The X-Content-Type-Options header tells browsers to stop automatically detecting the contents of files. This protects against attacks where they're tricked into incorrectly interpreting files as JavaScript. Simply set the header to "nosniff". X-Content-Type-Options is a header supported by Internet Explorer, Chrome and Firefox 50+ that tells it not to load [...]
Does VMware Player or Workstation tell you that the Linux host does not support 3D acceleration and thus disables it? I might have the answer... "No 3D support is available from the host" Nasty error message! But we might be able to get things to work! First make sure you [...]
A simple command in PowerShell! Windows 10 has built-in networking and PUA protection. The network protection prevents you from connecting to known malicious domains, while the PUA protection warns you before installing potentially unwanted applications. In either case, to enable it, you'll want to enter the following command(s) into PowerShell [...]
Check out this official Microsoft site to get a free Windows virtual machine (VM)! Microsoft provides free windows virtual machines for developers to use, to develop for IE and Edge. And just to develop in general. Currently, you can choose between Windows 7, 8 and 10 VMs. All but Windows [...]
I'll show you a way around this!(Don't forget to read the notes on security below!) Start a new WSL session as you usually would.Type sudo EDITOR=nano visudo and hit enterUse your arrow keys to scroll to the end of the fileAppend the following username ALL=(ALL) NOPASSWD:ALL to the end of [...]
Cross-platform and easy to use! If you use a Raspberry Pi, you probably had to flash an "image" to SD card in the past. Or if you want to install Ubuntu from USB you had to write an ISO to a USB stick. There are many ways to do this [...]
Don't let just "anyone" issue a certificate for your domain! If you run your website, you probably secure it with HTTPS (if not, you really should). And if you're techy and smart, you're using Let's Encrypt to do so. This would mean that Let's Encrypt is your CA (Certificate Authority). [...]
Just a quick one to improve things! Beginning January 2020, SSLLabs.com will give you a grade B if you still have TLS 1.0 or 1.1 enabled, as it's considered insecure. The following is an example warning you might see: Screenshot of warning on ssllabs.com So let's disable that weak stuff, [...]
If you use Threema, you probably know of the "Threema Web" feature.But did you know it's open source? So what's Threema Web? It's basically a web application, that connects with your phone and allows you to chat on your desktop through the browser. You can see all your chats in [...]
SMS 2FA: Two Factor Authentication by SMS.In many cases, it's better to not have 2FA than SMS 2FA. As a rule of thumb, don't ever hand out your mobile number to sites. The problem with SMS authentication SMS authentication is completely insecure, as has been proven multiple times in the [...]