipment. So anything that helps cut out the clutter in the returned log entries may save precious minutes of, e.g., paging to the next … Continue reading

Posted in Security | Tagged , | Leave a comment

LDAP authentication on the F5 BigIP without Access Policy Manager

Intro I recently received revised guidelines for dmz best practices which mentioned a requirement to implement application-independent authentication using the F5 web application firewall. I had never heard of it and didn’t think it was possible without buying the very … Continue reading

Posted in Network Technologies, Security | Tagged , , | Leave a comment

The IT Detective Agency: the vanishing certificate error

Intro I was confronted with a web site certificate error. A user was reluctant – correctly – to proceed to an internal web site because he saw a message to the effect: I tried it myself with IE and got … Continue reading

Posted in Admin, Linux, Security, Web Site Technologies | Tagged | Leave a comment

The IT Detective agency: Some insights into 4096-bit SSL keys

Intro I was recently asked if a new certificate a web site is about to deploy would require any changes to our clients such as needing to import this certificate into their Java keystore. The details Well, I saved the … Continue reading

Posted in Admin, Network Technologies, Security | Leave a comment

Whois information without the pushy hard sell tactics

Intro Did you ever want to learn about a domain registration but were put off by the hard sell tactics that basically all web-based whois searches subject you to? Me, too. Here’s what you can do. The details Linux – … Continue reading

Posted in DNS, Linux, Network Technologies, Raspberry Pi, Security | Leave a comment

Fail2ban fails to work, I built my own

Intro I’ve sung the praises of fail2ban as a modern way to shutdown those annoying probes of your cloud server. I recently got to work with a Redhat v 7.4 system, so much newer than my old CentOS 6 server. … Continue reading

Posted in Admin, Linux, Security | Tagged | Leave a comment

Verifying a pkcs12 file with openssl

Intro The easy way How to examine a pkcs12 (pfx) file $ openssl pkcs12 ‐info ‐in file_name.pfx It will prompt you for the password a total of three times! The hard way I went through this whole exercise because I … Continue reading

Posted in Linux, Security | Tagged , | Leave a comment

Google Authenticator – not tough to self-host

Intro I wanted to learn a bit more about digital currencies. I’ll certainly be posting about them in the future. The best way to get some is to open an account with coinbase. But for security reasons – and I … Continue reading

Posted in Security, Web Site Technologies | Tagged , , , | Leave a comment

The latest on handling of SHA-1 certificates by the major browsers

Intro A certain organization is still using SHA-1 certificates internally, in spite of years of warnings, as I write this in February, 2017. But in the security world lack of action = eventual weakness. Ignorance is not bliss and putting … Continue reading

Posted in Security | Tagged , , , , | Leave a comment

The IT Detective agency: the case of the incompatible sftp client

Intro I was asked for assistance with this sftp problem: $ sftp <user@host> DH_GEX group out of range: 1536 !< 1024 !< 8192 Couldn’t read packet: Connection reset by peerDH_GEX group out of range: 1536 !< 1024 !< 8192 Couldn’t … Continue reading

Posted in Network Technologies, Security | Tagged , | Leave a comment