If you are running your own mail services, you might already have noticed, that there is a lot of SPAM originating (or actually faking) from @aol.com addresses.
What is the first thing you are thinking off, when it comes to disk encryption/pen drive encryption? Most people will most likely answer this question with “TrueCrypt”. TrueCrypt is a great product. It’s Open-Source and free. It has a great feature set, is well-known in the industry and is available on Linux, MacOS X and Windows.
This week was a hard week for security companies (and some others). Most of you might have read about the KDMS and their recent DNS-Hijacking attacks to Leaseweb, Avira, AVG, WhatsApp, Alexa and even Redtube. Today they also hijacked metasploit.com.
6 years ago I wrote this blog post about protecting your privacy by utilizing encryption technologies. Today this post is current more than ever. Is there really a reason to not encrypt your communication? I’d say: No!
In these days, I am thinking a lot about encryption and integrity of communication channels. Every mail I send, is automatically signed via my GPG key. I am doing this, not only to remind people of the fact, that GPG/PGP exists and that they should use it. I am primarily doing it for its main purpose, to give the recipients the possibility to verify the integrity of the mail and that it was really sent by myself. Today I thought… well, as I give the recipients of my mails this option, why shouldn’t I give this option also to the readers of my blog?
Today I learned again, that sometimes the devil is in the details. We are running OpenVPN since years. We are running it in a way, that we differ between “normal users” and “power users”. While normal users are restricted to perform only the least needed within the VPN, power users (like NetOps) are granted a couple of more things. We are using the “client-config-dir” option for this. Basically a power user will have a special config file in that client-config-dir that assigns the different options to the user, once he connects.
Last week I attended the (ISC)² Security Congress 2013 in Chicago, which took part as sub-congress with the ASIS 59th Annual Seminar and Exhibits. As I am planning to do my CISSP certification in December, we (my company and I) though, that this would be a good opportunity to get prepared and to get some more background on the certification. Also the presentations and sessions sounded actually pretty interessting- eventually they weren’t.