The Ramblings of a Computer Geek
Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is […]
More...
The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD […]
More...
I had this issue today, on a host that had recently had a software upgrade. Problem: A host to which I was connecting with SSH gave this error: “Couldn’t agree a key exchange algorithm (available: Curve25519-sha256@libssh.org, ECDH-sha2-nistp521, ECDH-sha2-nistp384, ECDH-sha2-nistp256)”. Solution: In my case I updated to a later release of Putty.exe and the issue was resolved. […]
More...
So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]
More...If you need to SSH to a host but don’t have direct SSH access, you can perform a reverse SSH tunnel. For this you need a host that will except inbound connections to work as a “jump host”, it is possible without it, where you could SSH back to your client computer; however for the […]
More...
So looking for something to use your Raspberry Pi for? I had a Mk1 Raspberry Pi laying around and thought it might be good to set it up as a SSH gateway, so I could easily and securely access my home machines when out and about. These instructions assume you have a Raspberry Pi which […]
More...