Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home Archives for cybersecurity and cyber warfare
DROWN, a New Attack on OpenSSL: Millions of OpenSSL-Secured Websites Are at Risk!

Filipe Martins 2016-03-01 Leave a Comment

DROWN, a New Attack on OpenSSL: Millions of OpenSSL-Secured Websites Are at Risk!

A recently discovered security vulnerability in OpenSSL allows a long-deprecated protocol, SSL v2 (Secure Sockets Layer) to be misused in attacks at modern websites. The new attack has been, perhaps fittingly, dubbed DROWN, an acronym for Decrypting RSA with Obsolete and Weakened eNcryption. Cyber security analysts believe it might shut down–or shall we say drown, more than one third of all HTTPS servers. Is yours one of them?

[Read more…]

Filed Under: administration and orchestration, alerts, cloud, edge and everything in between, cybersecurity and cyber warfare, news Tagged With: DROWN, HTTP/2, OpenSSL

Create a Content Security Policy to Protect Your Web Application against XSRF/CSRF/XFS, Clickjacking and Other Code Injection Attacks

Filipe Martins 2016-02-22 Leave a Comment

Create a Content Security Policy to Protect Your Web Application against XSRF/CSRF/XFS, Clickjacking and Other Code Injection Attacks

[Updated 2019-03-17] Are you wondering why some JavaScript code from external domains simply won’t execute on your website? The reason could be as simple as an overly restrictive Content Security Policy (CSP for short). This article explains how you can create a Content Security Policy that’s both protective and functional. It will help you to secure your web server from some types of cross-site request forgery (XSRF/CSRF/XFS), clickjacking and other code injection attacks.

[Read more…]

Filed Under: administration and orchestration, cloud, edge and everything in between, cybersecurity and cyber warfare, encryption, Uncategorized, web servers in the cloud Tagged With: CSP, cyber defense, cyber security, cybersecurity, NGINX

How to renew a Letsencrypt certificate

Anna E Kobylinska 2016-02-21 Leave a Comment

How to renew a Letsencrypt certificate

In a post titled How to Set Up Letsencrypt, the SSL-Certificate Engine for the Cloud Era of Hyperscale, on AWS EC2, we have introduced you to this free, open, and fully automated Certificate Authority backed by the likes of Facebook (a gold sponsor), and discussed a manual setup for adventurers in How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR.

Now is the time to discuss how to extend the validity of a Letsencrypt certificate for up to another 90 days of blissful happiness.

[Read more…]

Filed Under: administration and orchestration, cloud, edge and everything in between, cybersecurity and cyber warfare, encryption, mail servers, web servers in the cloud Tagged With: certificate, letsencrypt, SSL

How to set up Letsencrypt certificates on AWS EC2

Anna E Kobylinska 2016-02-10 Leave a Comment

How to set up Letsencrypt certificates on AWS EC2

[updated 2018-06-12] As browser makers continue their push for HTTPS and mobile applications are becoming the target of MITM (man-in-the-middle) attacks, cloud developers and administrators are scrambling to find affordable SSL certificates that can live up to the demands of the cloud era. Enter Let’s Encrypt, a new Certificate Authority that is open, fully automated, and free to use, with an almost unprecedented, generous allotment of 100 host names per certificate. Let’s Encrypt delivers on the promise of a worry-free, fully encrypted web 3.0. Cloud Insidr lifts the veil off of Let’s Encrypt’s setup, configuration, its few surprises and hidden gems.

[Read more…]

Filed Under: administration and orchestration, cloud, edge and everything in between, cybersecurity and cyber warfare, encryption, mail servers, NGINX, web servers in the cloud Tagged With: certbot, certificate, letsencrypt, RSA, SSL

How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR

Anna E Kobylinska 2016-02-10 Leave a Comment

How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR

Generating SSL certificates when Letsencrypt (what is Letsencrypt, who is behind it, and how the heck can you get started) is available for your system works in a breeze, but what if you need your certificates for a machine that won’t take Letsencrypt (for whatever reason)? It is still possible: you can either grab Letsencrypt from Git, or, for reasons of practicality… create a certificate signing request (CSR) on your target server, transfer it to your letsencrypt instance, generate the certificates you need, then transfer the generated files back to your target instance and install the certificates in your software.

[Read more…]

Filed Under: administration and orchestration, cybersecurity and cyber warfare, encryption, mail servers, web servers in the cloud Tagged With: CSR, encryption, SSL

  • « Previous Page
  • 1
  • …
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • Next Page »

Subscribe

Find the monitor that's right for you.

SSL/TLS Certificate Square (250 x 250)

Tag Cloud

AWS AWS Billing Dashboard AWS Config AWS Cost Explorer AWS EBS AWS Resource Explorer AWS Tag Editor AWS Trusted Advisor cipher suites cyber security Diffie-Hellman EBS EC2 ECDHE Five Eyes Alliance FLAME HSTS HTTP/2 Java Linux Log4j NGINX NVMe PHP RCE Route 53 SELinux SHA-1 SHA-2 SQL SSL TLS

Pearson Education (InformIT)

SSL/TLS Certificate Medium Rectangle (300 x 250)

©2022 CybrAnalytiqa OÜ

  • Content purchasing and syndication