recentpopularlog in


« earlier   
The Monkeysphere Project |
Frequent users of ssh are familiar with the prompt given the first time you log in to a new server, asking if you want to trust the server's key by verifying the key fingerprint. Unfortunately, unless you have access to the server's key fingerprint through a secure out-of-band channel, there is no way to verify that the fingerprint you are presented with is in fact that of the server you're really trying to connect to.
pki  gpg  ssh  cacert  security  crypto 
1 hour ago by kme
StackExchange/blackbox: Safely store secrets in Git/Mercurial/Subversion |
Safely store secrets in Git/Mercurial/Subversion. Contribute to StackExchange/blackbox development by creating an account on GitHub.
secrets  devel  git  security  crypto  encryption  puppet  collaboration 
2 hours ago by kme
Security Checklist

Be safe on the internet.
An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.
security  privacy  best-practices  web 
3 hours ago by davidgasperoni
Blockchain and Trust - Schneier on Security
To answer the question of whether the blockchain is needed, ask yourself: Does the blockchain change the system of trust in any meaningful way, or just shift it around? Does it just try to replace trust with verification? Does it strengthen existing trust relationships, or try to go against them? How can trust be abused in the new system, and is this better or worse than the potential abuses in the old system? And lastly: What would your system look like if you didn't use blockchain at all?

If you ask yourself those questions, it's likely you'll choose solutions that don't use public blockchain. And that'll be a good thing -- especially when the hype dissipates.
blockchain  security  bitcoin 
3 hours ago by yorksranter
A Deep Dive on the Recent Widespread DNS Hijacking Attacks — Krebs on Security
Some of those best practices for organizations include:

-Use DNSSEC (both signing zones and validating responses)
-Use registration features like Registry Lock that can help protect domain names records from being changed
-Use access control lists for applications, Internet traffic and monitoring
-Use 2-factor authentication, and require it to be used by all relevant users and subcontractors
-In cases where passwords are used, pick unique passwords and consider password managers
-Review accounts with registrars and other providers
-Monitor certificates by monitoring, for example, Certificate Transparency Logs
dns  security  networking  work 
3 hours ago by ahall
Stop using password manager browser extensions | Network World
Browser-based password manager extensions such as those in LastPass are risky and have the potential to steal your credentials without your knowing.
security  passwords 
4 hours ago by gma

Copy this bookmark:

to read