All posts in Uncategorized

How to Install a SSL Certificate on Nginx

by gyp on July 15, 2012 in internet, Uncategorized with 1 Comment
Uber Vault

Last time I showed how easy it is to create an SSL request on Nginx, this time I’ll show you how easy it is to get your site up and running with it.

You are going to need your server.key file we created last time and the text of the SSL certificate.  Most keys I’ve ever bought provide you with the actual file and the text in the email for your key.

Continue reading →

Responding to a Website Defacement

by gyp on June 19, 2012 in internet, Uncategorized with 1 Comment
graffiti

I have recently been approached following a successful defacement of a clients websites.  These sites were not ecommerce related, and they didn’t store any information regarding individuals, customers, staff, etc.  They were just examples of ‘normal’ business websites for trying to do business in the 21st Century.

Their websites had been targeted and defaced.  When we first arrived we were not sure how it had been compromised or how the compromise was effecting the site, we just knew it had been.  The important thing to bear in mind is that you can be bringing the site back online while at the same time keeping the defaced website for investigation.

We were amazed when we couldn’t find any specific details for how to deal with website defacements, so we had to come up with our own best practice.  We did found plenty about “deface website” however very little of it was useful for our requirements.

Continue reading →

How Secure is Your Password? Rainbow Tables Online

by gyp on August 3, 2011 in Uncategorized with 6 Comments
xdecryptcom_hashes

Wow, just wow, came across http://xdecrypt.com/ the other day, it’s a huge online resource full of hash values and their corresponding plain text strings.

Like most people, I am human and don’t have a limitless brain for remembering secure and one off passwords, so I tend to recycle about a dozen.  Dependant on how damaging access to the site would be depends on what password I use.  Also I don’t like pointing accounts to other accounts (ie registering on forums with the same password as the mail account etc) just common sense I guess.  My passwords are on a sliding scale of complexity, sometimes I’ll apply a unique salt myself, but not always.

Continue reading →