exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
I’ve just discovered that one of our servers is not serving up it’s SSL certificate chain correctly. This is fine for modern web browsers who trust the COMODO certificate, but for older browsers/operating systems you need to support higher up the trust chain.
This post is Part 1 of a series on implementing username/password authentication for your Mongoose user models. In this first installment, we will discuss how to implement one-way encryption of user passwords with bcrypt, and how to subsequently use the encrypted password for login verification.
This post is Part 2 (of 2) on implementing secure username/password authentication for your Mongoose User models. In Part 1 we implemented one-way password encryption and verification using bcrypt. Here in Part 2 we'll discuss how to prevent brute-force attacks by enforcing a maximum number of failed login attempts.
After reading this scary blog entry about domain hijacking I’ve been a bit concerned about brute forcing of credentials and have been turning on the two-factor authentication facilities that folks like Google provide for my gmail and personal domains.
I’ve just found out about Duo Security, a service that allows you to add two-factor authentication to your SSH server, Juniper VPN and even Wordpress blogs. Their service is free for up to 10 users and they start charging when you pass that threshold.