Microblog



October 19, 2020 | 08:00

RFC 8461 MTA-STA

This weekend I was very active in improving my own security. I have also found two neat tools for quality testing which are Hardenize1 and DNSViz2 - both added to my Micro-Blog post “Measuring website quality”. On my own mailserver I have implemented MTA-STA according to RFC 84613 incl. reporting. This standard is quite new (2018) and is particularly suitable for servers without DANE4. However, even without DANE I believe that I have the best and most complete server by standards (DKIM, SPF, DMARC, MTA-SRA, TLS-RPT, TLS1. Read more

October 18, 2020 | 12:20

Conditional Logging with Apache

I’ve started using Apache-Exporter1 for monitoring and checking this weekend how useful it is and how it can be integrated into my Prometheus2 monitoring enviroment. The server-status requests inevitably lead to more “background noise” in the Apache logfiles. The screenshot below clearly shows in the upper less section: Of course the requests cannot be prevented, but you can manipulate what Apache writes in its logfiles. It’s called conditional logging and allows you to set variables with SetEnvIf3 to any regex on each request. Read more

October 13, 2020 | 13:01

Security, Risks, Liability and Audits

I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager: We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us. Well, unfortunately I did not attend a judicial exam but when I read the Microsoft EULA1 regarding risks and liability, I consider the circumstances slightly more differentiated: Read more

October 12, 2020 | 08:25

Webinar: Security of Conferencing Software

Within a " digital breakfast " I will give a presentation for the DigiNet Südwestfalen at November, 3rd 2020, 08:30 am at my own Conferencing-Server Topic: “Security of Conferencing Software” giving Stakeholders and Decision-Makers Orientation for risk-assesment. This is a non-public event, please register via Sonja Pfaff on the DiginetSWF Website. About DigiNet Südwestfalen: In early 2019, the Transferverbund Südwestfalen started to track down service providers and networks active in the field of digitalization in South Westphalia as part of the NRW. Read more

October 8, 2020 | 10:02

BSI warns about Exchange

40.000 Companies in Germany affected The BSI (German Federal Authority for Informationsecurity) warns with the second highest level “orange” (= the IT threat situation is mission critical. massive disruption of regular operations) in the public media1. Around 40,000 companies in Germany alone are affected by several critical vulnerabilities because security updates have not yet been installed2. In fact, Heise speaks of playing Russian roulette3. It’s not without reason that I have been warning for several years now about interlocking internal AD and internet functions like Microsoft does deliberatly. Read more

© 2020 Tomas Jakobs - Imprint and Legal Notice