no more cubes

Tag: SSL

  • Infosec community

    Gerade brennt eine Security Diskussion darum, dass Videolan Updates für seinen Mediaplayer nur über http:// ausliefert. Auch meiner Meinung nach entspricht das nicht dem Standard von 2019, aber hey. Wohl hatten die Entwickler verschiedene Argumente, an dem Verfahren festzuhalten. Signaturen via gpg, Maintenance, Aufwand und so. Jedenfalls eröffnet die Situation eine spannende Diskussion darüber was…

  • ssl and https with letsencrypt!

    nomorecubes.net now (finally) leverages https! It has a certificate from letsencrypt, automatically verified by the service, maintained and deployed by docker-letsencrypt-nginx-proxy-companion. The deployment has been considerably easy through docker-compose, adding the container to the existing nginx-proxy like this: version: ‘2’ services:nginx-proxy: image: jwilder/nginx-proxy container_name: nginx-proxy ports: – “80:80” – “443:443” volumes: – “./certs:/etc/nginx/certs:ro” – “/etc/nginx/vhost.d”…

  • l+f: SSL-Zertifikat durch Zeitreise frisch halten

    Die kreative Idee des Tages kommt von manjaro Linux. Die Entwickler schlagen vor, die Warnung bezüglich des abgelaufenen Serverzertifikates zu beheben, indem man die lokale Systemzeit anpasst. Als ob das System Zertifikate und CAs nicht auch so schon problembehaftet genug wäre, soll man jetzt auch noch per root die Systemzeit ändern. m( via heise open.

  • Rouge CAs and certificate pinning.

    A intermediate CA, held by MSC Holdings, issued by CNNIC, the Chinese NIC, apparently issued certificates for unauthorized domains. The problem was detected by Google for their domains through pinned certificates in their browser. Google Online Security Blog: Maintaining digital certificate security.

  • Check if you trust the Superfish CA

    Filippo Valsorda wrote a test to check whether your PC is vulnerable through the Superfish Malware, that Lenovo decided to preinstall on it’s devices. Check here if you trust the Superfish CA.

  • Lenovo compromises SSL.

    As if governance surveillance wasn’t in the news enough these days, hardware vendors are more or less trusted. Hardware with Windows OEM versions are long known for coming with adware pre-installed. Lenovo comes into the limelight for having installed Adware, that comes with a certificate to allow “Man in the middle” attacks, intercept secure connections…

  • Let's Encrypt

    Let’s Encrypt published their ACME-based CA code, written in GO, to github.com. Happy Holidays. Draft Let's Encrypt CA code is live. Happy holidays! https://t.co/cr46Y1ivBB — Let's Encrypt (@letsencrypt) December 22, 2014