Collaborate Disseminate
A number of years ago now, still well into the 2000s, I was very naive. Especially in terms of computer security.
To make a long, painful story which I don’t even remember myself all too well, the basic gist is that I set up a FreeBSD ser… Continue reading Why did/does PostgreSQL, MongoDB and probably other database softwares allow such dangerous configurations?
What is the legal status of the old configuration file on the purchased used network equipment?
Is the sell of equipment equals to granting permissions to read/publish/resell the content (the configuration file) of that equipment?
Are c… Continue reading Legal status of configuration file from used network equipment [closed]
I’ve been asked to disable the use of all SSL, and TLS < TLS 1.2, globally on one of my Centos boxes. Its been suggested that I should be able to do this in the openssl library.
I’m reasonably familiar with SSL/TLS, ciphersuites, etc, … Continue reading How to globally disable protocols < TLS 1.2 at openssl library level
Is there anyway to export a configuration profile from an IOS device that you have root on? So I have a device with an MDM profile with login credentials for a wifi network, VPN, and email authentication certificates. Is ther… Continue reading Export IOS Certificates and Configuration Profiles
This morning, talking to a colleague, we were discussing the correction of assigning a CVSS to a bad configuration. Specifically, we were discussing whether using HTTP instead of HTTPS should have an associated vector.
From … Continue reading Is it correct to assign a CVSS to a misconfiguration?
Pieces of web applications such as WordPress or moodle require to specify the URL that the user will provide in order to visit the site. For example, in moodle has the $CFG->wwwroot config parameter that takes the value of… Continue reading Why modern php web application requires to specify the application’s url?
I have REST server (Spring Boot) runs on Windows 10 and frontend which runs on IIS web server. I need to configure rules as secure as possible. Web-server and REST server runs on the same computer on the local network.
Appl… Continue reading Running application with minimal privileges on Win 10
I am a beginner with openssl but want to get rid of my ignorance. So I downloaded openssl from https://indy.fulgan.com/SSL/ for Windows. When I executed
openssl version -d
I get
OPENSSLDIR: “/usr/local/ssl”
Of course, s… Continue reading openssl version -d prints non existing directory. Should I be worried?
Truism: Doing security right, is subtle and full of snags for the clueless.
Concern: I haven’t ever set up a connection between 2 computers using RSA/SSH keys or certificates, in my life. Realistically, I’m very aware of the… Continue reading Step by step guide for doing Wireguard VPN security and setup properly, for Android phone to OPNSense/pfSense LAN
Is it so easy to hack mongodb database?
I created a mongodb database and added users. If I want to allow access only to these users I need to add the following parameters to the config file:
security:
authorization: enabl… Continue reading Is it so easy to hack mongodb database?