VirtualTam's bookmarks

21. Firezone - WireGuard-based VPN server and firewall 2023-08-30

    tags: network/udp, network/vpn/wireguard, security

    [ permalink ]

    • https://www.firezone.dev/
22. HAProxy - TLS Termination Setup 2023-07-24

    tags: cryptography/encryption, network/http, network/http-server/haproxy, network/reverse-proxy, network/transport-layer-security, security

    [ permalink ]

    • Traffic Routing - Rewrite Requests
    • Client IP Preservation - X-Forwarded-For
    • HAProxy & HTTP Strict Transport Security (HSTS)
    • Secure Cookies Using HAProxy Enterprise
23. Web Security Cheat Sheet | Mozilla Infosec 2023-07-23

    tags: network/http, network/http/cookie, network/transport-layer-security, programming/html, programming/javascript, security, web

    [ permalink ]
24. How to manage CVE security vulnerabilities with Grafana, MergeStat, and OSV-Scanner 2023-06-12

    tags: database, observability/grafana, security

    [ permalink ]

    • google/osv-scanner
    • OSV - A distributed vulnerability database for Open Source
    • mergestat/mergestat
25. passkeys - Hello passkeys! Goodbye passwords. 2023-06-11

    tags: cryptography/public-key-infrastructure, internet/browser/chrome, internet/browser/firefox, mobile/android, mobile/ios, security/authentication

    [ permalink ]

    Passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing-resistant.

    • https://fidoalliance.org/passkeys/
    • Apple Developer - Passkeys Overview
    • Apple Support - About the security of passkeys
    • Google Identity - Passwordless login with passkeys
    • Google Blog - The beginning of the end of the password
    • Google Security Blog - So long passwords, thanks for all the phish
    • Chromium BLog - Introducing passkeys in Chrome
    • Tailscale doesn't want your password
    • Tailscale - Custom OIDC Providers
    • YubiKeys, passkeys and the future of modern authentication
    • A Yubico FAQ about passkeys
    • Why Passkeys Will Be Simpler and More Secure Than Passwords
    • Passkeys: A shattered dream
26. WebAuthn - An API for accessing Public Key Credentials 2023-06-11

    tags: cryptography/public-key-infrastructure, internet/browser, security/authentication

    [ permalink ]

    The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public key cryptography instead of a password.

    • Guide to Web Authentication
    • Asynchronous Remote Key Generation: An Analysis of Yubico’s Proposal for W3C WebAuthn [PDF]
    • Issue 664630: Web Authentication API for Chrome
    • Bugzilla - [meta] Update WebAuthn JS API to the L1-REC spec
    • keepassxc#1870 - Feature Request: Integration with the Web Authentication API
27. Legacy Rails: Silently Judging You 2023-06-03

    tags: framework/ruby-on-rails, legacy, programming/ruby, security/audit

    [ permalink ]

    How can you judge the quality of a legacy Rails application?

    • bundler-audit
    • rails-erd
28. OpenSSL Cookbook 2023-05-31

    tags: cryptography/certificate, network/http, network/transport-layer-security, openssl

    [ permalink ]

    The definitive guide to using the OpenSSL command line for configuration and testing.

    Topics covered in this book include:

    • key and certificate management,
    • server configuration,
    • a step by step guide to creating a private CA,
    • testing of online services.
29. authentication - What should be the valid characters in usernames? 2023-02-27

    tags: security/authentication, user

    [ permalink ]
30. Debugging Certificate Errors 2023-02-18

    tags: cryptography/certificate, curl, network/http, network/transport-layer-security, openssl

    [ permalink ]

    • https://www.netmeister.org/whatsthatcert/
31. badssl.com - Memorable site for testing clients against bad SSL configs 2023-02-18

    tags: cryptography/certificate, internet/browser/chrome, network/http, network/transport-layer-security

    [ permalink ]

    • https://github.com/chromium/badssl.com
32. Fake Dog for Home Security 2022-12-15

    tags: diy, dog, internet-of-things, security, sensor

    [ permalink ]

    • https://news.ycombinator.com/item?id=32250487
33. LWN - Identity management for WireGuard 2022-12-14

    tags: network/vpn/wireguard, security, security/authentication, security/authorization, security/oauth, security/openid

    [ permalink ]
34. Signing Git Commits with Your SSH Key 2022-09-15

    tags: network/ssh, security, source-code-management/git

    [ permalink ]
35. Cloudflare Research | OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks 2022-07-12

    tags: cryptography/encryption, security/authentication, security/password

    [ permalink ]

    • https://blog.cloudflare.com/opaque-oblivious-passwords/
    • OPAQUE: An Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks
    • https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-opaque
    • https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/
36. authentik - an open-source Identity Provider focused on flexibility and versatility 2022-07-12

    tags: configuration-management/terraform, identity, programming/go, programming/python, security/authentication, security/authorization

    [ permalink ]

    • https://github.com/goauthentik/authentik
    • https://github.com/goauthentik/terraform-provider-authentik
37. lldap: Light LDAP implementation 2022-07-12

    tags: network/ldap, programming/rust, security/authentication, security/authorization

    [ permalink ]
38. How can I run ssh-add automatically, without a password prompt? 2022-06-28

    tags: command-line, network/ssh, security/authentication

    [ permalink ]

    • https://www.openssh.com/txt/release-7.2
    • https://unix.stackexchange.com/questions/269121/openssh-have-ssh-add-keys-to-agent-as-needed

    Host blah
    AddKeysToAgent yes
    ForwardAgent   yes
    

39. TLS Expiry and Uptime Monitor for URLs - Prometheus Blackbox | Grafana 2022-05-01

    tags: network/transport-layer-security, observability/grafana, observability/time-series/prometheus

    [ permalink ]

    • https://prometheus.io/docs/guides/multi-target-exporter/
    • https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
40. NanoID: A tiny (130 bytes), secure, URL-friendly, unique string ID generator for JavaScript 2022-04-03

    tags: database, programming/api, programming/go, programming/javascript, security/authentication

    [ permalink ]

    • https://zelark.github.io/nano-id-cc/
    • https://github.com/matoous/go-nanoid
    • https://planetscale.com/blog/why-we-chose-nanoids-for-planetscales-api