A friend mentioned this to me & of course I had to back the device, since it looks like a Flipper alternative, but has Wi-Fi built into their board. I’ll admit, I do still need to read all of their details, but if the community here is anything like Flipper’s, & for only $119 on […]
Category: Security 🔐
Using ModSecurity Rules with nginx
I wanted to make note of this page, because it was a huge help getting the ModSecurity OWASP rule set working with nginx. LinuxBabe: How to Set Up ModSecurity with Nginx on Debian/Ubuntu Then to start exempting specific pages from specific rule ID’s, you’ll using these three commands quite a bit: `tailf /var/log/modsec_audit.log``sudo nano /etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf``sudo […]
Dergnz: Fun things to try with your Flipper Zero (and wifi devboard)
I’ve had a tab with this site open in my browser for weeks so I don’t forget to go to it, but still haven’t had time to sit down & go through it, to see what I might want to try. So I might as well drop it here as a reminder & in case […]
Mozilla SSL Configuration Generator
I came across this while configure some local services using nginx, & wanted to make note of it: Mozilla SSL Configuration Generator.
Malwarebytes Labs: Relax. Internet password books are OK
Source: Malwarebytes Labs: Relax. Internet password books are OK So this was posted on April Fools’ Day, but I do believe it’s a serious post & I agree with the content. The author brings up the point early: Whether using a physical password book is a good thing depends on your threat model & risk. […]
The Hacker News: Google Reveals What Personal Data Chrome and Its Apps Collect On You
Source: The Hacker News: Google Reveals What Personal Data Chrome and Its Apps Collect On You And this is why I avoid using Chrome where possible:
Protecting Linux Login with 2FA
This is definitely not the first time I’ve tried getting this working, but glad I was finally able to. Looks like if I had read a bit more, I never would have run into issues… By the second or third time I ran into problems, I at least figured out why: with my home directory […]
Password “Complexity” Requirement
I actually forget what web site this one, but found this little gem while trying to setup a new account: No, I didn’t actually make my password “password123” but I would have thought a site warning my against it wouldn’t allow “password”+< something >. The fact that it wouldn’t accept my random password probably should […]
Moving from Authy to Another 2FA App
Despite the convenience of having Authy’s ability to sync across devices, I decided I wanted to change my 2FA app to Android’s andOTP. To do this (without unenrolling & re-enrolling myself in 2FA for my 50+ services), I needed to find a way to export my secrets from Authy. I did find a few posts […]
Scammers Using Microsoft’s Support Site
I just came across this video (posted yesterday), where scammers are leveraging Microsoft’s legitimate support site at https://support.microsoft.com/help. This was after I received a fake Microsoft support call. Unfortunately, I didn’t have a dummy VM ready to waste their time, but glad I found out about the use of Microsoft’s site. Because Microsoft uses LogMeIn, […]