Why recursive Microsoft DNS servers should not be publicly reachable
US-Cert Alert (TA13-088A) DNS Amplification Attacks sums it up quite nicely. Read the rest of this entry »
-
Posted by Richard on March 30th, 2013 filed in Uncategorized | Comment now »
Citrix NetScaler 10 TLS 1.2 support
Citrix NetScaler 10.0.72.5 seems to support TLS 1.2, or at least that is what the Qualys SSL Labs test suggests. A quick check with Windows 7 and wireshark reveals that indeed the TLS 1.2 Client Hello of IE10 is answered by a TLS 1.2 Server Hello of the NetScaler. Read the rest of this entry »
-
Posted by Richard on March 18th, 2013 filed in Uncategorized | Comment now »
Securing Java Web Start for desktops
In a previous post I explained how to make sure only trusted Java applets can run outside of the Java sandbox. Unfortunately this is only half of the battle with Java on desktops. Read the rest of this entry »
-
Posted by Richard on May 16th, 2012 filed in Uncategorized | Comment now »
SplashID for iOS by @SplashData stores master password inside database: #security #fail
While at Black Hat Europe 2012 I attended an excellent talk by two Elcomsoft researchers. They investigated the security of mobile password mangers. Not surprisingly they are not all as safe as they should be. Read the rest of this entry »
-
Posted by Richard on March 17th, 2012 filed in Uncategorized | 3 Comments »
Ziggo and xs4all block of ThePirateBay.org technical details
The Dutch court ordered ISPs Ziggo and xs4all to block client’s access to thepiratebay.org and associated domain names and IP addresses. How exactly do these ISPs implement the block?
Read the rest of this entry »
-
Posted by Richard on February 1st, 2012 filed in Uncategorized | 10 Comments »
Shanghai Jiaotong University probing for Chinese IPv6 users?
My server has had an IPv6 address for a few years now. I’ve just not gotten arround to properly advertise it in my DNS zones yet. Let alone register it as a name server for my domains. Strangely enough though, every day since 28 july 2011 I see these requests in my logs:
-
Posted by Richard on January 27th, 2012 filed in Uncategorized | 1 Comment »
Strong authentication for 2012
Not so long ago, strong authentication was equivalent to two-factor authentication. Unfortunately, things have changed quite a bit in 2011.
-
Posted by Richard on January 14th, 2012 filed in Uncategorized | 1 Comment »
ING mobiel bankieren iPhone app
De ING Mobiel Bankieren iPhone app slaat slechts 1 configuratie bestand op: nl.ing.iphone.app.Bankieren.plist. Na het installeren bestaat het bestand nog niet, het wordt aangemaakt bij het koppelen van een ING rekening aan de app. Daarna bevat het de volgende gegevens:
-
Posted by Richard on November 18th, 2011 filed in Uncategorized | 3 Comments »
How I got my #28c3 tickets @ccc today
I preloaded my account with the tickets I needed, then at 15:59 I started this script:
-
Posted by Richard on November 14th, 2011 filed in Uncategorized | 2 Comments »
ING mobiel bankieren Android app
De ING Mobiel Bankieren Android app slaat slechts 1 configuratie bestand op: IngMobilePrefs.xml. Na het installeren is dit bestand vrij leeg, maar na het koppelen van een ING rekening aan de app bevat IngMobilePrefs.xml de volgende gegevens:
-
Posted by Richard on November 13th, 2011 filed in Uncategorized | 1 Comment »