Shell's TechBlabber

…ShelLuser blogs about stuff ;)

Computer security is NOT a product

At the time of writing I can’t access one of my favorite tech fora, which is the FreeBSD forum, because their certificate has expired. Seems somewhat sloppy indeed. However, what really upset me here was learning how my browser of choice (Opera) was now treating me like some sort of idiot.

It refused to give me access to the website because it deemed it “not private”. Which is not necessarily true because even an expired certificate can still be used for setting up an encrypted connection. But because the website opted for “HSTS” (which stands for HTTPS Strict Transport Security) it is impossible to access it anymore because most major browsers have opted to remove the feature which allows us to override this.

Which I think is utterly stupid. In fact: I think this nonsense can easily have the opposite effect of what was intended. I believe we’re in a period where many people seem to have a complete misconception about what security actually is and how it is achieved and maintained.

Continue reading

Advertisements

June 15, 2018 Posted by | Editorial, InterNet, Security | , , , | Comments Off on Computer security is NOT a product

DNSSEC: Massively overhyped?

Last year I got a little fed up with the Bind (“Named”) DNS server for reasons which I’ll explain further below, and I started digging into PowerDNS. A pretty solid project for sure and it definitely has some advantages over Bind. However, due to recent changes in the project I came to conclude that managing PowerDNS had become even more tedious than Bind originally was! That’s no good, so I decided to move back and because I was giving my setup a massive overhaul anyway I also started looking into DNSSEC. A topic which was still sitting on my TODO list. Yeah… Very important according to ICANN and ISC. But is it really? I have some serious concerns…

Continue reading

March 26, 2018 Posted by | Editorial, Security, TechBlabber | , , , , | 1 Comment