When you visit a webpage these days it’s not uncommon for it to require some personal details. You might be checking your bank balance, buying something by Credit Card or authorizing a payment to your electric company. All these examples require sensitive details that you certainly wouldn’t want falling into the wrong hands. So how… Continue reading So what’s web security all about anyway?
Category: Security
Broken Debian Openssl
It’s been a day since news emerged of the long-term issue with the Debian packaged openssl. As demonstrated by the feedback to Ben Laurie’s Blog entry, this is a very high profile issue with plenty of opposing points of view. Hardly surprising, considering the impact it has on the security of the OS. There is… Continue reading Broken Debian Openssl
Who do I trust?
I recently read an excellent article by Ben Laurie that proposes methods that evil companies like Phorm could use to intercept SSL communications. This got me thinking about whom I actually trust when I’m using the Web. Most people install an Operating System and simply trust whatever Certificate Authorities it happens to come with. A… Continue reading Who do I trust?
Examining X509 Certificates
I have to look up these commands far too often! Issuer openssl x509 -noout -in cert.pem -issuer Common Name openssl x509 -noout -in cert.pem -subject Validity Dates openssl x509 -noout -in cert.pem -dates Hash Value openssl x509 -noout -in cert.pem -hash SHA1 fingerprint openssl x509 -noout -in cert.pem -fingerprint MD5 fingerprint openssl x509 -md5 -noout… Continue reading Examining X509 Certificates
Windows Update
I just visited Microsoft’s Windows Update facility for the first time in a while. My one and only Windows PC has been acting up a bit and at such times I like to begin the diagnosis by updating everything. On this occasion there was only one Critical Update and that was to Windows Genuine Advantage.… Continue reading Windows Update
Freenigma (The cost of user-friendliness)
Ben Laurie’s Blog drew my attention again this morning when I read his posting about Freenigma, a PGP/GnuPG plug-in for Firefox. This plug-in raises the question as to whether increased user-friendliness justifies a relaxation in security. In my opinion, this is an absolute no no. The objective of such a system must be security with… Continue reading Freenigma (The cost of user-friendliness)