New blog post: Basic Internet Security for Authors: Better Browsing
Never thought about what you trust your browser with every day? Maybe it's time for some tweaks to make your internet browsing more secure. #Security #InternetSecurity #Browser #Author #Autorenleben #writerslife #Writing #BookBan
https://www.viennawriter.net/blog/basic-internet-security-for-authors-better-browsing/
now also available in English:
None of the biggest internet services are DNSSEC-enabled -- Breakthrough needed to increase actual usage levels
https://www.sidn.nl/en/news-and-blogs/none-of-the-biggest-internet-services-are-dnssec-enabled
Over the last two years, there has been considerable criticism of DNSSEC from within the DNS world itself. The main focuses of discontent have been the complexity of the protocol, poor market adoption and aging of the design.
op SIDN.nl:
Geen van grootste internetdiensten beveiligd met DNSSEC -- Doorbraak nodig om daadwerkelijk gebruik omhoog te brengen
https://www.sidn.nl/nieuws-en-blogs/geen-van-grootste-internetdiensten-beveiligd-met-dnssec
DNSSEC is niet alleen belangrijk voor de beveiliging van het bestaande DNS-systeem, maar legt ook een fundament voor nieuwe en toekomstige beveiligingstechnologieën. Maar er is wel een doorbraak nodig om de grootste internetdienstenaanbieders naar DNSSEC over te laten schakelen.
also available in English:
DNS delegation is set for an update -- Proposed DELEG record type will modernise DNS(SEC)
https://www.sidn.nl/en/news-and-blogs/dns-delegation-is-set-for-an-update
The new DELEG record is intended to replace the NS and glue records in the parent zone. It will also enable reference to an encrypted DNS service and specification of an alternative port number. Finally, it'll be possible to use a DELEG record as the starting point for a series of SVCB/CNAME references,
op SIDN.nl:
Een moderniseringsslag voor de DNS-delegatie -- Nieuw DELEG-recordtype geeft DNS(SEC) belangrijke update
https://www.sidn.nl/nieuws-en-blogs/een-moderniseringsslag-voor-de-dns-delegatie
Het nieuwe DELEG-recordtype moet het huidige delegatiemechanisme van DNS moderniseren. Om te beginnen vervangt het de NS- en glue-records in de parentzone. Daarnaast kan het naar een versleutelde DNS-dienst verwijzen..Ten slotte kan een DELEG-record ook het startpunt zijn van een reeks SVCB/CNAME-verwijzingen.
While 2024 is reaching the finish line, we‘d like to take a moment to thank everyone who is supporting us on our mission to secure the digital life. 
We‘re truly grateful for having such loyal customers. 
We wish you happy holidays! 
May 2025 be the year we all wish for! 
Stay secure! 
https://www.theregister.com/2024/11/20/dlink_rip_replace_router/
"Owners of certain D-Link VPN routers are being told to replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability."
"Details are not being released given the potential for wide exploitation. The vendor hasn't assigned it a CVE identifier or said much about it other than that it's a buffer overflow that leads to unauthenticated RCE."
now also available in English:
Algorithms based on outdated SHA-1 cryptography to be removed from DNSSEC protocol -- Users advised to switch to algorithm 13 if possible
https://www.sidn.nl/en/news-and-blogs/algorithms-based-on-outdated-sha-1-cryptography-to-be-removed-from-dnssec-protocol
The use of algorithm 5 (RSA/SHA-1) and algorithm 7 (RSASHA1-NSEC3-SHA1) has been discouraged for some time. Now, the intention is to phase out the two algorithms altogether.
now also available in English:
Latest version of Firefox adopts HTTPS as the norm -- General trend of migration to encrypted transport continues
https://www.sidn.nl/en/news-and-blogs/latest-version-of-firefox-adopts-https-as-the-norm
If you type www.example.nl into the navigation bar, Firefox begins by sending a request to 'https://www.example.nl/' (on server port 443). It'll try 'http://www.example.nl/' (on server port 80) only if the first request draws a blank. That's the reverse of the procedure followed until now.
op SIDN.nl:
Algoritmen gebaseerd op verouderde SHA-1 cryptografie worden uit DNSSEC-standaard verwijderd -- Stap als het kan gelijk over naar algoritme nummer 13
https://www.sidn.nl/nieuws-en-blogs/algoritmen-gebaseerd-op-verouderde-sha-1-cryptografie-worden-uit-dnssec-standaard-verwijderd
Het gebruik van algoritmen nummer 5 (RSA/SHA-1) en nummer 7 (RSASHA1-NSEC3-SHA1) werd al langer afgeraden. Inmiddels wordt gewerkt aan het helemaal uitfaseren van deze twee algoritmen.
