Category: Security

  • Site Upgrade

    I decided to upgrade my site to the new version of Ubuntu as I haven’t done that for a couple of years. It is always a nice thing to work on when I am on vacation as it is the sort of thing that I don’t really get around to normally when I am busy.…

  • Let’s Encrypt Wildcard Certs

    Recently Let’s Encrypt announced that they would be supporting wildcard certs. I was pretty excited to hear about this as many times I would like to get certs for machines that might not be accessible on the internet. Currently I didn’t see an easy way to do this. With the new certs you could get…

  • SSL Certificates and Google Domains

    Recently I ported my domain hosting from Godaddy to Google Domains. My main reason for doing so was to save money. Domain names on Godaddy cost $3 more per year, plus they charge you for privacy on whois searches whereas Google includes that for free. It was a fairly easy process to transfer my domain…

  • Spring Boot and Security using Spring Data JPA for authentication

    Recently one of my friends was working on a Spring Boot project and he was having trouble finding an example of how to configure user login for his site with Spring Boot using JPA. I had mentioned that there is some mention of configuring security in Greg Turnquist’s book Learning Spring Boot. He had just…

  • Let’s Encrypt

    I received an email a week or 2 ago that I was accepted into the EFF’s Let’s Encrypt Beta program to try out their new SSL certificate generation service. It uses the Automated Certificate Management Environment (ACME) protocol. I have been really interested in this program since it was announced as in the past when…

  • Security Headers

    I saw a post on twitter about Security Headers. Basically Security Headers will scan your website and check for some common HTTP Headers that you should be including to make your site more secure. They also include helpful links as to how to fix the issues it finds. On my first scanned it warned me…

  • The downside of updating your server config

    So a little while back when I had been playing with Pagespeed I somehow managed to break certificate stapling on my server. So when I ran the Qualys SSL Server Test my score had fallen to a B! I messed around and tried a few things and I had no luck getting it to work.…

  • EFF releases an SSL Configuration

    The Electronic Freedom Foundation has released a nice post on how one should configure their server to pass the Qualsys SSL Labs test with an A+. Given that when I initially setup my site it took me like 3 hours of messing around to get my site to pass with an A+ I figured I…

  • Spring Security 4.0

    I was checking the Spring Blog today to see what was new after taking much of the week off. I came upon the following entry. Of course I was very interested as Spring Security 4.0 has been hyped for a few months now so I figured I would check out the migration guide from 3.2…

  • Signal Messenger

    I just wanted to mention signal has been released so for all the iPhone users out there it is definitely worth installing. Signal is an implementation of Text Secure on IOS. Given the insecurity of text messages and how many other messengers have varying degrees of security Open WhisperSystems has released Signal. Some popular chat…