/dev/blog

A tale of awesomazing sandcastles

Do we need a new Internet? According to various researchers and professors in the Internet field, yes. They have developed a new network architecture: Scalability, Control, and Isolation on next-generation Networks (SCION), which I would like to introduce to you. I was attanding a talk of the ISSS (Internet Security Society Switzerland) and Adrian Perrig personally presented his work, which has been ongoing since 2009, to the participants.

Continue Reading...

Anyone who has already dealt with the security of the DNS protocol had to realize that it can be easily manipulated, monitored and censored without much effort. These censors are not only theory, but are already implemented by various countries. To cover these topics in the DNS protocol, several extensions were specified, such as DNSSEC with DANE/TLSA to detect man-in-the-middle attacks. The newest approaches in this area go a step further and encrypt the whole DNS traffic.

Continue Reading...

Recently I noticed, that reading some code and text in the gnome terminal under Fedora is difficult for me, especially by low screen lightning on my laptop. The default color scheme has some really bright white foreground color and has been bothering me for some time, therefore I have searched a new color scheme, that appears less glaring to me. It should also support a enjoyable code syntaxhighlighting and have a good contrast.

Continue Reading...

The last few months sysadmins, engineers and security components were on needles. Many security holes were found and patched. And in this case, patched means patched in the code, built binaries and pushed out by the sysadmins. Specially in the SSL/TLS segment, resp. openssl and its algorithms.

UPDATE (21. Oct 2017):
Needless to say, there is always improvement on security, so I updated the mentioned ciphers, protocols and configurations in this article.

But not everything can be patched if its weak by nature. There are protocols, which are now insecure and you should not...

Continue Reading...

Yubikey is a great piece of hardware with a lot of functions in a size of an usb stick. Two of the stores are a gpg, and a pki applet, which each can hold gpg keys or x509 Certificates. The PKI applet can be used for storing certificates, which then can be used for signing emails (s/mime), authentication, even encrypting. Here is a little summary how I am using my yubikey.

Continue Reading...