An SPF record is basically a DNS record of the TXT type, which contains information about who may send email from your domain. It is used to avoid spoofing and spam. So how does it work? Basically, when a (decent)… Read More »What is an SPF record? And why use them?
Pi-hole recently released an update that tells Firefox to bypass DoH, and this might be undesirable. I have the solution! Firefox basically checks for specific DNS records, and if found, will disable DNS over HTTPS. This can be useful if… Read More »Force Firefox to use DoH (DNS over HTTPS) with Pi-hole
While VPN’s are great for virtual private networks (hence the name), it is often overkill if you just want to bypass a firewall or get an encrypted tunnel to protect yourself from snooping (e.g. on public Wi-Fi). More often than… Read More »Using an SSH tunnel to bypass firewalls and protecting yourself from snooping
Revoking certain certificates on March 4th – 5th, 2020 UTC Due to a bug related to CAA checking in Let’s Encrypt, millions of certificates will be revoked “today”. To quickly check if your domains are affected, use this tool: https://checkhost.unboundtest.com/… Read More »Let’s Encrypt 2020.02.29 CAA Rechecking Bug
I think this video is nice for people that are way over their head with “tech stuff”, as it explains some basic settings that can improve your privacy and security in a few easy taps, and it’s easy to follow.… Read More »10 iOS 13 settings to turn off
Status: sindastra.de is currently preloaded. What this means is that once it is included, your browser will know to access sindastra.de through HTTPS with valid certificate only! No exceptions! This is for your security. This also means there will be… Read More »I just submitted sindastra.de to the HSTS Preload List!
You might be running an OpenVPN server and found that your IPv6 clients get their IP leaked. I have a quick fix! The problem If your client machine has IPv4 only, you won’t notice any problems. But if your client… Read More »Quickly kill IPv6 leaks on your OpenVPN server
So you think SSH is secure? Maybe not if you have a flawed config… But I have a solution! Meet Mozilla’s ssh_scan! Mozilla provides a free scanner for SSH, which will quickly give you a grade and recommendations on how… Read More »Scan SSH servers for issues
The X-Content-Type-Options header tells browsers to stop automatically detecting the contents of files. This protects against attacks where they’re tricked into incorrectly interpreting files as JavaScript. Simply set the header to “nosniff”. X-Content-Type-Options is a header supported by Internet Explorer,… Read More »Protect your site from being tricked to run JavaScript that is not JavaScript!
Don’t let just “anyone” issue a certificate for your domain! If you run your website, you probably secure it with HTTPS (if not, you really should). And if you’re techy and smart, you’re using Let’s Encrypt to do so. This… Read More »Securing your website further with Certification Authority Authorization (CAA)