PKI, or Public Key Infrastructure, is the general term used for establishing and managing public key encryption, one of the most common forms of internet encryption. It is baked into every web browser (and many other applications) in use today to secure traffic across the public internet, but organizations can also deploy it to secure […]
A short note on Red Hat’s recent decision to restrict access to RHEL source code … What’s this all about? In 2020, Red Hat stopped providing Centos as an upstream project to RHEL (near the beginning of the support cycle for v8). Considering that Centos was used as a binary-compatible version of RHEL by many […]
There are a couple of areas in IT security that are often glossed over or deemed as unimportant. The DNS service is one of these, and ignored at our own peril. Let’s do a deep(-ish) dive into this often misunderstood service that is critical to everyone’s IT infrastructure. First, some background … DNS as a […]
One would think that your authenticator app would be a secure app? Right? But what happens when your authenticator app tracks your usage and records your behaviours? Well it seems that this is a fairly common practice amongst even the most popular of apps. Naomi Brockwell recently did a YT video discussing the results of […]
I wrote an article in 2020 about SSL/TLS Certificate lifetimes, the upshot of which was that the certificate/browser industry had just moved to 1yr (398 days to be precise) certificate expiries. I noted the following: There have been a number of attempts over the years to reduce the lifetime of certificates as they apply to […]
Password managers have seen a new focus (both good and bad) over the last couple of years especially in mainstream news and media. With security folk like Rachel Tobac and Shannon Morse pushing the security mantra (in a relatable way), a lot more people are seeing the light so-to-say and coming around to the fact […]
Structured IT Security is generally seen as the domain of the medium to large enterprise as it can be an expensive exercise to implement properly, and requires hard-to-find skills. However, there are a lot of areas a small business can tackle to improve their security status considerably without breaking the bank. I’ll simplify this process […]
Do Not Track It’s quite amazing to think that DNT or Do Not Track was first proposed back in 2009 – 13 years ago. This was a first-stab method at the issue of website privacy and the horrendous marketing machine that is the internet. DNT was designed to allow users to opt-out of website tracking, […]
Keeping yourself secure on the internet remains a very important component of our daily lives seeing as internet access is so ingrained in day-to-day activities. Think ride sharing, online banking, retail shopping, email and so on. Social media specifically remains a prime attack vector for malicious activities impacting on many internet users’ security. Yet the […]
SD-WAN (software defined WAN) is a topic that is much discussed in the last couple of years but one that is also the least understood. One of the reasons for this is that there are different implementations of SD-WAN leading to misunderstandings in how SD-WAN is used. So what is SD-WAN? It’s an overlay technology […]
IT and Network Security is a tough arena. Keeping networks, systems and data secure from what can only be called a total onslaught of malware and other malicious attacks, is a difficult task. What makes the task even more difficult is the general indifference of (especially) SMEs to the potential harm that can be caused […]
Facebook’s recent update of the Terms of Service for Whatsapp has got a lot of people riled up. And quite rightly so. The core of this issue is not privacy of information as many believe, but rather pure business economics – let’s cover the basics first. There are 2 primary considerations for using cloud services […]
