Whenever I'm connecting to a new remote server via SSH, I tend to verify the fingerprint to make sure that I'm actually connecting to my own machine. Usually it's not that big a deal as I'm simply comparing two strings, but what if those two strings are created with two different hashing algorithms?...
A few days ago, the TLS certificate (SSL is dead, remember?) of my private blog www.hashtagsecurity.com expired without me noticing it, mostly because I paused any activities there to focus on my work here at LastBreach as well as this blog. Since I didn't intend on working on hashtagsecurity.com...
This is a quick overview of a secure Apache2 configuration. We won’t be going into Linux hardening, but will focus instead on the basic configuration options of Apache2. The following code boxes show examples of a secure configuration. Please adjust them to your requirements and test each of them be...
I was originally writing another blog post which I will now have to finish later but the recent discussion with @TalkTalkCare has left me little choice, so I wrote this one first instead. I want to address the problem, that a certain untruth doesn’t seem to die no matter how often the topic is bro...
The second round of the new crypto meetup in munich was held yesterday at the office of FTAPI GmbH. The event was the first of hopefully many more to come and a great opportunity to discuss crypto in browsers and other security topics. FTAPI was not only host, but also initiator and organizer of thi...