Category Archives: Security

#Biometric #authentication is useless and dangerous alone

Again and again the same myths and misunderstandings resurface from time to time. I noticed again a misplaced hype in an article shared on twitter about how biometric authentication will simplify banking. I have to share again something I learned many years ago when I was junior research student in a computer security group and… Read More »

Advertisements

Security: Generate certificates with keytool

The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain. STEP 1: Delete the old certificate In glasfish in each domain where security is activated we have a… Read More »

Security: Maintaining a secure WordPress blog

I already have several posts related to security of an exposed Internet site. They were all summarized in the post Blog Links: Web site security As we know, the Internet threats are constant and evolving so to maintain the same level of security we constantly have to update the configurations of a secure installation. In… Read More »

Blog Links: Web site security

I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site. First we need a way to analyse how secure our… Read More »

SafeNet(Gemalto) Licence and software client

Very important information about the SafeNet software and licences. I get all the time very puzzled clients that find it difficult to understand how to see the license validity and how to install the e-token support. In order to obtain the software and to be able to monitor your licences you need an account with… Read More »

Internet: Subresource Integrity (SRI)

Yes our friends from China invented a new type of DDOS attack. The great firewall changed unencrypted traffic that contained 3rd party javascript libraries to DDOS GitHub. There is already a testing tool SRI Test developed and deployed by Gabor Szathmari see for more details his blog To protect my blog I found out that… Read More »