Fail2Ban announces desperate waves of SSH mutilations on the servers since last night. Did the Windows XP zombies wake up?
“Consisting of a 78-fingered guitarist named March, a 22-armed drummer named Ashura and a keyboardist who triggers notes with lasers named Cosmo, the ʻultimate 12-year-old boy’s fantasyʼ undeniably showcases a musicianship that goes beyond the realms of what a human being can physically play.”
Testing @LastPass, hopefully solving the password security madness. (Or putting out the fire with gasoline?)
Jean-Jacques Perrey: The Mexican Cactus.
Sigh.
Chrome Bugs Allow Sites to Listen to Your Private Conversations.
Clear Off the Table.
As with charts, rather than dressing up our data we should be stripping it down.
As far as I understand, Forward Secrecy is the current way to go and mitigate issues like the Heartbleed bug. Thus, I followed the advice at the Mozilla Wiki (via) and now the secure HTTP connection to p3k.org is rated “A” (instead of “A-”) at the Qualys SSL Labs.
The Heartbleed Hit List: The Passwords You Need to Change Right Now.
Bruce Schneier on the Heartbleed bug: “On the scale of 1 to 10, this is an 11”.
I am just a tiny administrator of a few servers and can hardly cope already with the taks to change all their certificates and keys – besides all the web site login credentials. I feel with every person having to orchestrate this in a huge infrastructure…
OpenSSL is not developed by a responsible team.
“Theo de Raadt says the memory allocation and release methods on modern systems would've prevented the ‘Heartbleed’ flaw, but OpenSSL explicitly chose to override these methods because some time ago on some operating systems performance wasn't very good.”