Author Archives: mike

Do You Like Justin Bieber?

On of the stories I was reading this morning mentioned that some of those with Nest security cameras have been subjected to hack attacks. One of the attacks they were subjected to were hackers asking Alexa to play Justin Bieber … Continue reading

Posted in Active Attacks, Passwords | Leave a comment

There Is No Such Thing As A Secure Web Site

On the left-hand side of the location bar, your browser will show you something like :- Which is entirely correct and incorrect at the same time. To be precise, what that little label (and the alternative green one) means is … Continue reading

Posted in General | Tagged , | Comments Off on There Is No Such Thing As A Secure Web Site

The Latest Phishing Attack

I have just been alerted to yet another phishing attack that works by sending web links via email to a “secure message” (or in the example no words at all). The link of course takes you to a malicious site … Continue reading

Posted in Email, Passwords | Tagged | Comments Off on The Latest Phishing Attack

The New GlobalProtect VPN Client

The new GlobalProtect VPN client will be made live in the coming weeks. This version has a number of usability enhancements (it looks prettier), so it is worth documenting those visibility changes. The task bar icon has changed and shows … Continue reading

Posted in General, VPN | Comments Off on The New GlobalProtect VPN Client

Using The VPN For General Internet Protection

Using the VPN is generally seen as a way of using UoP services remotely in a relatively safe way, but it does actually offer another advantage for using generic Internet services – because the VPN goes through the UoP firewall, … Continue reading

Posted in Firewall, General | Tagged , | Comments Off on Using The VPN For General Internet Protection

Checking The Safety of Websites

With all the different dodgy web sites out there, and all the emails trying to encourage us to visit them, it is perhaps time to look at some web sites that can be used to check the trustworthiness of web … Continue reading

Posted in General | Comments Off on Checking The Safety of Websites

Apache: Reducing Information Leaked Through The Headers

Apache by default announces all sorts of information about itself when you make a connection to it :- $ lynx -head http://some-server-fqdn/ HTTP/1.1 302 Found Date: Thu, 31 May 2018 12:18:22 GMT Server: Apache/2.2.15 (CentOS) Location: https://t-oala-idp-01.iso.port.ac.uk/ Connection: close Content-Type: … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Reducing Information Leaked Through The Headers

Apache: Disabling Directory Indexes

One of the features of Apache that can cause security issues (or at least those who audit security issues may complain about it) is the ability to produce a file listing of a directory if there is no index page … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Disabling Directory Indexes

Apache: Disable the ETag Header

By default, the Apache web server has an information disclosure vulnerability where the ETag header shows information about the file containing the object in question. This┬ácan contain an “i-node” value which in combination with the use of NFS can permit … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Disable the ETag Header

Apache: Disabling TRACK and TRACE Methods

By default Apache supports a number of HTTP methods in addition to the ones we normally use – GET (to get objects) and PUSH (to push form data although you can send form data with GET too). These additional methods … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Disabling TRACK and TRACE Methods