Hacker News
- Don't update NTP – stop using it (2014) https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html 0 comments
- How to Create a Secure, Random Password with JavaScript https://blog.hboeck.de/archives/907-How-to-create-a-Secure,-Random-Password-with-JavaScript.html 2 comments
- Please do not put IP addresses into DNS MX records https://blog.hboeck.de/archives/904-Please-do-not-put-IP-addresses-into-DNS-MX-records.html 176 comments
- Generating Crime Safe CSRF Tokens https://blog.hboeck.de/archives/900-Generating-CRIME-safe-CSRF-tokens.html 7 comments
- Userdir URLs like https://example.org/~username/ are dangerous https://blog.hboeck.de/archives/899-Userdir-URLs-like-httpsexample.orgusername-are-dangerous.html 131 comments
- #include </etc/shadow> https://blog.hboeck.de/archives/898-include-etcshadow.html 121 comments
- How I Tricked Symantec with a Fake Private Key https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html 38 comments
- Don't Leave Coredumps on Web Servers https://blog.hboeck.de/archives/887-Dont-leave-Coredumps-on-Web-Servers.html 32 comments
- How Heartbleed could've been found https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html 40 comments
- Comodo ships Adware Privdog worse than Superfish https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html 46 comments
- Don't update NTP – stop using it https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html 2 comments
- LibreSSL on Gentoo https://blog.hboeck.de/archives/851-LibreSSL-on-Gentoo.html 17 comments
Lobsters
- Please do not put IP addresses into DNS MX records https://blog.hboeck.de/archives/904-Please-do-not-put-IP-addresses-into-DNS-MX-records.html 7 comments email
- Userdir URLs like https://example.org/~username/ are dangerous https://blog.hboeck.de/archives/899-Userdir-URLs-like-httpsexample.orgusername-are-dangerous.html 15 comments security , web
- #include </etc/shadow> https://blog.hboeck.de/archives/898-include-etcshadow.html 9 comments c , security
- Security Issues with PGP Signatures and Linux Package Management https://blog.hboeck.de/archives/897-Security-Issues-with-PGP-Signatures-and-Linux-Package-Management.html 5 comments linux , security
- How my personal Bug Bounty Program turned into a Free Security Audit for the Serendipity Blog https://blog.hboeck.de/archives/896-How-my-personal-Bug-Bounty-Program-turned-into-a-Free-Security-Audit-for-the-Serendipity-Blog.html 4 comments php , security , web
- Efail: HTML Mails have no Security Concept and are to blame https://blog.hboeck.de/archives/894-Efail-HTML-Mails-have-no-Security-Concept-and-are-to-blame.html 3 comments cryptography , security
- In Search of a Secure Time Source https://blog.hboeck.de/archives/890-In-Search-of-a-Secure-Time-Source.html 9 comments cryptography , security
- Abandoned Domain Takeover as a Web Security Risk https://blog.hboeck.de/archives/889-Abandoned-Domain-Takeover-as-a-Web-Security-Risk.html 2 comments javascript , security , web
- How I tricked Symantec with a Fake Private Key https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html 5 comments cryptography , security
- Don't leave Coredumps on Web Servers https://blog.hboeck.de/archives/887-Dont-leave-Coredumps-on-Web-Servers.html 5 comments debugging , linux , security , web
- The Problem with OCSP Stapling and Must Staple and why Certificate Revocation is still broken https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html 3 comments cryptography , web
- #include </etc/shadow> https://blog.hboeck.de/archives/898-include-etcshadow.html 13 comments programming
- #include </etc/shadow> https://blog.hboeck.de/archives/898-include-etcshadow.html 10 comments netsec
- efail: Outdated Crypto Standards are to blame https://blog.hboeck.de/archives/893-efail-outdated-crypto-standards-are-to-blame.html 10 comments crypto
- Introducing Snallygaster - a Tool to Scan for Secrets on Web Servers https://blog.hboeck.de/archives/892-introducing-snallygaster-a-tool-to-scan-for-secrets-on-web-servers.html 4 comments netsec
- How I tricked Symantec with a Fake Private Key https://blog.hboeck.de/archives/888-how-i-tricked-symantec-with-a-fake-private-key.html 32 comments netsec
- How I tricked Symantec with a Fake Private Key https://blog.hboeck.de/archives/888-how-i-tricked-symantec-with-a-fake-private-key.html 5 comments crypto
- The Problem with OCSP Stapling and Must Staple and why Certificate Revocation is still broken https://blog.hboeck.de/archives/886-the-problem-with-ocsp-stapling-and-must-staple-and-why-certificate-revocation-is-still-broken.html 9 comments netsec
- Passwords in the Bug Reports (Owncloud/Nextcloud) https://blog.hboeck.de/archives/885-passwords-in-the-bug-reports-owncloudnextcloud.html 48 comments netsec
- Pwncloud – Bad crypto in the Owncloud encryption module https://blog.hboeck.de/archives/880-pwncloud-bad-crypto-in-the-owncloud-encryption-module.html 2 comments coding
- Pwncloud – bad crypto in the Owncloud encryption module https://blog.hboeck.de/archives/880-pwncloud-bad-crypto-in-the-owncloud-encryption-module.html 19 comments netsec
- Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections https://blog.hboeck.de/archives/876-superfish-2.0-dangerous-certificate-on-dell-laptops-breaks-encrypted-https-connections.html 135 comments netsec
- About the supposed factoring of a 4096 bit RSA key https://blog.hboeck.de/archives/872-about-the-supposed-factoring-of-a-4096-bit-rsa-key.html 16 comments netsec
- How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security https://blog.hboeck.de/archives/869-how-kaspersky-makes-you-vulnerable-to-the-freak-attack-and-other-ways-antivirus-software-lowers-your-https-security.html 30 comments technology
- Software Privdog worse than Superfish https://blog.hboeck.de/archives/865-software-privdog-worse-than-superfish.html 6 comments programming
- Certificate Authority Comodo ships Adware Privdog worse than Superfish https://blog.hboeck.de/archives/865-comodo-ships-adware-privdog-worse-than-superfish.html 3 comments netsec
- Internet security provider Comodo ships adware (Privdog) which can be considered worse than Superfish https://blog.hboeck.de/archives/865-comodo-ships-adware-privdog-worse-than-superfish.html 4 comments technology
- What the GHOST tells us about free software vulnerability management https://blog.hboeck.de/archives/864-what-the-ghost-tells-us-about-free-software-vulnerability-management.html 23 comments linux