#security (2019-09)

Archive: https://archive.sweetops.com/security/

2019-09-02

2019-09-04

btai avatar
btai
06:48:52 PM

is there more of a security risk having SHA1 (i.e. AES128-SHA, ECDHE-ECDSA-AES128-SHA) ciphers in the ELB TLS security policies?

Maciek Strömich avatar
Maciek Strömich
09:12:55 AM

as always, it depends

Maciek Strömich avatar
Maciek Strömich
09:16:44 AM

here’s more on the subject. https://wiki.mozilla.org/Security/Server_Side_TLS

btai avatar
btai
05:33:49 PM

thanks!

2019-09-05

Maciek Strömich avatar
Maciek Strömich
07:59:42 PM

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

grsecurity - Teardown of a Failed Linux LTS Spectre Fix

grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration.

2019-09-10

Jonathan Le avatar
Jonathan Le
12:15:04 AM

Anyone have experience with running Palo Alto networks firewalls at scale on AWS?

2019-09-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:09:09 AM

https://smallstep.com/blog/use-ssh-certificates/

If you’re not using SSH certificates you’re doing SSH wrongattachment image

SSH has some pretty gnarly issues when it comes to usability, operability, and security. The good news is this is all easy to fix. SSH is ubiquitous. It’s the de-facto solution for remote administration of *nix systems. SSH certificate authentication makes SSH easier to use, easier to operate, and more secure.

1
kskewes avatar
kskewes
05:24:56 AM

How does this compare to teleport by gravitational? Looks very similar.

If you’re not using SSH certificates you’re doing SSH wrongattachment image

SSH has some pretty gnarly issues when it comes to usability, operability, and security. The good news is this is all easy to fix. SSH is ubiquitous. It’s the de-facto solution for remote administration of *nix systems. SSH certificate authentication makes SSH easier to use, easier to operate, and more secure.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:25:21 AM

Yep. This is what teleport does (and then some!)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:25:36 AM

teleport adds full TTY session logging and replay which is priceless. no other solution has that.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:25:56 AM

@kskewes do you use teleport?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:26:31 AM

This article goes more into the theory of why you should do it and how you would do it with off the shelf open source software.

kskewes avatar
kskewes
05:30:25 AM

Thanks for quick reply. I only skimmed the article but it looks good whichever way one goes. I’ve been wanting to roll out teleport for a year but other projects keep leap frogging it. So not yet… :(

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:32:53 AM

Are you on k8s?

kskewes avatar
kskewes
06:35:38 AM

Mostly. We have some bare metal with GPU that we will move to VM soon. We’re about to embark on migration to AWS from IBM.

2019-09-16

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
04:17:56 PM

https://news.google.com/articles/CAIiEAhcXDko5oK2fjFI00SgqecqFQgEKg0IACoGCAowrqkBMKBFMMGBAg?hl=en-US&gl=US&ceid=US%3Aen

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leakattachment image

Google Project Zero security researcher reveals that the LastPass password manager could, somewhat ironically, leak the last password you used to any website you visited

Igor avatar
Igor
08:08:07 PM

Thanks for sharing, Erik

    keyboard_arrow_up