nomorecubes.net now (finally) leverages https!
It has a certificate from letsencrypt, automatically verified by the service, maintained and deployed by docker-letsencrypt-nginx-proxy-companion.
The deployment has been considerably easy through docker-compose, adding the container to the existing nginx-proxy like this:
Die kreative Idee des Tages kommt von manjaro Linux. Die Entwickler schlagen vor, die Warnung bezüglich des abgelaufenen Serverzertifikates zu beheben, indem man die lokale Systemzeit anpasst.
Als ob das System Zertifikate und CAs nicht auch so schon problembehaftet genug wäre, soll man jetzt auch noch per root die Systemzeit ändern. m(
via heise open.
A intermediate CA, held by MSC Holdings, issued by CNNIC, the Chinese NIC, apparently issued certificates for unauthorized domains. The problem was detected by Google for their domains through pinned certificates in their browser.
Google Online Security Blog: Maintaining digital certificate security.
Filippo Valsorda wrote a test to check whether your PC is vulnerable through the Superfish Malware, that Lenovo decided to preinstall on it’s devices.
Check here if you trust the Superfish CA.
As if governance surveillance wasn’t in the news enough these days, hardware vendors are more or less trusted. Hardware with Windows OEM versions are long known for coming with adware pre-installed. Lenovo comes into the limelight for having installed Adware, that comes with a certificate to allow “Man in the middle” attacks, intercept secure connections and insert adware into trusted brand sites. Having software from a company named Superfish installed is a nightmare for any consumer. That adware removes any trust in online content and Lenovo as a vendor.
via Marc’s Security Ramblings.
Let’s Encrypt published their ACME-based CA code, written in GO, to github.com. Happy Holidays.