Collaborate Disseminate
I am looking for a way to add extra, custom data in a SSL server certificate issued by a standard CA. Is this possible?
I want to get a SSL server certificate issued by a standard CA, so that it’ll be accepted by standard b… Continue reading Custom data in SSL certificate
I’ve been asked by a user whether I would recommend using the Dashlane password manager. I’m aware that other password managers have had some significant security problems, including XSS and CSRF (see below). Is the Dashlan… Continue reading Security analysis of Dashlane
I’ve been asked by a user whether I would recommend using the Dashlane password manager. I’m aware that other password managers have had some significant security problems, including XSS and CSRF (see below). Is the Dashlan… Continue reading Security analysis of Dashlane
I’ve been asked by a user whether I would recommend using the Dashlane password manager. I’m aware that other password managers have had some significant security problems, including XSS and CSRF (see below). Is the Dashlan… Continue reading Security analysis of Dashlane
I’ve been asked by a user whether I would recommend using the Dashlane password manager. I’m aware that other password managers have had some significant security problems, including XSS and CSRF (see below). Is the Dashlan… Continue reading Security analysis of Dashlane
I have a new piece of malware that isn’t detected by current anti-virus vendors. How do I report it to them?
I want to do a good turn and help protect as many people as possible. What is the best and easiest way to get it to as many an… Continue reading How do I report new malware?
Is there an easy way to test an SMTP server to check for configuration issues associated with STARTTLS encryption, and report on whether it has been configured properly so that email will be encrypted using STARTTLS?
Think of the Qualys S… Continue reading Test STARTTLS configuration of SMTP server
The well-respected security consultant Dragos Ruiu is reporting that he has been infected with mysterious malware that can survive re-installation of the OS and re-flashing of the OS. In other words, he has taken an infected machine, wipe… Continue reading Malware that can survive BIOS re-flashing
A packer is a way of obfuscating an executable program, i.e., transforming so the result is still executable and has the same effect when run, but looks different (so it won’t be detected by static anti-virus). Bad guys ofte… Continue reading Possible to detect packed executable?
BREACH, a new attack on SSL that targets HTTP compression, has recently been publicly announced.
I manage a few web servers. How can I audit them to check which of them are potentially vulnerable to BREACH? Is there a simple way to scan… Continue reading How to audit web servers for resistance/vulnerability to BREACH