-
MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks
-
HomeCA: Scalable Secure IoT Network Integration
-
DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND
DNSSEC — the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely — is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern…
-
DDoS: What we can do to prevent it
Distributed Denial of Service, DDoS for short, is the shooting star in today’s Internet nightmare gallery. Here is a quick overview over what each and everyone of us can do to prevent his. And some hints at manufacturers and researchers.
-
Interoperable Chat in Your Web Browser: JSXC 3.0 released
Open, standards-compliant and interoperable chat sounds like a boon. However, proprietary and closed systems (WhatsApp, Facebook chat, Google Hangouts, …) are often easier to deploy, as they are nicely integrated in existing ecosystems. The freshly-released JSXC 3.0 shows that this is not necessary.
-
DNSSEC for .ch domains
This year, all owners of .ch domains need to switch from the DNS registry SWITCH to a new registrar. Getting an overview over these registrars is hard. Thankfully, Marc Wäckerlin has started the road to transparency with a price comparison of Swiss .ch domain registrars. Here, I extend his results with a survey of DNSSEC…
-
Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination
-
JSXC: Adding Encrypted Chat with 3 Lines of Code
-
DANE: The CA game changer
Securing the Internet is important. However, many design decisions are broken: For example, encrypted web pages are considered less secure than unencrypted pages, even outright dangerous, unless you regularly pay a lot of money to certificate authorities, which have shown to make the Internet less secure. The new kid on the block, DANE (DNS-based Authentication…
-
Disable client certificate requests for Cyrus IMAP
Cyrus IMAPd always asks for a client certificate. This can be unnerving for users running Thunderbird as their mail client which have a user certificate installed and are thus always asked whether they want to send it. (There is no way to tell Thunderbird not to send a client certificate, you can only select which…