Ctrl.blog

I’ve been an SELinux complexity apologist for years. Lately, I’ve concluded that every implementation with difficult-to-configure policies is just unmanageable.

OpenCore lets you run the latest MacOS on unsupported Apple legacy hardware (and PCs). But software that bypasses security restrictions requires a lot of trust.

I found an open redirect vulnerability in the Libravatar specification. An open-source avatar hosting API could be abused to redirect to untrusted websites.

Opening a pull request is all it takes to get a GitHub patch URL that’s indistinguishable from patches/commits that are a part of an open-source GitHub project.

A review/critique of the complexity, security, and unpredictable user experience of modern feature-laden copy–paste clipboards in today’s operating systems.

Superfeedr tried securing its website with HTTPS and HSTS, but failed to apply it correctly. User emails and credentials are sent in plain-text on the first login.

An automated naming scheme intended to rid the security research field of “sensational names” predictably creates sensational, ambiguous, and suggestive names.

A configuration error made the TeamViewer RPM repository vulnerable to an attacker-in-the-middle substituting TeamViewer with its own GPG keys and software.

Two-factor authentication requires users to commit to storing a secret code indefinitely. Popular apps lack tools to back up and data transfer those secrets.

Plan for the day your password manager stops working. Even if it’s a cloud service! Backing up your password manager is harder that it sounds.

OpenSMTPD recently had a critical remote code execution vulnerability. I look at how you can limit impact with systemd-service security directives.

Feb 2020 was full of email vows, both in the larger world and for the Ctrl blog newsletter. What happened and why you got an empty blog newsletter this week.

The systemd-analyze security command gives your systemd service units an automated security rating. This is a good starting point for security hardening.

A comparison of features, security, performance, and limitations of Firefox browser running in isolated sandboxes provided by Flatpak vs. Snap.

Windows opened from your website can redirect the opening tab to a new destination. Mitigations break window.open() functionality like sizing and positioning.

A quick tutorial for migrating from FirewallD and getting started with the Uncomplicated Firewall (UFW). Both are front ends for Linux’s iptables firewall.

My aging PC’s processor didn’t support a new Windows 10 security feature, enabled by default, causing it to become slow and unstable.

The recall of the Feitian MultiPass FIDO security key demonstrates why you always should use multiple security key products from different vendors.

A case study in how timely Firefox derived web browsers (Waterfox, Cliqz, Pale Moon, and Tor) ship critical security updates.

VPN providers are good advertisers and also pay good money to make even [formerly] reputable tech media websites “recommend” their services.

Comparison review of the two secure PGP-oriented email providers ProtonMail vs Mailbox.org. A huge price discrepancy for the same service.

Here are 6 services you can report malware websites and phishing emails to help make the internet a safer place for everyone.