18 September 2014
I recently heard of HSTS which is a way to force users to come back to your website in SSL if they’ve already be to HTTPS once. It is simple, just add this line:
# HSTS (force users to come in SSL if they've already been once)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
If you want to have … Continue reading
25 May 2014
As you may know, related to a previous post, I was using Aviate launcher on Android. I was so happy with it that I started to speak about it around me and promoted it. My friend Romaric (@evoxmusic) informed me … Continue reading
21 May 2014
Last week, have been faced on a big sniffing issue on my wiki. The guy wanted to download all my wiki content. In reality I do not really care as it is open, free for read and contribution is welcome. … Continue reading
15 April 2014
NAXSI means Nginx Anti Xss & Sql Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known … Continue reading
8 April 2014
A big and major issue on OpenSSL has been discovered and everybody is talking about it. To get more informations, there’s a website. How to check the vulnerability, download this file:
Now launch it:
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 5559
... received message: type = 22, ver = 0302, length = 587
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .@....SC[...r...
3ff0: 70 78 20 30 20 33 70 78 20 31 2E 35 65 6D 3B 6D px 0 3px 1.5em;m
WARNING: server returned more data than it should - server is vulnerable!
I was vulnerable as … Continue reading
27 January 2014
I already talked about nftables and it has now been implemented in the 3.13 kernel ! For those who never heard of that, it’s a kernel built in replacement of iptables. All features are not there yet but should be … Continue reading
24 November 2013
If you’re not aware that the next kernel version will replace iptables by nftables, it’s time to learn on how it works, what are the features, why the change and how to use it. If like me, you love PF, … Continue reading