Going through my Wordfence live traffic view is a nice way to see the daily fad of Chinese script kiddies. WordPress is one of the main targets of people trying to access your data. Obviously if you have a blog you must be sure you run an A+ certified security setup. See my other posts… Read More: #WordPress weather map plugin attack detected in #wordfence live traffic »
The newest commodity this days is crowd sourced data. All the digital corporations push this envelope harder and harder. Google wants to make me a “local guide”: post images of places on google maps and review businesses for free of course (they give you a badge, you know like boy scouts badges). This is lately… Read More: #CrowdSourcing and #DataMining the new resource mining, or how big… »
Again and again the same myths and misunderstandings resurface from time to time. I noticed again a misplaced hype in an article shared on twitter about how biometric authentication will simplify banking. I have to share again something I learned many years ago when I was junior research student in a computer security group and… Read More: #Biometric #authentication is useless and dangerous alone »
Google puts another nail in the coffin for SHA-1. They already moved from using SHA-1 on their products but there are still a lot of places where is used by default. In a post on the Google Online Security Blog Announcing the first SHA1 collision Google researchers claim that they have a good way of… Read More: Blog Links: SHA-1 cryptographic hash collision detection by Google »
The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain. STEP 1: Delete the old certificate In glasfish in each domain where security is activated we have a… Read More: Security: Generate certificates with keytool »
I already have several posts related to security of an exposed Internet site. They were all summarized in the post Blog Links: Web site security As we know, the Internet threats are constant and evolving so to maintain the same level of security we constantly have to update the configurations of a secure installation. In… Read More: Security: Maintaining a secure WordPress blog »
I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site. First we need a way to analyse how secure our… Read More: Blog Links: Web site security »
An enterprise environment has to be monitored for external threats. There are a lot of very expensive IDS (Intrusion Detection System) that do this for you but you can set up in a production environment a very good solution for zero cost. The strength of an IDS is given by the IDS threats database, a… Read More: Data Center: IDS solution using Security Onion »
Very important information about the SafeNet software and licences. I get all the time very puzzled clients that find it difficult to understand how to see the license validity and how to install the e-token support. In order to obtain the software and to be able to monitor your licences you need an account with… Read More: SafeNet(Gemalto) Licence and software client »
In the following I will try to show how to generate user certificates on e-tokens by using the Windows CA. This tokens can be used after that for secure user authentication or signing. Prerequisites: – Install the Windows CA service. This comes a standard feature in Windows Server 2012. – Internet Explorer 9 and up… Read More: Secure authentication using SafeNet(Gemalto) security tokens and Windows CA »