Category Archives: Security

Blog Links: SHA-1 cryptographic hash collision detection by Google

Google puts another nail in the coffin for SHA-1. They already moved from using SHA-1 on their products but there are still a lot of places where is used by default. In a post on the Google Online Security Blog Announcing the first SHA1 collision Google researchers claim that they have a good way of… Read More »

Advertisements

Security: Generate certificates with keytool

The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain. STEP 1: Delete the old certificate In glasfish in each domain where security is activated we have a… Read More »

Security: Maintaining a secure WordPress blog

I already have several posts related to security of an exposed Internet site. They were all summarized in the post Blog Links: Web site security As we know, the Internet threats are constant and evolving so to maintain the same level of security we constantly have to update the configurations of a secure installation. In… Read More »

Blog Links: Web site security

I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site. First we need a way to analyse how secure our… Read More »

SafeNet(Gemalto) Licence and software client

Very important information about the SafeNet software and licences. I get all the time very puzzled clients that find it difficult to understand how to see the license validity and how to install the e-token support. In order to obtain the software and to be able to monitor your licences you need an account with… Read More »

Internet: Subresource Integrity (SRI)

Yes our friends from China invented a new type of DDOS attack. The great firewall changed unencrypted traffic that contained 3rd party javascript libraries to DDOS GitHub. There is already a testing tool SRI Test developed and deployed by Gabor Szathmari see for more details his blog To protect my blog I found out that… Read More »

Disable SSL3 in Glasshfish

As we know there are big security concerns about the use of SSL3 so a lot of security audits are demanding it to be disabled in all applications that are exposed with a WEB GUI. Disabling SSL3 can be done via the admin console. First SSL is disabled individually on the HTTP listeners of your… Read More »