November 19, 2020 | 15:50

Ghost Join in WebEx Conferernces

Due to a vulnerability (CVE-2020-3419), attackers could join Webex meetings without being listed in the participants list. Hidden as a “ghost” from the other participants, attackers could eavesdrop on audio and video content. This is what Heise writes in his article today.1 But this is only possible (…) if attackers have access to meetings in the form of shared links and a password. Sounds quite trivial, but it isn’t. Read more

November 13, 2020 | 10:30

Example for Digital Sovereignty

What a pity, this is exactly the scenario I first expected for Microsoft. But I’m not really surprised that Apple is now ahead, what happened? The ocsp.apple.com server was apparently down and/or unreachable between yesterday and today1. Unfortunately macOS tries to reach it every time an app is opened to check if a certificate has expired2 or an app has been retracted or some more magic. Of course this is not transparent, closed-source and therefore not verifiable. Read more

October 25, 2020 | 12:22

Whitebox-Monitoring with Prometheus

Winter is coming! Winter time has already arrived, and soon the Corona Lockdown aswell. Sitting at home in the warmth with a cup of tea, having a complete overview of the IT is a good feeling. The catchword here is “complete”. I don’t rely on traditional blackbox monitoring solutions1 but rather on the whitebox solution called Prometheus2. Behind Prometheus there is no single company but an initiative of various ones. The who-is-who of the tech industry with RedHat, Amazon, Apple, ARM and many others3. Read more

October 19, 2020 | 08:00

RFC 8461 MTA-STA

This weekend I was very active in improving my own security. I have also found two neat tools for quality testing which are Hardenize1 and DNSViz2 - both added to my Micro-Blog post “Measuring website quality”. On my own mailserver I have implemented MTA-STA according to RFC 84613 incl. reporting. This standard is quite new (2018) and is particularly suitable for servers without DANE4. However, even without DANE I believe that I have the best and most complete server by standards (DKIM, SPF, DMARC, MTA-SRA, TLS-RPT, TLS1. Read more

October 18, 2020 | 12:20

Conditional Logging with Apache

I’ve started using Apache-Exporter1 for monitoring and checking this weekend how useful it is and how it can be integrated into my Prometheus2 monitoring enviroment. The server-status requests inevitably lead to more “background noise” in the Apache logfiles. The screenshot below clearly shows in the upper less section: Of course the requests cannot be prevented, but you can manipulate what Apache writes in its logfiles. It’s called conditional logging and allows you to set variables with SetEnvIf3 to any regex on each request. Read more

© 2021 Tomas Jakobs - Imprint and Legal Notice