(Last update 09 January 2017) This post discusses web security issues that I come across - so far thankfully mostly by reading about them. It is a work in progress which I'll keep updating. The post title includes "advanced" because the topics discussed here involve clever, non-trivial hacks, are novel at the time of their … Continue reading Advanced web security topics
Category: security
Securing a development server
In this post I talk about setting up and securely operating development tools like Jenkins and Gitlab on a server connected to the internet. All applications run behind a firewall and a reverse HTTP proxy which allows only HTTP requests from selected users through who authenticate themselves with client certificates.Putting web-facing software on the public … Continue reading Securing a development server
Pidgin having trouble with MSN certificate – and how to fix
I noticed recently that the Pidgin 2.7.5 messenger [1] had problems connecting to MSN with a certificate error about omega.contacts.msn.com. Fortunately I'm neither the first to have that problem, nor to find a solution [2]. MSN apparently replaced their certificate, which now needs to be updated with Pidgin. 1. point your browser to https://omega.contacts.msn.com/ 2. … Continue reading Pidgin having trouble with MSN certificate – and how to fix
