Stand Up for Strong Security

Certain factions within the US Congress and the FBI are insisting on the government requiring US technology companies to grant the government special access to devices and cryptographic measures. In essence, they are asking for US technology to be insecure by design.
Adding a backdoor for US government agencies is possible but there are serious implications for the future.

Continue reading Stand Up for Strong Security

Hardening Postfix

While there are plenty of good (and not so good) anti-spam solutions available, most of them cost a bit of money in terms of purchasing and licensing fees. Even without a dedicated appliance, there are several ways you can harden the Postfix MTA against spam and other internet nasties. In this article, we’re going to look at some ways of hardening postfix that I’ve found effective. Continue reading Hardening Postfix

Using blacklists with iptables

If you have any kind of system connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blacklist to use with iptables. Continue reading Using blacklists with iptables

Another letter from Ivo

Dutch minister of Justice Ivo Opstelten is certainly being a busy boy. Just a few days have passed since his last letter and now he has written another one, equally worrying or perhaps more so. In short, he is suggesting in an as yet not public letter that the Dutch police should have the right to hack. Excuse me? Yes, a right to hack. Continue reading Another letter from Ivo

“Hand over those decryption keys…or else”

Another day, another worrying proposal from the Dutch government. As we await the formation of a new cabinet, Dutch minister of Security and Justice, Ivo Opstelten is seeking to change Dutch law to make it mandatory for suspects of certain crimes to hand over their decryption keys so that law enforcement officers can have access to their private data. Failure to comply would constitute a criminal offence. Continue reading “Hand over those decryption keys…or else”

Convergence, an alternative to Certificate Authorities

In the aftermath of the Diginotar hack, I wrote an article that mentioned we needed a silver bullet to solve the problems with the current state of SSL and certificate authorities. Of course the Internet wouldn’t be the Internet if such a silver bullet didn’t emerge sooner or later. Famous hacker Moxie Marlinspike has announced Convergence, a tool to verify the identity of websites without the need for a Certificate Authority. Continue reading Convergence, an alternative to Certificate Authorities