Skip to Content [alt-c]

Andrew Ayer

Sections

Login

You are here: Andrew's SiteBlogIndex

Blog

January 2017Thoughts on the Systemd Root Exploit
October 2016Systemd is not Magic Security Dust
September 2016How to Crash Systemd in One Tweet
February 2016Domain Validation Vulnerability in Symantec Certificate Authority
December 2015Duplicate Signature Key Selection Attack in Let's Encrypt
October 2015I Don't Accept the Risk of SHA-1
August 2015Hardening OpenVPN for DEF CON
March 2015How to Responsibly Publish a Misissued SSL Certificate
October 2014Renewing an SSL Certificate Without Even Logging in to My Server
September 2014CloudFlare: SSL Added and Removed Here :-)
SHA-1 Certificate Deprecation: No Easy Answers
August 2014STARTTLS Considered Harmful
July 2014LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]
June 2014xbox.com IPv6 Broken, Buggy DNS to Blame
Titus Isolation Techniques, Continued
May 2014Protecting the OpenSSL Private Key in a Separate Process
April 2014Responding to Heartbleed: A script to rekey SSL certs en masse
December 2013The Sorry State of Xpdf in Debian
October 2013Verisign's Broken Name Servers Slow Down HTTPS for Google and Others
July 2013ICMP Redirect Attacks in the Wild
March 2013Running a Robust NTP Daemon
GCC's Implementation of basic_istream::ignore() is Broken
Why Do Hackers Love Namecheap and Hate Name.com?
February 2013Easily Running FUSE in an Isolated Mount Namespace
December 2012Insecure and Inconvenient: Gmail's Broken Certificate Validation
November 2012Beware the IPv6 DAD Race Condition
Working Around the HE/Cogent IPv6 Peering Dispute
Security Pitfalls of setgid Programs
How FUSE Can Break Rsync Backups
Remote SSH Commands and Broken Connections