#security (2019-09)

Archive: https://archive.sweetops.com/security/

2019-09-16

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak attachment image

Google Project Zero security researcher reveals that the LastPass password manager could, somewhat ironically, leak the last password you used to any website you visited

imiltchman avatar
imiltchman

Thanks for sharing, Erik

2019-09-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
If you’re not using SSH certificates you’re doing SSH wrong attachment image

SSH has some pretty gnarly issues when it comes to usability, operability, and security. The good news is this is all easy to fix. SSH is ubiquitous. It’s the de-facto solution for remote administration of *nix systems. SSH certificate authentication makes SSH easier to use, easier to operate, and more secure.

1
kskewes avatar
kskewes

How does this compare to teleport by gravitational? Looks very similar.

If you’re not using SSH certificates you’re doing SSH wrong attachment image

SSH has some pretty gnarly issues when it comes to usability, operability, and security. The good news is this is all easy to fix. SSH is ubiquitous. It’s the de-facto solution for remote administration of *nix systems. SSH certificate authentication makes SSH easier to use, easier to operate, and more secure.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep. This is what teleport does (and then some!)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

teleport adds full TTY session logging and replay which is priceless. no other solution has that.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@kskewes do you use teleport?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

This article goes more into the theory of why you should do it and how you would do it with off the shelf open source software.

kskewes avatar
kskewes

Thanks for quick reply. I only skimmed the article but it looks good whichever way one goes. I’ve been wanting to roll out teleport for a year but other projects keep leap frogging it. So not yet… :(

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you on k8s?

kskewes avatar
kskewes

Mostly. We have some bare metal with GPU that we will move to VM soon. We’re about to embark on migration to AWS from IBM.

2019-09-10

Jonathan Le avatar
Jonathan Le

Anyone have experience with running Palo Alto networks firewalls at scale on AWS?

2019-09-05

Maciek Strömich avatar
Maciek Strömich
grsecurity - Teardown of a Failed Linux LTS Spectre Fix

grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration.

2019-09-04

btai avatar

is there more of a security risk having SHA1 (i.e. AES128-SHA, ECDHE-ECDSA-AES128-SHA) ciphers in the ELB TLS security policies?

Maciek Strömich avatar
Maciek Strömich

as always, it depends

Maciek Strömich avatar
Maciek Strömich
btai avatar

thanks!

2019-09-02

    keyboard_arrow_up