Just a quick one to improve things! Beginning January 2020, SSLLabs.com will give you a grade B if you still have TLS 1.0 or 1.1 enabled, as it's considered insecure. The following is an example warning you might see: Screenshot of warning on ssllabs.com So let's disable that weak stuff, [...]
SMS 2FA: Two Factor Authentication by SMS.In many cases, it's better to not have 2FA than SMS 2FA. As a rule of thumb, don't ever hand out your mobile number to sites. The problem with SMS authentication SMS authentication is completely insecure, as has been proven multiple times in the [...]
It's way too simple! HSTS further protects your HTTPS enabled website. Read on to figure out how enable it in Apache2 and also why you want it! Prerequisites HTTPS already working with legit certificate, no browser errorsApache mod_headers enabled Enabling mod_headers On a Debian based system, simply run: a2enmod headers [...]
What is HSTS and do I want to enable it?If you are a website owner or admin, keep reading to know more! Imagine you are browsing to your online banking page. You are redirected to HTTPS automatically every time, you sign in and do your business privately and all is [...]
Useful to use SSH securely using a smart card / hardware token / yubikey / etc. Prerequisites Of course, you need to have GPG installed on your system, and possibly some drivers and applications to support your smart card / hardware token if used. This guide assumes you already have [...]
This is just a quick post to share a hardened gpg.conf Usually stored in ~/.gnupg/gpg.conf personal-cipher-preferences AES256 AES192 AES personal-digest-preferences SHA512 SHA384 SHA256 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 charset utf-8 fixed-list-mode no-comments no-emit-version [...]
Enhance your privacy and security with this guide! If you don't know what DoT or DoH are, check out my earlier post! This guide assumes you are running the latest version of Firefox, which you should be doing anyway, as it's important to keep your browser up to date for [...]
Here are just some DNS over TLS and DNS over HTTPS providers to get you started, but there are many more and you should evaluate your options. Make sure to check each provider's privacy policy. Please note that the following are not links! They are the addresses you need to [...]
DNS over TLS is long over due, and here's why. Should I care and does it affect me? Yes. TLS or Transport Layer Security, is the same technology that protects your browsing when using HTTPS. It basically wraps HTTP into a secure tunnel, so that no one can see or [...]
Encrypted DNS is a must, and easy to set up! Android 9 even has the option built-in! And as a bonus, ad blocking! Android 9 and later (built-in) Android Pie only supports DNS over TLS. To enable this on your device: Go to Settings → Network & internet (or Connections) [...]