Webserver

Delete a HSTS Key Pin in Chrome

Here are the steps to take on Chrome when a HSTS key pin is set on a website, but incorrect. Go to the net-internals settings to search for the domain.

Summary of Delete a HSTS Key Pin in Chrome

Delete a HSTS Key Pin in Chrome Key pinning can be tricky and sometimes you might encounter a website having an incorrect key pin. This is usually caused by renewing certificates. In that case the duration time of the key pin might overlap the expire time of the moment of renewal. Chrome Error You will be seeing an error something like: Your connection is not private Attackers might be trying to steal your information from domain.

Read the full article…

Protect Linux systems against SSLv3 Poodle vulnerability

The Poodle vulnerability is discovered in October 2014, putting all systems using SSL 3.0 at risk. We share steps to mitigate this vulnerability on Linux based systems.

Summary of Protect Linux systems against SSLv3 Poodle vulnerability

What is the Poodle vulnerability ? The “Poodle” vulnerability is basicly an attack on the SSL 3.0 protocol. It is discovered in October 2014. The flaw is in the protocol itself (not implementation), which makes the issue applicable for all products using SSL 3.0. TLS 1.0 and later are considered safe against the attack. How does the attack work? While we won’t go into too much depth of encryption and ciphers, we will share some basics.

Read the full article…