Section Apache 2.1.1 recommends Rewrite instead of Redirect. Should be 301! (We correctly recommend 301 in the nginx section.)
+2014-02-11 19:41
+OpenVPN cipher string doesn't work with 2.3.2 according to: @bong0.
+tlc-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-128-CBC-SHA:TLS-RSA-WITH-AES-128-CBC-SHA
+http://twitter.com/bong0/status/433306823001526272
+http://twitter.com/bong0/status/433307537375387648
+http://nopaste.info/d194fdaa78.html
+guid string produces deprecated warning, no errors.
+user's OpenVPN linked against OpenSSL 1.0.0. on Wheezy backport.
+http://packages.debian.org/wheezy-backports/openvpn
+
+
BIG TOPICS
==========
and hardware against exploits, basic IT security housekeeping, information
assurance techniques, traffic analysis attacks, issues with key-roll over and
key management, securing client PCs and mobile devices (theft, loss), proper
-Operations Security\footnote{\url{http://en.wikipedia.org/wiki/Operations_security}}, social
+Operations Security\footnote{\url{https://en.wikipedia.org/wiki/Operations_security}}, social
engineering attacks, anti-tempest~\cite{Wikipedia:Tempest} attack techniques,
protecting against different side-channel attacks (timing--, cache timing--,
differential fault analysis, differential power analysis or power monitoring
\item Elliptic Curve Cryptography in Practice: \url{http://eprint.iacr.org/2013/734.pdf}
\item Factoring as a Service: \url{http://crypto.2013.rump.cr.yp.to/981774ce07e51813fd4466612a78601b.pdf}
\item Black Ops of TCP/IP 2012: \url{http://dankaminsky.com/2012/08/06/bo2012/}
- \item SSL and the Future of Authenticity, Moxie Marlinspike - Black Hat USA 2011: \url{http://www.youtube.com/watch?v=Z7Wl2FW2TcA}
+ \item SSL and the Future of Authenticity, Moxie Marlinspike - Black Hat USA 2011: \url{https://www.youtube.com/watch?v=Z7Wl2FW2TcA}
\item ENISA - Algorithms, Key Sizes and Parameters Report (Oct.'13) \url{http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report}
\item Diffie-Hellman Groups \url{http://ibm.co/18lslZf}
\item Diffie-Hellman Groups standardized in RFC3526~\cite{rfc3526} \url{https://datatracker.ietf.org/doc/rfc3526/}
\item ECC-enabled GnuPG per RFC6637~\cite{rfc6637} \url{https://code.google.com/p/gnupg-ecc}
\item TLS Security (Survey + Lucky13 + RC4 Attack) by Kenny Paterson \url{https://www.cosic.esat.kuleuven.be/ecc2013/files/kenny.pdf}
\item Ensuring High-Quality Randomness in Cryptographic Key Generation \url{http://arxiv.org/abs/1309.7366v1}
- \item Wikipedia: Ciphertext Stealing \url{http://en.wikipedia.org/wiki/Ciphertext_stealing}
- \item Wikipedia: Malleability (Cryptography) \url{http://en.wikipedia.org/wiki/Malleability_(cryptography)}
+ \item Wikipedia: Ciphertext Stealing \url{https://en.wikipedia.org/wiki/Ciphertext_stealing}
+ \item Wikipedia: Malleability (Cryptography) \url{https://en.wikipedia.org/wiki/Malleability_(cryptography)}
\item Ritter's Crypto Glossary and Dictionary of Technical Cryptography \url{http://www.ciphersbyritter.com/GLOSSARY.HTM}
\end{itemize*}
%%\subsection{Database Systems}
-% This list is based on : http://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
+% This list is based on : https://en.wikipedia.org/wiki/Relational_database_management_system#Market_share
%% ----------------------------------------------------------------------
\subsection{Oracle}
cipher AES-256-CBC
auth SHA384
-# http://openvpn.net/index.php/open-source/documentation/howto.html#mitm
+# https://openvpn.net/index.php/open-source/documentation/howto.html#mitm
remote-cert-tls server
tls-remote server.example.com
\subsubsection{References}
\begin{itemize*}
- \item OpenVPN Documentation: \emph{Security Overview} \url{http://openvpn.net/index.php/open-source/documentation/security-overview.html}
+ \item OpenVPN Documentation: \emph{Security Overview} \url{https://openvpn.net/index.php/open-source/documentation/security-overview.html}
\end{itemize*}
%\subsubsection{How to test}
ssl_ciphers '%*\cipherStringB*)';
