Estimating and securing IT risks as best as possible is at the top of the agenda for IT and security officers in many companies. Numerous insurers now offer cyber insurance for the companies against theft, hacking, data destruction, extortion, denial of service attacks and so on. Risks under these insurance titles are typically excluded from traditional policies or are not specifically defined in … [Read more...]
What is Asymmetric Cryptography?
Asymmetric cryptography or two-key cryptography is the cryptographic method that a pair uses of keys for sending messages. The two keys belong to the same person who will receive the message. One key is public and can be delivered to anyone, the other key is private and the owner must keep it so that no one has access to it. In addition, cryptographic methods guarantee that this key pair can only … [Read more...]
Let’s Encrypt Effect : Huge Slash of Price of SSL/TLS DV and EV Certificates
It Was Probably Obvious When Let’s Encrypt Project Was Launched. In Reseller Market, There is Huge Slash of Price of SSL/TLS DV and EV Certificates, Which is Up to 70% of Official Price. Official Pricing However, Mostly Unchanged. Additionally, there has been services to deliver DV and EV certificates in Monthly plan like Software-as-a-Service. If you have 4+ old Geo Trust like SSL/TLS certificate … [Read more...]
Mirai Botnet : A Risk of Servers to IoT Devices
More and More Information Coming Out About Mirai Botnet. Mirai Botnet Was Risk of Servers and Also IoT Devices Including Some Consumer Grade Products. On October 21st 2016, Dyn was hit by a DDoS attack that created serious problems : the collapse of Dyn made unreachable for many hours the portals of the most notes from Silicon Valley (and more), from Amazon to Airbnb, PayPal, Twitter, Facebook … [Read more...]
How To Install Metasploit on Ubuntu 16.04 LTS To Test Security
White hat or Black hat, hacking demands good grasp of all sysadmin works. The usage style we show on this website are intended for testing security of own servers - that is white hat way. We have a list of essential security tools for GNU/Linux servers. Metasploit framework needs Ruby, Postgre SQL, Java etc. Here is how to install Metasploit on Ubuntu 16.04 LTS to test security of servers. Off … [Read more...]
How To Install, Configure & Run Malware Detect (maldet) On Linux Server
Previously, we talked about a bunch of anti malware for GNU/Linux servers. That list essentially was for the purpose of our future guides around those softwares. Here is a step by step complete guide on how to install, configure & run malware detect (maldet) on linux server with Ubuntu server commands as example. Reader needs not much experience to get used and work. Again - Linux Malware … [Read more...]
List Of Anti Malware For GNU/Linux Server
We noticed that we need to deliver guides around some known things which are possibly not known to the new users. Somehow, many we missed talking about them since the year 2010. Anti Malware is not a fully correct phrase for Linux but the meaning is obvious. Here is a usable list of Anti-malware for GNU/Linux server. Malware is a program that aims to disrupt the normal operation of a server. … [Read more...]
Wannacrypt Ransomware : Security Alert
Once again we should give thanks to Edward Snowden. WannaCry ransomware is a global attack. Wannacrypt encrypts whatever files it can find. After infecting, Wannacry ransomware possibly will display a screen on the infected system asking for $300 to $600 worth of Bitcoins to decrypt. Wannacrypt ransomware originated from NSA and now waiving the flag of Governmental democratic nuisance. It is not … [Read more...]
New Security Header : Expect CT Header Nginx Directive
At least Chrome going to require all certificates issued in October 2017 and onward will have to be logged in Certificate Transparency logs. That Certificate Transparency is via expect CT Header declaration. This guide shows deployment of Expect CT Header as Nginx directive. As we are not machines, we will talk a little bit on Certificate Transparency. Where From This Expect CT … [Read more...]
HTTPS Everywhere Atlas Vs HSTS Preload List
SSL rather TLS has been available to all after Let's Encrypt (project is certbot now) project became usable. In This Article We Have Explained Real Life Matters Around HTTPS Everywhere Atlas Vs HSTS Preload List For the WebMasters and Developers. We talked around Nginx configuration for HSTS, but with time things need update. HTTPS Everywhere Atlas Vs HSTS Preload List in … [Read more...]
What is CAA DNS Record And How to Add?
A decision of CA/Browser Forum taken in March 2017 by vote to make CAA mandatory which be in action by September 2017. Here is our guide around CAA DNS Record and how to add CAA DNS Record. Previously we discussed about DNS-based Authentication of Named Entities – DANE and how to add DANE. CAA stands for Certification Authority Authorization. What is CAA DNS Record? In this … [Read more...]