Indeed, from a server admin perspective, my server is safer if it only runs http. https/TLS is meant to prevent user that have access to the traffic to sniff it which is a different topic. I am not sure if the president is aware of this but hey, I hear plenty of things like that every day.
this scales much better: $IPTABLES -I INPUT -m set --match-set ipbl src -j DROP $IPTABLES -I FORWARD -m set --match-set ipbl src -j DROP $IPTABLES -I FORWARD -m set --match-set ipbl dst -j DROP $IPTABLES -I OUTPUT -m set --match-set ipbl dst -j DROP
add an ip to ipbl set: ipset add ipbl ${IP}
don't forget to block all ipv6 traffic if you don't need ipv6: ${IP6TABLES} -I FORWARD -i eth0 -j DROP ${IP6TABLES} -I INPUT -i eth0 -j DROP ${IP6TABLES} -I FORWARD -o eth0 -j DROP ${IP6TABLES} -I OUTPUT -o eth0 -j DROP
I am a French chef from France and it dates back to around 1500; we used to say that all an English chef could cook was oxtail and the like. Of course, this is full of BS but hey, this constitute sane competition.
This doesn't surprise me. I run modsecurity WAF and iptables, yes I know but iptables does the job for now, with custom rules and logging policies and it is amazing to see how many so called legitimate sites have been owned.
I used to contact site admins and participate in exchanges of offending IPs but I gave up a long time ago to run my own countermeasure system.
Boy we went a long way since the beginning with regards to that.
Here the goal is to make the engine spend as much fuel as possible, hence the term "chaotic combustion". The system can maintain the engine in a "chaotic combustion" state in real time;-)
Right, just attach the suborbital planes in pair with a rope to some space elevator like device and have one take off as the other land. Problem solved.
Oh and yes, that's why we were both laughing our hearts out and calling shenanigan at the same time. As I wrote in my OP, I would have been glad to generate those certs for them for 10,000$ instead of the 30,000,000$ they spent. But hey, a buck a piece for certs is a great deal, isn't it?
The usb key solution was suggested as well but the conclusion was that dumb users would lose their usb keys and that it would become too costly to manage.
In the end, we seem to be doomed unless we educate people.
I agree it is currently. It is funny although what a little education could do but most of the times, educated people are less easy to profit from. Therefore, marketing guys will rarely suggest educating people as a solution.
I entirely agree but for some, namely the ones who still use symmetric keys, this has become an old school thought.
In Canada, the government bought 30 millions certificates for all its citizens in oder to authenticate for government on line services for a buck a piece. Total: 30,000,000$
I would have been glad to provide it to them for 10,000$ and guess what? All privaye keys were kept centrally;-) Us, old school guys just couldn't believe it.
The big thinkers/marketing guys decided that it was just to complicated for citizens to manage and keep their secret key in a secure location.
Slashdot Mirror
Indeed, from a server admin perspective, my server is safer if it only runs http. https/TLS is meant to prevent user that have access to the traffic to sniff it which is a different topic. I am not sure if the president is aware of this but hey, I hear plenty of things like that every day.
I already installed STARTTLS on Mrs. Clinton mail server last week.
You need a WAF these days. I use mod_security. It can save your arse from zero days sometimes.
this scales much better:
$IPTABLES -I INPUT -m set --match-set ipbl src -j DROP
$IPTABLES -I FORWARD -m set --match-set ipbl src -j DROP
$IPTABLES -I FORWARD -m set --match-set ipbl dst -j DROP
$IPTABLES -I OUTPUT -m set --match-set ipbl dst -j DROP
add an ip to ipbl set:
ipset add ipbl ${IP}
don't forget to block all ipv6 traffic if you don't need ipv6:
${IP6TABLES} -I FORWARD -i eth0 -j DROP
${IP6TABLES} -I INPUT -i eth0 -j DROP
${IP6TABLES} -I FORWARD -o eth0 -j DROP
${IP6TABLES} -I OUTPUT -o eth0 -j DROP
Can they mount Linux partitions on these mount points?
Thank you, Thank you.
I do not know how to thank you enough for this advice, I am going to make use of it from now on.
Yeah, we need cable TV in every suite for those high paying commercial customers.
There is a legislation coming up forcing all 3d printers to incorporate a serial number in all 3d printed guns.
I didn't know caves had basements, I am still trying to imagine it.
That's a good one! ;-)
I am a French chef from France and it dates back to around 1500; we used to say that all an English chef could cook was oxtail and the like. Of course, this is full of BS but hey, this constitute sane competition.
yes but it is much easier to to it with mod_security, as mentioned in my OP, for my users and to make sure we ain't serving any.
This doesn't surprise me. I run modsecurity WAF and iptables, yes I know but iptables does the job for now, with custom rules and logging policies and it is amazing to see how many so called legitimate sites have been owned.
I used to contact site admins and participate in exchanges of offending IPs but I gave up a long time ago to run my own countermeasure system.
Boy we went a long way since the beginning with regards to that.
Here the goal is to make the engine spend as much fuel as possible, hence the term "chaotic combustion". The system can maintain the engine in a "chaotic combustion" state in real time ;-)
1) be ready when your watch shows 00:00:00
2) wait until it shows 00:00:01
3) press button
4) now watch shows 00:00:00
elapsed time: 1 second
did you ever own a watch?
> So, what do you intend to do during that extra second added to that day? Well, you may want to fix your systems.
Nah, I am just going to going to set my watch during that extra second.
I prefer to always carry a safe file in my pockets. I allowed me to open a few.
https://en.wikipedia.org/wiki/...
I don't think he is. The Concorde had a weakness that was discovered only in one of the last flight.
https://en.wikipedia.org/wiki/...
Right, just attach the suborbital planes in pair with a rope to some space elevator like device and have one take off as the other land. Problem solved.
>Thirdly, "bought" 30 million certs?
Oh and yes, that's why we were both laughing our hearts out and calling shenanigan at the same time. As I wrote in my OP, I would have been glad to generate those certs for them for 10,000$ instead of the 30,000,000$ they spent. But hey, a buck a piece for certs is a great deal, isn't it?
The usb key solution was suggested as well but the conclusion was that dumb users would lose their usb keys and that it would become too costly to manage.
In the end, we seem to be doomed unless we educate people.
I agree it is currently. It is funny although what a little education could do but most of the times, educated people are less easy to profit from. Therefore, marketing guys will rarely suggest educating people as a solution.
http://www.isacc.ca/isacc/_doc...
In the end, education and instant knowledge is needed.
I entirely agree but for some, namely the ones who still use symmetric keys, this has become an old school thought.
In Canada, the government bought 30 millions certificates for all its citizens in oder to authenticate for government on line services for a buck a piece. Total: 30,000,000$
I would have been glad to provide it to them for 10,000$ and guess what? All privaye keys were kept centrally ;-) Us, old school guys just couldn't believe it.
The big thinkers/marketing guys decided that it was just to complicated for citizens to manage and keep their secret key in a secure location.
Very nice thoughts. Just to let you know, English ain't my mother tongue.
It would still be English, it is how it evolved.