Author: Robby Pedrica
-
The double-edged sword of ECH
Definition: ECH: Encrypted Client Hello Encrypted Client Hello (ECH) is a successor to ESNI and masks the Server Name Indication (SNI) that is used to negotiate a TLS handshake. This means that whenever a user visits a website that has ECH enabled, no one except for the user, and the website owner can determine which…
-
Explaining SSL Certificates
SSL Certificates might seem a bit of a minefield but they’re actually fairly straightforward. In this blogpost, I’ll explain the different types of certificates and where you would/should use for what purpose. Understanding PKI Certificates The certificates I’m discussing here are PKI (public key infrastructure) certificates where one will have a private certificate for the…
-
LinkedIn and the AI scam (again)
Linked decided yesterday (18th Sep 2024) that it will automatically switch on scraping of all its users’ data for AI training purposes. The setting options come with an explanation saying that this feature gives “LinkedIn and its affiliates” permission to “use your personal data and content you create on LinkedIn to train generative AI models…
-
The crowd strikes back, and other cool stories
I thought I’d give you some vague thoughts on this past Friday’s Crowdstrike (CS) debacle and the topic of security products in general. To say that CS screwed up this past week is putting it mildly. An estimated 9M endpoints were affected by CS’ borked update that was delivered to its Falcon product early Friday…
-
Noordwijk Aan Zee cycle route
I took a cycle trip on Sunday 5th May around the famous Bollenstreek area (South Holland province), which is well known for its lush flower fields during the Netherland’s early spring season. You’ve probably seen pictures of the expansive fields full of tulips and other flowers; unfortunately, that flowering period is very short and in…
-
Big Tech Abuse – Meta & Google
Facebook has been at the forefront of social media user and privacy abuse for years. Being caught out in the Cambridge Analytica scandal was not an isolated event. Newly unsealed court documents from a private antitrust lawsuit detail abuses of trust that are cynical and unethical at the very minimum. The following screenshot of a…
-
AI and the truth
We are possibly at one of the greatest inflection points in human history. Strong words, but hear me out … In recent years, it’s become trendy to push one’s own truth in the absence of fact. This trend is known as wokeism, and has been and is being pushed in many social areas such as…
-
FortiGate SSL VPN security
Most firewall engineers using FortiGate will implement the SSL VPN function using the standard method as indicated in the documentation. Fortinet do provide additional information on securing SSL VPN but there’s even more you can do. I’ll go through a number of essential tasks to cover when implementing SSL VPN and some options to improve…
-
Google Chrome and privacy – opposing forces?
Audio transcription The Google Chrome browser was first released in Sep 2008 as an alternative to rival browsers, to “address perceived shortcomings in those browsers and to support complex web applications”. Google also wanted a browser that could better integrate with its own web services and technologies. That last statement speaks to the heart of…
-
Kaspersky finds hardware backdoor in 5 generations of Apple silicon
Audio transcript There are some readers here who will understand the import of the statement above and not believe it, and there are others who are not in a position to understand it all. For both camps, I’ll attempt to explain the details around what is (confirmed and corroborated by others) arguably one of the…
-
Plex Discover: a lesson in privacy
Audio Transcript It’s a common refrain: my data isn’t important so I don’t need to protect it, I’m unimportant so my information doesn’t matter … There’s recently been some horror stories of overly ‘ambitious’ policing of internet-related activities. Like the father who sent pictures of his son with a developing issue to their doctor for…
-
PKI, processes and security
Audio transcript PKI, or Public Key Infrastructure, is the general term used for establishing and managing public key encryption, one of the most common forms of internet encryption. It is baked into every web browser (and many other applications) in use today to secure traffic across the public internet, but organizations can also deploy it…
-
RHEL and the attack of the clones
A short note on Red Hat’s recent decision to restrict access to RHEL source code … What’s this all about? In 2020, Red Hat stopped providing Centos as an upstream project to RHEL (near the beginning of the support cycle for v8). Considering that Centos was used as a binary-compatible version of RHEL by many…
-
DNS Security
There are a couple of areas in IT security that are often glossed over or deemed as unimportant. The DNS service is one of these, and ignored at our own peril. Let’s do a deep(-ish) dive into this often misunderstood service that is critical to everyone’s IT infrastructure. First, some background … DNS as a…
-
Authenticator App Security
One would think that your authenticator app would be a secure app? Right? But what happens when your authenticator app tracks your usage and records your behaviours? Well it seems that this is a fairly common practice amongst even the most popular of apps. Naomi Brockwell recently did a YT video discussing the results of…