@Yoni 😱
Lmao: brain drain. credit https://www.skeletonclaw.com/post/172523266228
Skeleton Claw Comics
Comics about guitars, spiders, vampires, jiu jitsu, skeletons and crushed dreams.skeletonclaw (Tumblr)
My Linux firewall be like ... also check my little iptables guies https://www.cyberciti.biz/tips/linux-iptables-examples.html :)
Alex likes this.
@Yoni
Did you know?
You can use the dnstop command on Linux, FreeBSD/Unix to monitor both authoritative & caching DNS server network traffic. It can show:Source & Destination IP addresses
Query types
Response codes
Opcodes
Top level domains and more.See https://www.cyberciti.biz/faq/dnstop-monitor-bind-dns-server-dns-network-traffic-from-a-shell-prompt/ for more info.
@Yoni
pressing ctrl-alt-del on early versions of Mac OS X Server https://twitter.com/nkizz11/status/1604174271173230592/photo/1
Mosa in her box
@Yoni
“I like this #mastodon and willingly could waste my time in it.” —“As You Like It” by William Shakespeare.#twittermove #twittermigration
#shakespearesunday #catsofmastodon #catstodon #books #bookstodonArt credit: Elisa Chavarri (I think): https://www.flickr.com/photos/elisachavarri/12001707615/
Gary likes this.
Let's Encrypt now supports ACME-CAA
@Gary
https://www.devever.net/~hl/acme-caa-live
To summarize (yes I pasted): a CAA record might point to Let’s Encrypt, but anybody could sign up at Let’s Encrypt, so this does not protect anyone. But if the CAA record points at a specific account name at Let’s Encrypt (which it can now do), this closes that hole.
This is similar to the lame delegation problem; i.e. where some old forgotten subdomain has a CNAME record pointing to some big hosting provider; although the site does not work anymore, the CNAME record is still there, and an attacker could get an account at that same big hosting provider and sign up with the same subdomain name, since the CNAME record is still valid. This way, they would get access to providing connectivity (web content, incoming e-mail) for a domain name they should not have.
https://www.devever.net/~hl/acme-caa-live
To summarize (yes I pasted): a CAA record might point to Let’s Encrypt, but anybody could sign up at Let’s Encrypt, so this does not protect anyone. But if the CAA record points at a specific account name at Let’s Encrypt (which it can now do), this closes that hole.
This is similar to the lame delegation problem; i.e. where some old forgotten subdomain has a CNAME record pointing to some big hosting provider; although the site does not work anymore, the CNAME record is still there, and an attacker could get an account at that same big hosting provider and sign up with the same subdomain name, since the CNAME record is still valid. This way, they would get access to providing connectivity (web content, incoming e-mail) for a domain name they should not have.
Gary likes this.
Gary
Alex likes this.
Alex