Theo's Infosec Blog

Quick UDP Internet Connections Protocol or QUIC for short is a protocol created by Google that allows access to content, including YouTube, on using Google's Chrome browser and on Google devices. Secure Hypertext Transfer Protocol (HTTPS), uses Transmission Control Protocol (TCP), as does Hypertext Transfer Protocol (HTTP). Transmission Control Protocol

There are a few initial security steps you should take for any new Linux server. This script performs several of those tasks in an automated fashion for you, saving you time and ensuring consistency. I really liked Jerry Gamblin's "My first 10 seconds on a server" blog post,  and Bryan

If you're having mail rejected saying it's coming from noreply@discourse.do.co or you're wondering why dmarc isn't set up, this article may help. You may have noticed, or may not have, that comments are once again available on my blog. If you scroll all the way to the

With Docker vulnerabilities in the news [https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/] of late, it makes sense to have a look at hardening your deployments, especially any that are exposed to the Internet. Doomsday Docker security hole article on ZDNetThings you can do to protect yourself, as with any system

The Center for Internet Security has free guides that will help you secure your systems. [https://www.cisecurity.org/cis-benchmarks/] A typical corporate environment may have a broad array of systems, including routers, switches, and firewalls from vendors such as Juniper and Cisco, and operating systems like Microsoft Windows, Mac

I like to have a banner display at login to my servers when I use Secure Shell (SSH) to access them. Once upon a time, this was done by putting a static message in a static file called /etc/motd. Since 2008, in Ubuntu, this system has changed allowing administrators

I was checking the security logs on one of my servers as I often do and noticed attempts to log into SSH using a curious username. My servers are all set up to authenticate using key-based credentials only, so none of these attempts threaten my infrastructure, but I like to

Wouldn't it be cool to know whether a reboot is needed after installing updates on your Ubuntu Server without having to log in again to check the Message of the Day (MOTD) to see? You can find out by checking for the presense of a particular file. If the file

If you've just started using Linux, or haven't yet, but want to, this article [https://linuxliteracy.com/top-5-free-tutorials-for-linux-beginners/] may help. It points you to some books, online learning courses, and videos available for free! [https://linuxliteracy.com/top-5-free-tutorials-for-linux-beginners/] It will help you whatever your preferred learning style or format. It's

I've created a free 7 part video tutorial on how to set up key based authentication for Linux. You'll learn how to: * Install OpenSSH Server on your Ubuntu 16.04 LTS server * Connect with PuTTY for Windows, iTerm for MAC OS X, or the Linux Terminal * Generate your SSH Keys

Here are a few resources that will greatly help you in securing your operating system(s) and network for free! STIG Viewer Unified Compliance Framework's (UCF's) Security Technical Implementation Guides (STIG's) [https://www.stigviewer.com/] provide a down and dirty check-list style guide to securing a mulititude of operating systems

Do you want to learn to hack and thereby how to defend web sites? Try the SANS Holiday Hack Challenge [https://www.holidayhackchallenge.com/2017/] . [https://www.holidayhackchallenge.com/2017/] Shout out to Jeff V. (@mrvaughan) for the tweet about this!

If you're not familiar with edX [https://www.edx.org/], they have many informative and interesting free online courses. I came across one that really impresses me, and I'm sharing it with you! [https://www.edx.org/course/introduction-linux-linuxfoundationx-lfs101x-1] I'm providing the link to the course on edX [https://www.

Howdy readers! I've recently released a new course on Udemy called "Ubuntu Linux Fundamentals - Learn Linux Server with Ubuntu" Here's a coupon [https://www.udemy.com/ubuntu-server-fundamentals-manage-linux-server-with-ubuntu/?couponCode=INFOSEC-BLOG] for 90% off. It's normally $100, but you can get it for $10 [https://www.udemy.com/ubuntu-server-fundamentals-manage-linux-server-with-ubuntu/?couponCode=INFOSEC-BLOG]

Howdy readers, I apologize, but the blog was down for about 5 days. I had two things going on, and it took me some time to resolve them. The good news is, the blog is back, and Ghost has been upgraded to version 1.0! Sorry for the inconvenience during

Disqus, recommended by Ghost and used by many, including this blog, hacked Disqus, a provider of comment features for many blogs, including this one, has announced a hack. Information on people who used Disqus between 2007 and 2012 is at risk. Information compromised includes: * email addresses * Disqus user names * sign-up

Millions upon millions of accounts are compromised every year. It is very likely that the account for some web site or online service you use has been exposed by an attack. How can you find out if your account may have been compromised? One way is to enter your email

I just came across this article by Ziemowit Pierzycki about how he was scammed out of $1,500 for a camera lens he bought on Amazon. He seems to present clear evidence that this was an organized scam designed to part him from his money with no intent by the

I recently suffered a little down time on my site due to my letsencrypt certificate expiring and having some difficulty renewing because I'm using CloudFlare's [https://www.cloudflare.com/plans/] Content Delivery Network in front of my site. [https://www.cloudflare.com/] I'm posting so that those of you who

Learn how to create your own blog using Ghost, an an open source WordPress alternative. My latest creation. A new course on Udemy. If you're new to blogging, or considering starting one, and don't want to have to learn WordPress, Ghost may be for you, and this course can help.

It's here! Ghost Publishing Platform Version 1.0. On 27 July, 2017, John O'Nolan [https://blog.ghost.org/author/john/] announced the release of Ghost Version 1.0 [https://blog.ghost.org/1-0/]. [https://blog.ghost.org/1-0/] For those of you who haven't heard of Ghost, it is a