security

/Tag: security

Let’s Encrypt is Trusted

Let´s encryptMit dem 19. Oktober werden die Zertifikate von Let´s Encrypt nun in allen wichtigen Browsern als vertrauenswürdig akzeptiert. Damit ist der Grundstein gelegt um eine weite Verbreitung finden zu können. Einige Jahre lang verwende ich nun schon Zertifikate von Startssl oder aber CAcert. Leider haben sich die Anbieter nie wirklich etablieren können. Mit Let´s Encrypt sehe [...]

2019-01-03T16:46:58+00:00Tags: , , , , |

Updating Amazon AWS Security Group via CLI

When there is need often to log in to your AWS hosted EC2 instance, and you care at least a bit about security, one will need to update the Security Group "Inbound rules" to allows SSH connection from your current IP address to your Amazon AWS hosted server. You have two option to do so: [...]

2019-01-03T16:46:59+00:00Tags: , , , , |

Information about mail sending PHP scripts

To be enabled to gather information about PHP emailing scripts on your server, you can add two lines to your main php.ini: mail.add_x_header = On mail.log = /var/log/phpmail.log Restart your webserver after changing the php.ini. First parameter is adding a "X-PHP-Originating-Script:" information to the mail header, stating the user name an script name sending the [...]

2015-09-23T21:21:20+00:00Tags: , , , , , , |

Bash shell vulnerable – ShellShock

Currently a new bug, named ShellShock, was announced as CVE-2014-6271 in the National Vulnerability Database. It might be even more dangerous than the SSL bug "Heartbleed" that occured some month ago. An overview, according to the web site: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote [...]

2019-01-03T16:47:11+00:00Tags: , , , , , |