Thoughts on security, privacy, and building software.
03 January 2017
Security 'hardening' is the process of raising the baseline security of a device. I harden every device I use. It's not my intention to provide a hardening guide here (I've linked several good ones at the end), but I did want to go through some of the resources available if you need to do this for a group of computers (your organisation, for example).
13 December 2016
PCI DSS is the Payment Card Industry Data Security Standard, and it is required for any merchant, payment processor, or service provider that interacts with cardholder data. I recently went through the process of implementing this standard, and I thought I would share some of my observations on the process.
23 October 2016
I've spent the last weekend attending Ruxcon 12, which is a technical security conference in Melbourne. For the benefit of those who weren't there, and because it helps me consolidate my own thoughts, I'd give the following review.
27 May 2016
Checking things at part of due diligence is rarely the most fun activity in the world, but it does have a habit of turning up some surprising things. I've been doing some compliance checking for PCI DSS recently, and it turns out a lot of the providers I thought were PCIDSS compliant (and claimed to be) aren't.
07 February 2016
According to Verizon, 9.4% of breaches last year occurred through vulnerabilities in web applications. A lot of these vulnerabilities were SQL injections and the like, which really shouldn't happen these days, especially when you consider that most professional companies should be using a framework for development. However, many of the other potential vulnerabilities can be reduced by tightening the scope of your server config.
08 January 2016
This isn’t really a cygwin post, but this site has now been given an encryption certificate via letsencrypt. The whole process on debian, from investigating what had to be done, cloning the git repo, and running the single command to create, retrieve and install 5 security certificates took about 3 minutes. Easily the most impressive security service I’ve seen.