If you're developing for the web (or something else) and you need to connect to an Oracle database, such as an Oracle Autonomous Database that comes for free with oracle cloud free tier, you may run to the typical problem of storing db connection credentials in configuration files and scripts. Nevertheless, Oracle has, since ages, a functionality called Oracle Wallet that can help you manage these connections more securely. Keep in mind that Oracle migrates away from Wallets, but my understanding is that this is a response to usability concerns, as the security standard is not maintained in the new set-up.
Securing administrative access with MFAPosted on Monday, 4th of March 2019 • security • permanent link •Read time: 10 minutes
Now that multi factor authentication is gaining ground I thought I would write a simple guide on how to secure administrative access with MFA on Linux systems. The solution is simple and based on Google Authenticator. The good thing with Google Authenticator is that it's a typical TOTP/HOTP solution and as such does not require any internet connectivity on either the server or the client. The configuration examples provided are more or less appropriate for openSUSE Leap 15 and Ubuntu 18.04 LTS
Google+ is dying, be preparedPosted on Friday, 1st of February 2019 • privacy • permanent link •Read time: 1 minute
As you may have heard, Google+ is going to die. This is a good thing since there were some security / privacy issues last year. Google decided to kill the product instead of trying to fix it, which is understandable and a respectful decision.
When multi-factor will not save youPosted on Sunday, 19th of August 2018 • security • permanent link •Read time: 11 minutes
There is a lot of discussion lately about multi-factor authentication and how this will upgrade everyone's security. Indeed, it is an improvement and it was about time we start becoming more conscious about the security issues related to authentication. As usually though, these discussions generated a lot of confusing and "why it didn't work" moments when we see cases such as Reddit's hack in August of 2018.