JamieOnUbuntu – WindowsTechs.com

What are the potential risks of performing DNS queries on unknown domains?

Posted on April 5, 2018 by JamieOnUbuntu

When investigating malicious domains that are used for phishing, malware, etc, you often have to issue DNS queries for these domains.

For example:

dig @1.1.1.1 example.com

The potential risks of issuing this command are:
… Continue reading What are the potential risks of performing DNS queries on unknown domains?→

What are the security implications of publishing my web server & PHP config files?

Posted on March 14, 2018 by JamieOnUbuntu

I have a web server with many virtual hosts, config files, etc.

I’d like to track all of my web server & PHP config files using Git and have them hosted on a public GitHub repository, as this will make managing and backi… Continue reading What are the security implications of publishing my web server & PHP config files?→

CSP ‘require-sri-for’ warning

Posted on February 24, 2018 by JamieOnUbuntu

In my Content Security Policy I have the following:

require-sri-for script

However, in the Chrome console I get a notice (not an error, just info):

The Content-Security-Policy directive ‘require-sri-for’ is implemented beh… Continue reading CSP ‘require-sri-for’ warning→

Why does Chrome tell me that the CSP ‘require-sri-for’ directive is implemented behind a flag which is currently disabled?

Posted on February 24, 2018 by JamieOnUbuntu

In my Content Security Policy I have included require-sri-for script. However, in the Chrome console I get a notice (not an error, just info):

The Content-Security-Policy directive ‘require-sri-for’ is implemented behind … Continue reading Why does Chrome tell me that the CSP ‘require-sri-for’ directive is implemented behind a flag which is currently disabled?→

Safely decrypting an unsolicited/untrusted PGP message

Posted on February 16, 2018 by JamieOnUbuntu

I am accepting public security vulnerability reports for my website, and I publish my personal PGP (GPG) key to encourage people to encrypt their communications.

Upon receiving an encrypted message, what is the best way to safely decrypt … Continue reading Safely decrypting an unsolicited/untrusted PGP message→

Security considerations for USB keyboard/mouse switches

Posted on February 10, 2018 by JamieOnUbuntu

I am considering purchasing a basic USB keyboard/mouse switching box in order to allow me to use the same keyboard and mouse with two different physical machines. This is similar to a KVM (keyboard video mouse) switch, but ju… Continue reading Security considerations for USB keyboard/mouse switches→

What do OEMs do to verify the integrity of operating system images deployed to their products during manufacturing?

Posted on August 3, 2017 by JamieOnUbuntu

When an OEM such as Dell or Lenovo is manufacturing a PC, it is often pre-installed with an operating system (eg: Windows 10, Ubuntu, etc).

I have been unable to find any information on how OEMs verify the integrity of the O… Continue reading What do OEMs do to verify the integrity of operating system images deployed to their products during manufacturing?→

Is there any advantage to rebooting my computer after handling sensitive information?

Posted on May 12, 2017 by JamieOnUbuntu

A habit that I have had for a long time is rebooting my computer after handling sensitive information. My reason for doing this is to prevent attacks against my computer’s memory.

An example of this would be if I unlocked my… Continue reading Is there any advantage to rebooting my computer after handling sensitive information?→