Category: 'Security'

Tor is a Great SysAdmin Tool

Using Tor to aid various system administration tasks, including checking firewall rules, bypassing internal network restrictions and connecting to remote systems that are behind NAT/CGNAT.

Sunday 9th August 2020

Security Tor

Using SPF Macros to Solve the Operational Challenges of SPF

Improving the maintainability, auditability and effectiveness of your SPF policy using SPF macros.

Monday 11th May 2020

Security RFC Guide

Restricting Who Can Issue Certificates for Your Domain with CAA

Using Certificate Authority Authorisation (CAA) to restrict the Certificate Authorities that are permitted to issue certificates for your domain.

Thursday 13th February 2020

Security TLS RFC

Testing Your Ability at Spotting Lookalike Domain Names

Creating a JavaScript app to test how good you are at identifying potential lookalike domain names.

Sunday 12th January 2020

Security Domain Names

Securing Inbound Email Transport with MTA-STS and STARTTLS-Everywhere

Implementing the new MTA-STS specification and adding your domain to the STARTTLS-Everywhere list to help secure inbound email transport.

Friday 27th December 2019

Security TLS RFC

Understanding PGP/GPG Key Server Output

A reference guide to PGP/GPG key server search output.

Saturday 26th October 2019

Security Guide

Deploying a Tor Onion v3 Hidden Service Using Ansible

Using the Ansible configuration management tool to automatically deploy a Tor Onion v3 Hidden Service to a Linux machine.

Monday 16th September 2019

Security Tor Guide

Serving security.txt Using a Cloudflare Worker

If your Content Management System or hosting provider doesn't allow you to host a proper security.txt file, you can instead use Cloudflare Serverless Workers to serve the file directly from Cloudflare.

Wednesday 31st July 2019

Security Guide

Automating the Integrity Verification Process for Downloaded Software

A script to automatically download and perform integrity verifications for specific pre-programmed software packages.

Wednesday 19th June 2019


My Interview With Giulio D'Agostino

I was recently a guest on the 'Conversations in Cyberspace' podcast.

Saturday 11th May 2019

Security Meta

Managing Your SSH known_hosts Using Git

Using Git to centrally manage, verify, update and distribute your SSH known_hosts.

Tuesday 23rd April 2019


Forwarding Tor Hidden Services to Another Server Across the Internet

Using a reverse HTTP proxy to forward Tor Hidden Services across the internet to another server.

Tuesday 26th February 2019

Security Tor Apache

Taking Content Security Policy to the Extreme! - Policies on a Per-page Basis

Implementing a Content Security Policy on your PHP website with fine-grain control over the policy on a per-page basis.

Saturday 19th January 2019

Security Apache

Restricting and Locking Down SSH Users

Restricting SSH users to specific commands, directories and system access.

Sunday 13th January 2019

Security Guide

Using a Bloom Filter to Anonymize Web Server Logs

Anonymizing personal data in web server access logs in order to improve data security and comply with the GDPR.

Monday 17th December 2018

Security Apache

Automatically Testing Your Content Security Policy Using Travis-CI and Headless Chrome Crawler

A Travis-CI build configuration for automatically testing your website's Content Security Policy.

Saturday 28th July 2018

Security Apache Chrome

Launching a Public HackerOne Security Vulnerability Disclosure Program

A write-up of launching the public HackerOne security vulnerability disclosure program for JamieWeb.

Friday 11th May 2018

Security Bug Bounty

Using a Public Wi-Fi Hotspot Securely

Connecting to hotel Wi-Fi through a Raspberry Pi and forwarding an external VPN connection.

Tuesday 8th May 2018

Security Guide

Let's Encrypt SCTs in Certificates

Let's Encrypt certificates now have Signed Certificate Timestamps (SCTs) included by default.

Wednesday 4th April 2018

Security TLS Chrome

Disabling TLS 1.0 and TLS 1.1

Assessing browser compatibility and disabling older TLS protocol versions.

Tuesday 13th March 2018

Security TLS Apache

Registering a Namecoin .bit Domain

Using Namecoin Core to register a .bit domain and setting up ncdns.

Tuesday 16th January 2018

Security Namecoin Guide

Tor Onion v3 Vanity Address

Generating a vanity address for Onion v3 Hidden Services.

Saturday 6th January 2018

Security Tor

security.txt Internet Draft

A look at the security.txt draft specification.

Tuesday 26th December 2017

Security RFC

Tor Onion v3 Hidden Service

Testing the new Tor Onion v3 Hidden Services.

Saturday 21st October 2017

Security Tor

iPad Mini iOS 6

Using iOS 6 on the iPad Mini + iOS 6 Security.

Tuesday 19th September 2017

Security Apple

Pastebin Keyword Alerts

Using the Pastebin Alerts Service.

Saturday 2nd September 2017

Security Pastebin

Hosts File Site Blocking

Blocking sites using the hosts file and an integrity verification script.

Saturday 15th July 2017


Chrome Site Whitelist Extension

Discussing the Chrome extension that I am developing.

Tuesday 7th March 2017

Security Chrome

Subgraph OS Overview

An overview of Subgraph OS: Adversary Resistant Computing.

Tuesday 21st February 2017


Tor Hidden Service

Setting up a Tor Hidden Service for my site.

Sunday 12th February 2017

Security Tor

Blocking Exloitable Content

Blocking exploitable web content in your browser.

Tuesday 7th February 2017


Proof Of Timestamp

Cryptographically proving a timestamp.

Thursday 19th January 2017


Plainsight Enciphering Demo

Enciphering text and files using Plainsight.

Sunday 4th December 2016