Collaborate Disseminate
I’m working on a client-certificate based authentication of users for a website.
The server configuration part is OK
(Apache server, keywords: SSLCACertificateFile / SSLVerifyDepth / SSLVerifyClient optional)
The server code part is OK too… Continue reading How to generate a p12 with javascript generated key pair and server side internal CA
I’m looking into Nebula overlay networks as also offered by the founders of it on defined.net.
To my understanding this type of network is some kind of mesh overlay network, which offers a form of peer-to-peer mutual TLS, is that assumptio… Continue reading Is a Nebula overlay network essentially a peer-to-peer mesh network with mutual TLS?
I am building a small network virtualization using VirtualBox, with the goal of testing and implementing various security concepts. The network includes a pfSense VM acting as the router, three Ubuntu Desktop users, and two Ubuntu Server &… Continue reading Implement continuous authentication of users within an internal network using FreeRADIUS in pfsense
I am building a small network virtualization using VirtualBox, with the goal of testing and implementing various security concepts. The network includes a pfSense VM acting as the router, three Ubuntu Desktop users, and two Ubuntu Server &… Continue reading Implement continuous authentication of users within an internal network using FreeRADIUS in pfsense
In this Help Net Security video, Tristan Kalos, CEO of Escape, discusses the results of its 2024 State of API Exposure report. The study highlights significant API security gaps affecting Fortune 1000 organizations, with over 28,500 exposed APIs and 98… Continue reading Exposed APIs and issues in the world’s largest organizations
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets disabled by default, Microsoft is working on shoring up defense… Continue reading Microsoft enforces defenses preventing NTLM relay attacks
A website prompts me to log in to my Microsoft Account. In order to perform my task, it requires me to enter that password.
How does the "average user" avoid giving all their login details to a malicious website? What would you… Continue reading A website asks you to enter a Microsoft/Google/Facebook password. How do you know it is safe?
I’ve been using the Microsoft ASP.NET Identity Library. It’s a basic authentication and authorization system that is a DLL that stores everything in my app’s DB. It has screens for forgotten password, verify email, etc. It supports roles &… Continue reading Microsoft Identity vs ASP.NET Core Identity
I’ve been using the Microsoft ASP.NET Identity Library. It’s a basic authentication and authorization system that is a DLL that stores everything in my app’s DB. It has screens for forgotten password, verify email, etc. It supports roles &… Continue reading Microsoft Identity vs ASP.NET Core Identity
I continually entered my password incorrectly whilst trying to login to Windows 11. I expected that after N failed attempts I would then start to see an increasing time delay after each subsequent attempt, yet instead what I found was that… Continue reading Why might an operating system require a restart after N failed login attempts?