Ten years plus on "Effective Spam and Malware Countermeasures - Network Noise Reduction Using Free Tools" https://nxdomain.no/~peter/effective_spam_and_malware_countermeasures.html still seems to be relevant (mod that we never got #IPv6 greylisting done) #malware #networksecurity #antispam #OpenBSD #internetsecurity, #networking #mailsecurity #packetfilter #countermeasures #networkmail #PF #greylisting #spam #FreeBSD
The 2014 article "Effective Spam and Malware Countermeasures - Network Noise Reduction Using Free Tools" has been liberated as https://nxdomain.no/~peter/effective_spam_and_malware_countermeasures.html - previsously only available tracked as https://bsdly.blogspot.com/2014/02/effective-spam-and-malware.html.
Likely still useful if you follow keywords like #malware #networksecurity #antispam #OpenBSD #internetsecurity, #networking #mailsecurity #packetfilter #countermeasures #networkmail #PF #greylisting #spam #FreeBSD (and now all #tracked links to my stuff have an untracked equivalent)
how many hashtags can you add before it feels gauche?
We're deeply concerned about the abuse management and prevention policies of @cloudflare, a leading content delivery network. For years, cybercriminals have been exploiting Cloudflare's services to conceal their malicious activities, posing a significant threat to internet security.
As of today, Cloudflare is associated with 1201 unresolved Spamhaus Blocklist listings and accounts for 10.05% of all domains on the Spamhaus Domain Blocklist.
Read the full article to understand what we're seeing, the critical issues, and our recommendation for change 
https://www.spamhaus.org/resource-hub/service-providers/too-big-to-care-our-disappointment-with-cloudflares-anti-abuse-posture
In the meantime, we urge Cloudflare to review its anti-abuse policies and take meaningful action to protect the online community.
Please reach out to the team, we are more than willing to work together to resolve this issue.
Proton
Découvert au détour d'un reportage sur la chaîne ARTE consacré à la protection de la vie privée et étant, à l'époque à la recherche d'une alternative à Gmail ou Outlook, j'ai été tout de suite séduit par Proton.
Créé par les scientifiques du CERN à Genève, Proton propose outre la messagerie, un VPN, un stockage en ligne, un gestionnaire de mots de passe avec intégration de la gestion des authentifications à deux facteurs, calendrier et de nouvelles fonctions arrivent encore.
Il existe une version basique gratuite mais, pour ma part, j'ai opté pour une formule payante car j'estime que la sécurité et la protection de la vie privée valent bien quelques euros.
Autre grand avantage de Proton : les données sont stockées en Suisse et bénéficient des lois suisses de protection de la vie privée qui sont, à ce que j'ai lu, encore plus strictes que le RGPD.
Après plus d'un an d'utilisation des services, je reste convaincu que c'était un bon choix.
The internet has a hole at the bottom of its trust stack, and we need to do something about it. The internet needs secure time synchronization to fortify the security of our digital world.
We present a path toward the adoption of securely synchronized time:
https://tweedegolf.nl/en/blog/122/a-safe-internet-requires-secure-time
@i0null #Hedgehog #InternetSecurity would be an actually cool name for a product.
Also would make more sense than "#Panda Internet Security"...
https://en.wikipedia.org/wiki/Panda_Security
A few weeks ago I talked about classdojo.com, a site for schools/teachers that sent me a link to "my" account - it was for a child in England, not my child, their security sucks, this site is trash. I wrote to the school AND the website about it.
FYI, they're now sending me updates about "my" child. Photos, names, info, everything. Also? Kid's actual mom seems to also have an account now - I was alerted when she signed up!
DO NOT USE CLASSDOJO.COM
It's #HootinTootinTuesday again! Post some jokes or funny memes under this hashtag today, and bring lots of smiles to #Mastodon.
Anyone who can point me to a good guide for how to set up an Synology DS NAS?
Since the internet have upgraded I can't get the vpn connection to work on my ASUS router but my quickconnect.to find It's way to my nas from outside but everything that is available on the net MUST have good security standard. I would like to only connect to my network via OpenVPN or similare level security.
Any good tips are much welcome
