After the GhostProject started offering access to 1.4 billion credentials in the form of usernames with clear text passwords, I’ve seen an expected increase in attacks against customers e-mail accounts.
This week Google went ahead and removed support for HTTP Public Key Pinning (HPKP) from Chromium after some initial stumbles. The change was committed and tagged for Chromium 72.0.x and can now be observed by users of Chrome Canary.
Gentoo developers recently marked mod_security-2.9.1 and modsecurity-crs 3.0.2 as stable on amd64, thus allowing me to move on from the dormant ModSecurity 2.7.7 release. Good thing I got this update on a Sunday though as it turned out to be more than a simple drop in replacement.
Why on earth would there ever be a need to write such an article one might ask? Well, the current Outlook Office 365 version had me puzzled as I was unable to manually configure an IMAP account according to my preferences. Apparently, “set up your account manually” now translates to let Outlook autoconfigure the account.
PHP 7.2 just went stable on amd64 providing me with an opportunity to finally migrate away from PHP 7.0. Unlike the PHP 7.1 releases, PHP 7.2 offers significant performance improvements.
Gentoo recently marked Tor 0.3.4.7 as stable on amd64 so without further ado I’m launching my v3 onion. This hidden service is available at the following 56 bit long address: 4hpfzoj3tgyp2w7sbe3gnmphqiqpxwwyijyvotamrvojl7pkra7z7byd.onion
I recently got the opportunity to discover how long Google would keep showing my content on the search engine result pages when my web server was unavailable. Predictably, I only had a short window of time before my content got removed. And the first content to go was my top ranking pages.
So I had just implemented DomainKeys Identified Mail (DKIM) on a Postfix server and was confident that the signing process was correct, but on testing, the recipient’s SMTP server insisted that the message had failed authentication due to an invalid public key.
I have previously postponed the removal of my Google account from my Android phone as I expected it to be a troublesome and tedious process. However, last week I spent a day removing apps installed through Google Play and replaced them with free and open-source software alternatives as provided by F-Droid.
I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.