Archive for the ‘Security’ Category
During a recent password audit at the Bank Of Ireland it was found that Paddy O'Toole was using the following password:
MickeyMinniePlutoHueyLouieDeweyDonaldGoofyDublin
When Paddy was asked why he had such a long password : he replied
"Bejazus! are yez feckin' stupid? Shore Oi was told me password had to be at least 8 characters long and include [...]
One of our Web servers was rendered almost useless for clients because the Certificate Revocation List we have on it, expired. To avoid that happening again, I decided to implement a check for the CRL expiry as a Nagios (respectively Icinga) plugin.
I grabbed the OpenSSL source code, and in the apps/ directory, I used the [...]
Es sind nur noch knapp 4000 Stimmen notwendig damit die Petition gegen die Indizierung und Sperrung von Internetseiten 100.000 Stimmen erhält.
Worum geht es hier?
Wir fordern, daß der Deutsche Bundestag die Änderung des Telemediengesetzes nach dem Gesetzentwurf des Bundeskabinetts vom 22.4.09 ablehnt. Wir halten das geplante Vorgehen, Internetseiten vom BKA indizieren & von den Providern sperren [...]
It turns out that newer Cisco IOS releases (don't ask which — I don't know) expect to see an "issuing distribution point" in the Certificate Revocation List (CRL) the routers load to check for expired certificates.
I didn't know, but there is a such a thing as an Issuing Distribution Point (IDP) in OpenSSL, but it [...]
If you've ever written a setuid program and thought about the security implications, you'll know that it is a messy job to get straight.
I've been reading a very interesting article by Tsafir, da Silva and Wagner called The Murky Issue of Changing Process Identity: revising "setuid de-mystified" in the March 2009 UKUUG newsletter. The authors [...]