The Ramblings of a Computer Geek
Email was never designed to be secure, anyone can use your domain to send an email, “spoofing” as it is known. This can be useful to make sure your receive email if you are using a cloud hosting service, or it can be a complete nightmare; nefarious persons may spoof your domain to trick your […]
More...
There are a number of ways to protect your WordPress site, one of the best quick wins is to ensure that your Admin page cannot be accessed by any IP address on the Internet. If you have a static IP address (or a number of static IP addresses), then the below will allow you to […]
More...
Emails crossing the internet use secure connections encrypted using Transport Layer Security (TLS). However, there remain vulnerabilities in this method of protecting the confidentiality of emails, whereby a person-in-the-middle can trick incoming connections to send to another server and/or send information in the clear. MTA-STS is a standard designed to address these vulnerabilities and is […]
More...
The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD […]
More...
I had this issue today, on a host that had recently had a software upgrade. Problem: A host to which I was connecting with SSH gave this error: “Couldn’t agree a key exchange algorithm (available: Curve25519-sha256@libssh.org, ECDH-sha2-nistp521, ECDH-sha2-nistp384, ECDH-sha2-nistp256)”. Solution: In my case I updated to a later release of Putty.exe and the issue was resolved. […]
More...
So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]
More...If you need to SSH to a host but don’t have direct SSH access, you can perform a reverse SSH tunnel. For this you need a host that will except inbound connections to work as a “jump host”, it is possible without it, where you could SSH back to your client computer; however for the […]
More...
So looking for something to use your Raspberry Pi for? I had a Mk1 Raspberry Pi laying around and thought it might be good to set it up as a SSH gateway, so I could easily and securely access my home machines when out and about. These instructions assume you have a Raspberry Pi which […]
More...