126 posts in Linux
If you're running Postfix, add this line to main.cf:
smtp_tls_security_level = may
Restart Postfix, and retry.
PS: You can set encrypt instead of may -- but this can cause issues with Amavis and/or SpamAssassin.
Minor end of year update. No big SSL exploits have been released since (bar DH, see below).
Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.
It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. :)
You’ve just updated your Raspberry Pi (or whatever Linux) and you’re noticing your CIFS (smb) mounts aren’t getting auto mounted anymore. You curse and start noticing this error:
# mount -t cifs //192.168.1.100/public -o username=public,password=public sam/
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
The solution is to add after -o username=X,password=Y the following: sec=ntlm; thus it becomes -o username=X,password=Y,sec=ntlm.
You can do the same in fstab:
22" Ilyama LCD panel, Atom based NUC (board only) with Low Voltage RAM, USB WiFi adapter (could have used half sized PCIe + antenna – but I’ve got a ton of USB WiFi left), extended ethernet.
Mostly made out of plastic (hardened polyester) and metal, unlike the wooden version.
3D render:
Actual design:
Flightradar24 (T-EBBR55) antenna being installed right next to BRU airport.
Due to interference (GSM? WiFi (very very unlikely)? High voltage power lines?) we moved it to the side, as seen below.
While it is blind from half a side, it can see all the way up to London and beyond.
This is the result:
Because of the mediastorm it’s time for an update. The previous (1, 2, 3) blog posts are outdated!
I’ll do my usual slashdot-effect post in a couple of days (it’s already at 10k views today).
Banks that changed rank since last post (all for the better):
I cannot test Europabank using SSL Labs. I can only speculate they requested SSL Labs to not scan them. I have also added a couple new banks (Delta Lloyd, Deutsche Bank, Moneyou, Fortuneo, BKCP, Binck, and Isabel as bank tool).
EDIT: ING is now A- (not reflected in this blog post). EDIT 2: Keytrade & Hello Bank also went to A. I’ll post a new blog post later tonight. EDIT 3: Updated post here.
Part three, or how I single-handedly “fixed” SSL at the Belgian banks. ;)
Part one and two are available here. Not related but useful nonetheless NY Times article about bank hackers.
Argenta promised to fix their SSL, so it’s the time to check everything again.
E-mails that had been deleted for over 7 days were automatically removed from the IMAP server. E-mail date was ignored (ie the mail could have been from 2010; the actual time in “Trash” counted). This didn’t happen to other folders (Sent, Archive, Spam). This recently happened and hadn’t happened before.
I had to restore my trash folder from backups every 7 days (yay for rdiff-backup).
It took me a while to figure it out… The problem first appeared in October, right after several big changes:
I previously wrote about Belgian banks & SSL. Updated version (15/02/2015) here.
Going through my Google Analytics I noticed some noteworthy network domains, which Google discribes as “The fully qualified domain names of your visitors’ Internet service providers (ISPs)”.