add_header Strict-Transport-Security max-age=15768000; # six months
# use this only if all subdomains support HTTPS!
-# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"
+# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
\end{lstlisting}
If you absolutely want to specify your own DH parameters, you can specify them via
\hyperref{http://stackexchange.com/}{}{}{Mathematics}}
}
@string {I_PolarSSL =
- {\hyperref{http://polarssl.org/}{}{}{PolarSSL}}
+ {\hyperref{https://polarssl.org/}{}{}{PolarSSL}}
}
@string {I_Stackexchange =
{\hyperref{http://stackexchange.com/}{}{}{Stackexchange}
\hyperref{http://stackexchange.com/}{}{}{Site}}
}
@string {I_Wikipedia =
- {\hyperref{http://wikipedia.org/}{}{}{Wikipedia}}
+ {\hyperref{https://wikipedia.org/}{}{}{Wikipedia}}
}
@string {I_Wolfram =
{\hyperref{http://mathworld.wolfram.com/}{}{}{Wolfram}
\hyperref{http://mathworld.wolfram.com/}{}{}{Mathworld}}
}
@string {J_TOMACS =
- {\hyperref{http://tomacs.acm.org/}{}{}{ACM}
- \hyperref{http://tomacs.acm.org/}{}{}{Transactions}
- \hyperref{http://tomacs.acm.org/}{}{}{on}
- \hyperref{http://tomacs.acm.org/}{}{}{Modeling}
- \hyperref{http://tomacs.acm.org/}{}{}{and}
- \hyperref{http://tomacs.acm.org/}{}{}{Computer}
- \hyperref{http://tomacs.acm.org/}{}{}{Simulation}}
+ {\hyperref{https://tomacs.acm.org/}{}{}{ACM}
+ \hyperref{https://tomacs.acm.org/}{}{}{Transactions}
+ \hyperref{https://tomacs.acm.org/}{}{}{on}
+ \hyperref{https://tomacs.acm.org/}{}{}{Modeling}
+ \hyperref{https://tomacs.acm.org/}{}{}{and}
+ \hyperref{https://tomacs.acm.org/}{}{}{Computer}
+ \hyperref{https://tomacs.acm.org/}{}{}{Simulation}}
}
@inproceedings{HDWH12,
year = {2013},
month = Dec,
type = {Wikipedia},
- url = {http://en.wikipedia.org/wiki/dev/random},
+ url = {https://en.wikipedia.org/wiki/dev/random},
note = {Accessed 2013-12-06},
}
year = {2013},
month = Dec,
type = {Wikipedia},
- url = {http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
+ url = {https://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States},
note = {Accessed 2013-12-09},
}
year = {2013},
month = Dec,
type = {Wikipedia},
- url = {http://en.wikipedia.org/wiki/TinyCA},
+ url = {https://en.wikipedia.org/wiki/TinyCA},
note = {Accessed 2013-12-24},
}
% A good background on PKIs can be found in
% \footnote{\url{https://developer.mozilla.org/en/docs/Introduction_to_Public-Key_Cryptography}}
% \footnote{\url{http://cacr.uwaterloo.ca/hac/about/chap8.pdf}}
-% \footnote{\url{http://www.verisign.com.au/repository/tutorial/cryptography/intro1.shtml}}
+% \footnote{\url{https://www.verisign.com.au/repository/tutorial/cryptography/intro1.shtml}}
% .
% \todo{ts: Background and Configuration (EMET) of Certificate Pinning,
\begin{figure}[h]
\centering
\includegraphics[width=0.4\textwidth]{img/random_number.png}
- \caption{xkcd, source: \url{http://imgs.xkcd.com/comics/random_number.png}, license: CC-BY-NC}
+ \caption{xkcd, source: \url{https://imgs.xkcd.com/comics/random_number.png}, license: CC-BY-NC}
\label{fig:dilbertRNG}
\end{figure}
that ensures confidentiality even if the server key has been compromised.
Thus if traffic has been recorded it can not be decrypted even if an adversary
has got hold of the server key
-\footnote{\url{http://en.wikipedia.org/wiki/Forward\_secrecy}}
+\footnote{\url{https://en.wikipedia.org/wiki/Forward\_secrecy}}
\footnote{\url{https://www.eff.org/deeplinks/2013/08/pushing-perfect-forward-secrecy-important-web-privacy-protection}}
\footnote{\url{http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html}}.
Server checks via the web
\begin{itemize*}
- \item \href{http://ssllabs.com}{ssllabs.com} offers a great way to check your webserver for misconfigurations. See \url{https://www.ssllabs.com/ssltest/}. Furthermore, ssllabs.com has a good best practices tutorial, which focuses on avoiding the most common mistakes in SSL.
- \item SSL Server certificate installation issues \url{http://www.sslshopper.com/ssl-checker.html}
+ \item \href{https://ssllabs.com}{ssllabs.com} offers a great way to check your webserver for misconfigurations. See \url{https://www.ssllabs.com/ssltest/}. Furthermore, ssllabs.com has a good best practices tutorial, which focuses on avoiding the most common mistakes in SSL.
+ \item SSL Server certificate installation issues \url{https://www.sslshopper.com/ssl-checker.html}
\item Check SPDY protocol support and basic TLS setup \url{http://spdycheck.org/}
\item XMPP/Jabber Server check (Client-to-Server and Server-to-Server) \url{https://xmpp.net/}
\item Luxsci SMTP TLS Checker \url{https://luxsci.com/extranet/tlschecker.html}
Command line tools
\begin{itemize*}
- \item \url{http://sourceforge.net/projects/sslscan} connects to a given SSL service and shows the cipher suites that are offered.
- \item \url{http://checktls.com} is a tool for testing arbitrary TLS services.
+ \item \url{https://sourceforge.net/projects/sslscan} connects to a given SSL service and shows the cipher suites that are offered.
\item \url{http://www.bolet.org/TestSSLServer/} tests for BEAST and CRIME vulnerabilities.
\item \url{https://github.com/iSECPartners/sslyze} Fast and full-featured SSL scanner
\item \url{http://nmap.org/} nmap security scanner
my $apilevel = shift || die $usage;
# versions indexed by API level
-# source: http://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels
+# source: https://developer.android.com/guide/topics/manifest/uses-sdk-element.html#ApiLevels
my %androidversion = ( 2 => '1.1',
3 => '1.5',
4 => '1.6',
git.bettercrypto.org / ach-master.git / commitdiff