While VPN's are great for virtual private networks (hence the name), it is often overkill if you just want to bypass a firewall or get an encrypted tunnel to protect yourself from snooping (e.g. on public Wi-Fi). More often than not, a VPN is also a paid service unless you [...]
Revoking certain certificates on March 4th - 5th, 2020 UTC Due to a bug related to CAA checking in Let's Encrypt, millions of certificates will be revoked "today". To quickly check if your domains are affected, use this tool: https://checkhost.unboundtest.com/ If your domain is affected, you have to renew your [...]
I think this video is nice for people that are way over their head with "tech stuff", as it explains some basic settings that can improve your privacy and security in a few easy taps, and it's easy to follow. This is why I decided to post it here, in [...]
Status: sindastra.de is currently preloaded. What this means is that once it is included, your browser will know to access sindastra.de through HTTPS with valid certificate only! No exceptions! This is for your security. This also means there will be no HTTP to HTTPS redirect that could get manipulated in [...]
You might be running an OpenVPN server and found that your IPv6 clients get their IP leaked. I have a quick fix! The problem If your client machine has IPv4 only, you won't notice any problems. But if your client machine has IPv6, and your OpenVPN server is IPv4 only, [...]
So you think SSH is secure? Maybe not if you have a flawed config... But I have a solution! Meet Mozilla's ssh_scan! Mozilla provides a free scanner for SSH, which will quickly give you a grade and recommendations on how to improve your setup. The scanner needs to be downloaded [...]
The X-Content-Type-Options header tells browsers to stop automatically detecting the contents of files. This protects against attacks where they're tricked into incorrectly interpreting files as JavaScript. Simply set the header to "nosniff". X-Content-Type-Options is a header supported by Internet Explorer, Chrome and Firefox 50+ that tells it not to load [...]
Don't let just "anyone" issue a certificate for your domain! If you run your website, you probably secure it with HTTPS (if not, you really should). And if you're techy and smart, you're using Let's Encrypt to do so. This would mean that Let's Encrypt is your CA (Certificate Authority). [...]
Just a quick one to improve things! Beginning January 2020, SSLLabs.com will give you a grade B if you still have TLS 1.0 or 1.1 enabled, as it's considered insecure. The following is an example warning you might see: Screenshot of warning on ssllabs.com So let's disable that weak stuff, [...]
SMS 2FA: Two Factor Authentication by SMS.In many cases, it's better to not have 2FA than SMS 2FA. As a rule of thumb, don't ever hand out your mobile number to sites. The problem with SMS authentication SMS authentication is completely insecure, as has been proven multiple times in the [...]