Collaborate Disseminate
I’m trying to understand the phenomenon that’s been prevalent for the last few years coming out of the security community.
I have a popular blog about cats and dogs; I’m being told I must enable HTTPS and HSTS, mandate TLSv1.2+, and uncon… Continue reading Why honour-killing your website is the best practice if HTTPS doesn’t work? [closed]
USB Type-C itself is just a connector, and it supports DisplayPort Alternate Mode, as well as HDMI Alternate Mode, depending on the manufacturer.
Does this at all mean that if you’re using a DisplayPort or HDMI adapter in yo… Continue reading With a USB Type-C port, can you switch DisplayPort or HDMI Alternate Mode back to USB after using an adapter? [on hold]
Somewhat related to Is malware or screen capture possible with iMac as external display?, where we investigate the possibility of a DMA attack through DisplayPort, nowadays, many machines don’t even have a dedicated port for connecting an … Continue reading Is there a safe way to use external display with USB Type-C laptops?
If using a foreign iMac as an external display (through the Thunderbolt to Thunderbolt, or Mini DisplayPort to Mini DisplayPort cable, and Command+F2 on the iMac, as per iMac Target Display Mode FAQ), is there a chance that m… Continue reading Is malware or screen capture possible with iMac as external display?
I have a PKI certificate in Keychain Access.app on OS X 10.9, together with the private key.
The manual page for /usr/bin/security indicates that there is a -x option for security import to specify that private keys are non-extractable af… Continue reading Export non-extractable private key from Keychain on OS X
Mosh has been around for a while now. Although it’s claimed to be “a replacement for SSH” by its authors, mosh does actually depend on ssh to do the initial authentication, after which an instance of the mosh binary is started on the serv… Continue reading Is mosh now recommended by the security experts? (2014)
OpenSSH just introduced a new protocol, chacha20-poly1305@openssh.com, which combines the two algorithms from DJB: ChaCha20 and Poly1305-AES. It was inspired by a similar proposal for TLS, which seems to have actively been backed by Googl… Continue reading What does chacha20-poly1305@openssh.com mean for me?
Looking at all the people who question the viability of DNSSEC, it’s no wonder that the adoption rates are so poor.
However, what about DNSCurve? It supposedly fixes all the DNS security and privacy problems independent of DNSSEC, doesn’… Continue reading If DNSSEC is so questionable, why is it ahead of DNSCurve in adoption?