Someone "popular" on the security community on Twitter said to never host your own mail server...
Actually, do the opposite.
-Host your own mail server
-Host your own matrix homeserver
-Host your own mastodon instance
-Host your own DNS server if you can
Just do it securely and follow the good practices
Fight back on the centralization of the web.
WordPress users beware.
700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
great disclosure by the Wordfence team.
You know things are getting real when I move my flagship domain to the authoritative DNS at NOC.org!
"google is apparently taking down all/most fediverse apps from google play on the grounds that that some servers in the fediverse engage in hate speech"
A Criminal offered to a tesla
employee $500k to install ransomware their company network - but the employee went to the FBI.
And the criminal(s) got caught.
I have a lot of faith in the guys running that and this is really the only project I have that is critical to people other than myself so it is a good candidate. (to be clear, not involved in any way).
Free 14-day trial. Give it a whirl!
Really happy with the way the NOC.org availability and performance monitoring is working.
Global view of your site/domain from 10+ different locations - every minute.
If you have a website, try it out:
Demystifying Insecure Deserialization in PHP
Another university pays for ransom:
University of Utah pays $457,000 to ransomware gang
Seeing a few complaints lately about: https://search.noc.social/
Does anyone else find it useful?
Deciding if I should keep it running or just take it offline, if no on else finds value to look/search for accounts across instances.
Don't be shy, feedback (good or bad) is welcome!
For ISPs and telcos who have had a rubbish day because of the Equinix outage, this should probably be your evening reading.
QT decodedlegal: “Network operators: reporting obligations for reductions in availability”
A quick (but detailed) blogpost on when ISPs and telcos need to notify Ofcom because things have gone badly wrong and stopped working.
Part I of an unknown number of articles on securing your VPS to manage multiple websites.. :)
"It’s 2 am. Your phone starts to light up like a Christmas tree. PagerDuty is having a meltdown.. your slack notifications are hitting the notification thresholds.. Text messages are pouring in.. And you are sleeping.."
I will have a nightmare today after reading this horror story by @perezbox - happened a few times in the past.
Joking aside, great post showing how you can handle down times via DNS load balancing / failover.
Last week we introduced noc.org, here is a simple writeup how it could be used to ensure business continuity... let us know what you think.. https://perezbox.com/2020/08/unleashing-the-power-of-authoritative-dns/
Wow, China blocking HTTPS using TLS 1.3 w/ESNI because they can longer read the plain text in SNI fields. Previously used by the GFW for online censorship. What enterprise will be the first to do this? https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/
Really good read on how the FBI caught the "twitter hacker".
Bitcoin transactions *might* appear be anonymous, but they can give out enough information & patterns to connect it to someone - specially on a high profile case (well, and bad opsec).
Does your current DNS provider gives you visibility on your DNS traffic?
This is the data for one of our small domains: dnsblacklist[.]org.
Interesting to see that Google is the #1 resolver for it.. or the traffic per hour.. or the full logs..
Try it out:
Founder of CleanBrowsing, Sucuri and OSSEC. Former VP Engineering, GoDaddy - CTO, Sucuri. Builder and breaker by heart.
Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Managed by the noc.org team.