So you’ve deployed your new VPS or cloud server and SSH is served up on port 22 with password authentication. If you’re reading this, you already know that’s entirely insecure and just begging to be attacked. I’ll detail my procedure for hardening SSH on Fedora Linux, the distro I run. This should also work on downstream RHEL and CentOS, and broadly speaking on any SSH server, though some bits may differ.
Linux
Securing the Linux operating system.
Querying the Pwned Passwords API to Identify Breached Passwords
Troy at haveibeenpwned.com has released an updated API for confidentially searching an enormous collection of breached login credentials, half a billion entries. Critically, the design of the API avoids transmitting any actual password value or even hashes.
Don’t Melt Down Over the Meltdown and Spectre Flaws
Quick take based on reading of others’ work, but unless you’re a datacenter operator, there is really no need to go into full bore panic and scrap your plans in the wake of the new disclosure of hardwired flaws in Intel and other CPUs.
Download MVPS HOSTS File Converted to Unix EOLs
Periodically I’ll be doing an ad-hoc deploy of MVPS HOSTS file on a Mac or Android system, and have to improvise a means to accomplish the required conversion from DOS to Unix line termination from the shell prompt.
Leaving Windows for Linux on my Primary System
Few outside the technology business may be fully aware that Windows 10 arrives in the context of a major strategy shift at Microsoft. Feeling the heat from Google, Apple, and others, Microsoft needs to mutate and evolve its business models to compete in the end user computing marketplace. Selling Windows and Office licenses for whatever number of cents OEMs pay them for the right to ship these products on newly purchased machines is no longer cutting it in an age of falling PC sales. There’s new business out there, a pie they’re hungry for a big piece of.
Network Intrusion Encounters and Countermeasures
Network intrusion threats ran rampant and unchecked on the internet, invisible to most users. You may see no apparent signs of the automatic probes directed at your computer network, arriving around the clock, scanning for potential entry points. But they are occurring, maybe right now. Any exposed service may be expected to be quickly discovered and subjected to attack.