Über Kreisläufe

Stelle dir folgende Situation vor:
Dein Kollege kommt mal wieder zu spät zum Meeting mit dem Kunden. Zudem ist er - wie üblich - mittelmäßig vorbereitet. Zum Glück warst du überpünktlich und hast gestern noch die Präsentation perfektioniert, so dass der Kunde auf jeden Fall zufrieden sein wird. Nach dem Termin stellst du deinen Kollegen zur Rede, er hört sich dein Lamento genervt an, was dich verärgert, aber was kannst du denn noch tun? Aus deiner Sicht wird es beim nächsten Mal genauso laufen, weil du eben die Ordentliche bist und er halt der Chaot ist und immer bleiben wird.

In the first blogpost of this series, I’ve shown you how easy it is for an attacker to eavesdrop the SSL/TLS connection between you and your client. This is not a theoretical issue and happens to customers every day. Even strong ciphers and encryption settings don’t help. Why? The problem is trust: If your client trusts any server, it doesn’t matter which cyphers your server is using.

This post is the second in the “Your HTTPS Setup is Broken”-series. Previously, I’ve described how easy it is for an attacker to eavesdrop on your “secure” communication. In this post I’ll show you how to enforce encrypted communication, so an attacker cannot downgrade the connection to unencrypted HTTP.

Your HTTPS setup is broken!

So, you use HTTPS to encrypt communication with your customers. Maybe you use the latest encryption ciphers and algorithms. But you may still have a very big issue in your setup. In this first blog post about HTTPS security, I’ll show that trust is at least important as encryption while securing communication. Furthermore, I’ll show how untrustworthy the current Certificate Authority infrastructure is.

This post is about Cassandra’s batch statements and which kind of batch statements are ok and which not. Often, when batch statements are discussed, it’s not clear if a particular statement refers to single- or multi-partition batches or to both - which is the most important question IMO (you should know why after you’ve read this post).

In this post I’m going to describe an issue we experienced with nginx and its handling of Server Side Includes (SSIs). We saw that nginx at first decodes the SSI URI path and afterwards encodes it when loading the resource. And in some cases, the URI path encoded by nginx was different than the original one. The solution is easy (use query parameters if in doubt), but I thought I’d share this so that others maybe don’t run into this issue and/or see how to debug such things.