Category: security
-
A Legend in Someone Else’s Mind
So this is a self-indulgent whimsical interlude that’s overly long. Pull up a chair if you want, else, I hope all is well in your world. All that said – if there’s one thing I know, I’ve a vanishingly small idea of what people actually think of me. Honestly, I’m clueless is so many things,…
-
Remotely Access Live Supermicro Firmware+
TLDR; a vendor supported/supplied utility allows download of live BMC1 firmware/configuration on (at least) some SuperMicro BMCs. It’s hard to tell who might be affected, but the utility used was written by ATEN Technology, ASRock ASPEED, and others all seem to be connected in various ways in not only SuperMicro firmware but the rest of…
-
Kittens, Pr0n, and Bad Juju in the Blockchain
Modern digital currency mostly seem to revolve around a construct called a blockchain, which – by design – is a (mostly![1]) append-only distributed database that is intended to keeps all the transactions for all time. Blockchains use strong cryptographic methods to ensure its integrity and fidelity, and is typically decentralized, meaning that the entire chain…
-
how many factors, anyway?
I’ve been using Google’s 2 factor authentication for awhile now, it’s simple to use and seems effective (and is probalby the most commonly used 2F on earth.) But how many factors is it, really? But perhaps I could try to distill this even a bit more, and go radical… is the 2nd factor really necessary…
-
Security is….
I once had lunch with Paul Karger at IBM Watson labs while visiting my pal Wietse many years ago. I’d known he’d been around a long time… so I asked him what he thought security was, something that still confounds me. I find myself returning back to his answer: “security is when the money you…
-
The free certs from https://letsencrypt.org/ do indeed work as described. I wanted to check them out for some public facing services I wanted to run. To get the certificate you run a program on a host that DNS resolves to the cert you want to get – so if “foo.example.com” resolves to 10.6.6.6, you need to install…