Context: as a tenant administrator you can't inspect KeyVault contents created by other people ("you are unauthorized to view these contents"). Solution: assign yourself appropriate permissions like this: Locate the KeyVault in the Azure portal: go to "Access policies"click "+Add Access Policy"Key permissions: everything under "Key Management Operations" and "Cryptographic Operations"Accordingly for key and certificate … Continue reading Azure diaries: can’t access KeyVault
Category: security
Case study: scalable, extensible identity provider
Slides for a scalable, robust OIDC identity provider with an extensible architecture.
A comprehensive security enterprise architecture
I obtained permission to publish my presentation for an internal gig of a security enterprise architecture. When setting up a security architecture in the enterprise context topics like business continuity, people and processes, governance, services and technology are relevant. https://www.slideshare.net/GeorgeGeorgovassilis/security-architecture-127061728
Unlocking a password-protected hard disk
TL;DR: Recovering data from a password-protected SATA hard disk that was locked by a Thinkpad I wish this post would be as generally valid as the title suggests; at this hour I'm just unspeakably glad to have unlocked a hard disk I didn't even know I had locked and can finally go to bed. What … Continue reading Unlocking a password-protected hard disk
Secure messaging in the browser
By observing news and public discussions I feel that there is a growing awareness of data privacy and an increasing demand for secure person-to-person communication. In order to address my communication needs, I plugged together a few Javascript libraries and started the Webencryption [1] project on Github. What is Webencryption? Webencryption is a rather crude … Continue reading Secure messaging in the browser
Advanced web security topics
(Last update 28 February 2018) This post discusses web security issues that I come across - so far thankfully mostly by reading about them. It is a work in progress which I'll keep updating. The post title includes "advanced" because the topics discussed here involve clever, non-trivial hacks, are novel at the time of their … Continue reading Advanced web security topics
Securing a development server
In this post I talk about setting up and securely operating development tools like Jenkins and Gitlab on a server connected to the internet. All applications run behind a firewall and a reverse HTTP proxy which allows only HTTP requests from selected users through who authenticate themselves with client certificates.Putting web-facing software on the public … Continue reading Securing a development server
Pidgin having trouble with MSN certificate – and how to fix
I noticed recently that the Pidgin 2.7.5 messenger [1] had problems connecting to MSN with a certificate error about omega.contacts.msn.com. Fortunately I'm neither the first to have that problem, nor to find a solution [2]. MSN apparently replaced their certificate, which now needs to be updated with Pidgin. 1. point your browser to https://omega.contacts.msn.com/ 2. … Continue reading Pidgin having trouble with MSN certificate – and how to fix
