Where to publish your PGP key
Why you shouldn't use SKS, and what to use instead.
How to prevent ZFS leaks of encrypted dataset
A guide to easily prevent ZFS leaks.
Real world Log4j hacks (Minecraft)
You probably heard of the Log4j vulnerability by now, and you probably know that (the original) Minecraft is written in Java, and so is the server, and it uses Log4j. So, Minecraft servers are affected by this. I do run a small Minecraft server network (https://www.bitloco.org) but I haven't had [...]
Craig Federighi (Apple): Sideloading is a cybercriminal’s best friend
In today's article, I'd like to talk about the pros and cons of sideloading, playing devil's advocate, offering a counter-argument and finally a possible solution to allow it in a secure fashion. Craig Federighi, Apple's current Senior Vice President of Software Engineering said in the Web Summit 2021: "Sideloading is [...]
How to set up PGP WKD (Web Key Directory)
Brief Today I'll show you how to set up PGP WKD (Web Key Discovery), to easily distribute your public key, so that anyone who has your email address will be able to get your public key (in some cases automatically) while being reasonably sure that it's the real key. Requirements [...]
Apple released iOS 14.8 just days before iOS 15 and here’s why
Apple just released iOS 14.8, which comes as a surprise considering we're expecting iOS 15 any day now. Since iOS 6, Apple released every new version of iOS in mid-September, and we expect no different this year. So, why release iOS 14.8 on September 13th? What's even more interesting is, [...]
Google’s Advanced Protection Program is a joke
Today, I wanted to sign in to one of my old Google accounts. And like all my Google accounts, this one also uses Google's Advanced Protection Program. If you don't know, Google's Advanced Protection Program is a thing you can enable for your Google account which enforces the use of [...]
How spammers are tricking email filters and users with Google
If you read my previous blog post about an undocumented ProtonMail feature, and how I've been receiving spam, well, then you know that I've been receiving spam from the same attacker. The spammers are including a nefarious link, as one would expect. But here's the interesting part: They're using the [...]
Windows CVE-2021-34527 Workaround
A serious security hole that is actively being exploited puts your Windows machines at risk. A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then [...]
How I got Minecraft DDoS protection at home
Background Some time ago, at the end of last year or so, I did set up a Minecraft server at home. It's public, in the sense that anyone can join, but it's not listed anywhere other than on its small website. So, for now it's used by friends only. But [...]