Category Archives: Security

#fintech #security Implement a simple #SCA algorithm for your #B2B #API implementation.

By | August 19, 2021

Strong Customer Authentication (SCA) is a new European regulatory requirement as part of the second Payment Services Directive (PSD2) for authenticating online payments and make them more secure. There are some actions such as funding a transfer from your balance or viewing the statement that require SCA within the UK and EEA. SCA builds additional… Read More »

#Twitter Card: ERROR: Fetching the page failed because other errors

By | February 16, 2021

After some updates suddenly all the post I shared from Jetpack for WordPress had no valid Twitter card. After some mail exchanges with Jetpack support they assured me that all is good from their part. As instructed by them I was able to see that indeed Jetpack was correctly generating the Twitter Card. Still checking… Read More »

Updates to how to #secure and improve your self hosted #wordpress blog on #apache

By | January 28, 2021

Computer security is a topic that needs constant work. Every day new threats and new security recommendation pop up on the technology radar. I already wrote several posts on this topic. The current post can be seen as a continuation of Security: Maintaining a secure WordPress blog So bellow are some updates to the configuration… Read More »

#OpenSSH private keys with old PEM format

By | December 11, 2019

Starting from openssh 7.8 the default format for private keys has changed from PEM to OpenSSH: That means that private keys generated with the referenced command: (ssh-keygen -t rsa -b 4096) are no longer generated as PEM format. Lot’s of online services do not accept this format yet CircleCI, GitHub are some of the services… Read More »

#EasyRSA Certificate based authentication of #SoapUI client to a secure WebService running on #JBoss or #WildFly application server

By | May 12, 2019

The following is a very quick guide on how to set up a EasyRSA certificate based authentication of SoapUI API client to connect to a WebService based API that runs on JBoss or WildFly. Generate a local CA with EasyRSA Download and install easy-rsa – https://github.com/OpenVPN/easy-rsa Go to the installation folder and change the following… Read More »

Secure an #nginx or #apache website using #ssllabs.com

By | October 14, 2018

From time to time is good to perform a security audit to your Internet exposed services. Things change fast online so you have to keep up with the security reports to be able to maintain secure services online. My favorite tool for SSL related security audit is the great resource at www.ssllabs.com. The audit performed… Read More »

Kaspersky Lab banned all across Europe #infosec

By | June 14, 2018

I am a long time evangelist of not using software that is linked to abusive governments. This applies sadly to a lot of software products and software environments linked to Russia and China. Regarding this, Kaspersky was one of my main “do not use” advice I was giving to people I know and to job… Read More »

#WordPress weather map plugin attack detected in #wordfence live traffic

By | January 10, 2018

Going through my Wordfence live traffic view is a nice way to see the daily fad of Chinese script kiddies. WordPress is one of the main targets of people trying to access your data. Obviously if you have a blog you must be sure you run an A+ certified security setup. See my other posts… Read More »

#CrowdSourcing and #DataMining the new resource mining, or how big corporations are robbing you blind.

By | September 30, 2017

The newest commodity this days is crowd sourced data. All the digital corporations push this envelope harder and harder. Google wants to make me a “local guide”: post images of places on google maps and review businesses for free of course (they give you a badge, you know like boy scouts badges). This is lately… Read More »