Scott Helme

Collection by Scott Helme

39 
Pins
 • 
15 
Followers

Interesting items from my blog! https://scotthelme.co.uk/

Scott Helme
Mapping out WiFi networks, wardriving with an Android device.

WiFi (in)Security - Is your network on the map and is it secure?

As a modern day smartphone packs about as much punch as a low spec laptop or even desktop, Wardriving with a GPS enabled device became a whole lot easier. Using a WiFi and GPS enabled Android smartphone I have accurately mapped out every available WiFi network in Clitheroe. Concluding my series on WiFi (in)Security it's time to see if your WiFi network is on the map, and if there's anything you need to do to secure it. Introduction Whilst it might sound dark or suspicious, Wardriving is…

The results of my survey of 100 people regarding WiFi Security.

The results of my survey of 100 people regarding WiFi Security.

DDoS attacks.

DDoS attacks, the plague of the Internet

Distributed Denial of Service (DDoS [https://scotthel.me/f8g7]) attacks have gained fame in recent years after becoming an effective tool for hacktivist groups such as Anonymous and LulzSec. What exactly are these attacks, how are they carried out and how can websites hope to defend themselves against such assaults? Introduction DDoS attacks have been at the very epicentre of many cyber attacks in recent years, against some quite sizeable and influential organisations too. Mastercard and…

DDoS attacks!

DDoS attacks, the plague of the Internet

Distributed Denial of Service (DDoS [https://scotthel.me/f8g7]) attacks have gained fame in recent years after becoming an effective tool for hacktivist groups such as Anonymous and LulzSec. What exactly are these attacks, how are they carried out and how can websites hope to defend themselves against such assaults? Introduction DDoS attacks have been at the very epicentre of many cyber attacks in recent years, against some quite sizeable and influential organisations too. Mastercard and…

HSTS - The missing link in Transport Layer Security.

HSTS - The missing link in Transport Layer Security

HTTP Strict Transport Security (HSTS [https://scotthel.me/d8j3]) is a policy mechanism that allows a web server to enforce the use of TLS [https://scotthel.me/s8d7]in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring all communication takes place over a secure transport layer on the client side. Most notably HSTS mitigates variants of man in the middle (MiTM) attacks where TLS can be stripped out of communications…

CloudFlare's great new features and why I won't use them.

CloudFlare's great new features and why I won't use them

CloudFlare recently announced two great new features, Keyless SSL and Universal SSL. Here's why I won't use them.

Squeezing more out of your Qualys SSL Test score!

Squeezing a little more out of your Qualys score

Not so long back I published a blog on Getting an A+ rating on the Qualys SSL Test [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/], which I recently updated to keep in line with the latest requirements on RC4 ciphers and SHA1/SHA256 certificates. Since then, I've had a few questions from people who were getting the A+ rating but not getting quite the same score despite having the same protocols and ciphers defined. Here's how you do it, and don't worry, it's pretty easy. The…

SSL does not make a site secure!

SSL does not make a site secure!

Following Google's recent announcement that they will start rewarding websites that use SSL/TLS with a boost in their search rankings, I've seen a lot of comments being thrown around about how it's great that secure websites will now be rewarded. Unfortunately, using SSL/TLS doesn't mean that a site is secure. Introduction Secure Sockets Layer [https://en.wikipedia.org/wiki/Secure_Sockets_Layer] (SSL) and its successor, Transport Layer Security…

Setting up encrypted email.

Setting up encrypted email is easy, here's how!

A year on from the first Snowden revelations and the landscape is starting to shift. People are taking encryption and privacy more seriously and technology companies are shifting towards more secure systems. To follow that trend I've decided to setup encryption for my own email using OpenPGP. In this blog

Terrible security on HotelHippo.

HotelHippo Insecure, so I've herd

After using online hotel booking website Hotel Hippo, I found several critical security flaws and had little response from the company to my disclosure.

Make your website faster and more secure with SPDY!

Make your website faster with SPDY

SPDY, pronounced 'SPeeDY', is a web protocol developed by Google that is primarily aimed at reducing page load time and providing better security. With the latest stable release of nginx featuring SPDY 3.1 support, it's time for an upgrade! Let's Get SPDY! You can head over to the nginx site [http://wiki.nginx.org/Install#Source_Releases] and find the latest stable source release. At the time of writing the latest stable build is 1.6.0 and mainline is 1.7.0. Personally, I choose to run the…

My blog under DDoS attack!

Mitigating a HTTP GET DoS attack

My blog recently became the target of an orchestrated Denial of Service (DoS) attack using a HTTP GET flood. Aimed at generating huge amounts of load on the MySQL back end, it was very effective. As the attack ramped up, the sheer number of queries being executed caused the MySQL service to consume the remaining system RAM and was subsequently terminated. Attacks like these can be a huge inconvenience, but fortunately, there are some simple steps that you take to mitigate them. The Attack…

Getting an A+ on the Qualys SSL Test.

Getting an A+ rating on the Qualys SSL Test

The SSL Test provided by Qualys does an incredibly thorough evaluation of the SSL configuration on your server. It's a great way to get a feel for whether or not you're doing SSL right. In this blog I'm going to walk through the steps required to get an A+ rating, the highest possible score. Now that everyone is patching and checking their servers after Heartbleed, let's take the opportunity to make some quick improvements while we're at it! Introduction You can see my A+ rating on the SSL…

Enable certificate revocation checks in Google Chrome!

Enabling Certificate Revocation Checks in Google Chrome

Following on from the announcement of Heartbleed, it's fair to assume that there will be a huge amount of certificate revocations both in progress and in the days and weeks to come. With an increased number of revocations, there's the potential that OCSP [https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol]/CRL [https://en.wikipedia.org/wiki/Revocation_list] responses may start to take a little longer as the Certificate Authorities load up their lists. Whilst Google Chrome does…

How safe are WiFi hotspots?

Public WiFi Hotspots; The Wild Wild West

Public WiFi hotspots can usually be found in abundance wherever we go. So much so that many of us are now frustrated when there is no WiFi for us to use. If you're at a coffee shop, hotel, bar, restaurant or even a non-stationary location like a train, you can scan for WiFi hotspots and most of the time strike it lucky. But just how safe is it to use a WiFi hotspot and what are the risks involved with using a network when you don't know who's lurking nearby? Introduction Just yesterday…