DNS Security Part 2: Is ECH saving us from MITM?
ECH is final piece of big privacy picture. When we connect to website, the TLS helps us with confidence, security but no privacy. The eyes of ISP still see y...
security
Retrieve kafka stream from unavailable place.
Problem I discovered some Kafka brokers. And when I consume topic, I get the error: failed to get offset for topic pushgatway_send Partition 3: dial tcp 172....
Extract passport NFC’s SoD certificate
NFC data is followed ICAO’s specification.
Google BeyondCorp Walkthrough
ZeroTrust is just a access context management Some years ago, I heard that zerotrust would become the future of security. Nowaday, I see zerotrust in every s...
TLS fingerprint and mobile security
The use case Mobile applications are replacing the traditional web applications. Some techniques are developed to identify the requests are coming from offic...
DNS Security: Part 1 which can we do if we manage the dns?
If you think dns only resolved the records, think it again. In IoT’s world, it involved more than a resolver.
Setup Macos smartcard login only
This page is for Silicon MacBook only. If you’re locked out from vault, press: Option+Shift+Return to input recovery code and login again.
[2023] New DNS Service announcement
In late March, we migrated from nginx to knot-resolver. Because of some problems with nginx, user’s switching network from LTE to wifi and vice versa cannot ...
Login SSH bằng VinCSS Fido2 key
Từ bản openssh 8.2 hỗ trợ sử dụng FIDO/U2F. VinCSS key chỉ hỗ trợ key dạng ecdsa-sk.
Login Linux bằng VinCSS Fido2 key
Fido2 là xu thế sử dụng passwordless đang được dùng rộng rãi. Nhân dịp vừa xin được key dùng thử thì mình setup login bằng vinccss key luôn.
Chuyện bounty ở công ty X
Một buổi sáng đẹp trời cậu em Phiêu Lãng gửi tôi một đường dẫn về một trang bugbounty mới của Việt Nam, tôi thấy thật tuyệt vì đây là nơi nhiều người anh em ...
New DNS Service announcement
[Updated on 8/12/2020] We migrated from dnsdist to nginx for perfomance.
Docker Security
Hôm nay tác giả đọc về docker, chợt nghĩ dùng docker để get root với một user thường, và tác giả giả lặp hành động đó như sau
Security
Fido2 and banking use cases
Fido2 is not only passwordless authentication, but also it can sign anything you need. Nowadays, we know Fido2 as passwordless authentication - which initial...
Fido notes
U2F vs Fido2 Fido U2F is renamed to CTAP1. FIDO UAF: FIDO Universal Authentication Framework. WebAuthn: New API supports passwordless login, compatible wit...
Could I read your PIN/PASSWORD from platform authenticator?
Android Accessibility Service Android provides accessibility service for disabilities people. This service can access all events on phone’s screen. The secur...
How do we validate NFC ID card correctly?
NFC ID Card - new challenge for fraudsters. NFC ID card is new challenge for fraudsters and banking/fintech. Based on cryptography, the data on card must be ...
linux
Bash redirection
Hôm rồi tác giả có vá tập tin installer viết bằng bash với lewtds, thấy vấn đề redirect trong linux khá thú vị với case như sau, chắc hẳn giờ sẽ có câu trả l...
Wordpress, Varnish và permission
Wordpress chmod:
Mobile
Certificate Transparency and Mobile Security
Introduce about Certificate Transparency Web Public Key Infrastructure (Web PKI) helps us on privacy and security. Trusted Certificate Authorities issue cert...