Staying (Digitally) Safe During COVID-19 – Four Steps to Personal Cyber Security

There have been increased reports of cyber threats and scams since the start of the COVID-19 pandemic. With so many of us working from home lately, I wanted to share a handful of guidelines. This list is by no means comprehensive. And you should always look first to your employer’s IT security guidelines — especially […]

Safely Binding Unescaped Content in Web Applications

Binding unescaped HTML or CSS content on a web page is a scary proposition for most web developers. The idea conjures up black-hat hackers attacking your company’s infrastructure and high-visibility hacks. In fact, cross-site scripting vulnerabilities may exist on as many as 70% of all web sites. In this post, I’ll explain what cross-site scripting […]

Debian and Ubuntu Automatic Security Updates

Security patches for libraries and tools come out quite frequently. Just subscribe to any Linux distribution security list, and you’ll find that security updates are released with astounding frequency, sometimes even daily. Even kernel security updates are fairly common, with two security patches being released for the kernel used by Ubuntu 12.04 LTS in June. […]

9 OpenSSL Commands To Keep Handy

With the recent Heartbleed fiasco, I found myself frequently generating new SSL keys and certificates for Atomic and our customers. Even though the OpenSSL implementation of the TLS heartbeat protocol was broken, the openssl utility itself is still extremely useful for working with SSL certificates. The number of sub-commands and options for the openssl command […]