Skip to Content [alt-c]

Andrew Ayer



You are here: Andrew's SiteBlogIndex


April 2018Making Certificates Easier and Helping the Ecosystem: Four Years of SSLMate
March 2018These Three Companies Are Doing the Internet a Solid By Running Certificate Transparency Logs
January 2018Google's Certificate Revocation Server Is Down - What Does It Mean?
How will Certificate Transparency Logs be Audited in Practice?
September 2017Why Man-in-the-Middle Detection is Overrated
January 2017Thoughts on the Systemd Root Exploit
October 2016Systemd is not Magic Security Dust
September 2016How to Crash Systemd in One Tweet
February 2016Domain Validation Vulnerability in Symantec Certificate Authority
December 2015Duplicate Signature Key Selection Attack in Let's Encrypt
October 2015I Don't Accept the Risk of SHA-1
August 2015Hardening OpenVPN for DEF CON
March 2015How to Responsibly Publish a Misissued SSL Certificate
October 2014Renewing an SSL Certificate Without Even Logging in to My Server
September 2014CloudFlare: SSL Added and Removed Here :-)
SHA-1 Certificate Deprecation: No Easy Answers
August 2014STARTTLS Considered Harmful
July 2014LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]
June IPv6 Broken, Buggy DNS to Blame
Titus Isolation Techniques, Continued
May 2014Protecting the OpenSSL Private Key in a Separate Process
April 2014Responding to Heartbleed: A script to rekey SSL certs en masse
December 2013The Sorry State of Xpdf in Debian
October 2013Verisign's Broken Name Servers Slow Down HTTPS for Google and Others
July 2013ICMP Redirect Attacks in the Wild
March 2013Running a Robust NTP Daemon
GCC's Implementation of basic_istream::ignore() is Broken
Why Do Hackers Love Namecheap and Hate
February 2013Easily Running FUSE in an Isolated Mount Namespace
December 2012Insecure and Inconvenient: Gmail's Broken Certificate Validation
November 2012Beware the IPv6 DAD Race Condition
Working Around the HE/Cogent IPv6 Peering Dispute
Security Pitfalls of setgid Programs
How FUSE Can Break Rsync Backups
Remote SSH Commands and Broken Connections