Profile cover photo
Profile photo
Hans Wolters
Communities and Collections
View all

Post has attachment
Populistisch rechts doet het weer goed zo kort voor de verkiezingen:

Wel grappig dat de leden de partij verwijten niet democratisch te zijn terwijl dat vanaf het begin wel duidelijk was :-)
Add a comment...

Bedankt dat u bij hebt gekocht.


Krijg een mailtje binnen met de bovenstaande tekst er in. Volgens mij klopt die zinsbouw niet helemaal, welke taalfanaat durft dat te beamen?

Overigens heb ik er niets gekocht. Vermoedelijk komt dit omdat we via CD de app gebruiken. CD verwijst naar, weer naar CD

Add a comment...

Post has shared content
Thanks for sharing Fred
This revision of the law will authorize intelligence and security to intercept and analyze cable-bound (Internet) traffic, and will include far-reaching authorizations, including covert technical attacks, to facilitate their access to encrypted traffic. Article 45 1.b, explicitly authorizes the use of "false keys" in third party systems to obtain access to systems and data. The continued inclusion of the "Staat der Nederlanden" Certificate Authority, which is operated by PKIOverheid / Logius, a division of the Ministry of Interior and Kingdom Relations-- the same ministry under which the AIVD intelligence service operates-- in Mozilla products is therefore no longer appropriate.
Add a comment...

Post has attachment
Add a comment...

Post has attachment
5 Photos - View album
Add a comment...

Post has attachment
At least let us have some fun in these dark days :-)
Add a comment...

Shouldn't we stop fooling people, ourselves included?

GRANT ALL ON dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SSL

I had some real discussions about wordpress, drupal, joomla and other cms based systems lately. It seems those cms based systems are not the only ones that are a danger for real exploits.

Let me explain. In the early 2000 years I had a discussion with someone who worked at one of the larger isp's in the Netherlands. It was about granting privileges on mysql databases. My point was to offer them grant privileges on their own databases so they would be able to work with different ones for their visitors, their admins or even their contributors.

The lack of knowledge made them decide to simply grant privileges to a database but not grant grant rights on it. This caused people to work with one account only, this is where the problem started.

Imagine visiting a dynamic site. The web-server fork is getting data from a database using one user, in those days it was called user nobody, these days we tend to have user www-data for it.
The scripts would simply connect to a database for one user, it might have a difficult password but it grants you access to all tables, all procedures.

What would happen if we start using different users depending on what kind of user is visiting a website? Well, we could start to grant users less privileges. An example:

Grant read rights on the article table
Grant read rights on the user table
Grant read rights on the foo table

It would grant the normal visitor rights to see the content, not altering it.

Why the hell would we need something like that?

We simply need it. Why offer an ATM to change your card, why offer user nobody to access admin tables?

What worries me is software like openstack that is simply using the same privileges. Why the fuck do we grant all on foo@bar and let others connect to it? Please, fix this.

Some more issues;

GRANT ALL on dbname.* to 'compute01'@'hostname' IDENTIFIED BY 'NOVA_DBPASS' REQUIRE SUBJECT '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=compute01' AND ISSUER '/C=XX/ST=YYY/L=ZZZZ/O=cloudycloud/CN=cloud-ca';

There is no need for a grant all. I can always help you to be more secure :-)
Add a comment...

Post has attachment
Don't start crying people :-)

#mcAfoo #exploit  
McAfee Virus Scan for Linux
McAfee Virus Scan for Linux
Add a comment...

#debian #cis

Wouldn't it be nice if someone would implement the cis requirements for Jessy into the OS? Wondering what the reason might be to have bloated settings for an OS that is so important for companies.

* sysctl settings
* sshd settings
* netfilter setting
* issue settings
* ntp settings

So glad it's not hard to change it. What might be needed is an update on the cis requirements to allow ipv6 :-)
Add a comment...

One news day again, sick of it already.

Tried to be news free for three weeks and I succeeded for some 20 days I think. Avoided all of the Trump madness and even made some fun by writing a proxy that would replace Trump to Schrimp (or other ones).

Today the Dutch news came in hard. Another partypooper named Jan Dijkgraaf, one of the people behind geenpijl, is starting a political party.

Geenpijl wants to change views in the political landscape. Nothing bad but the fact is that he was one of the people behind the referendum where the Dutch people would be able to sign-off a treaty with the Ukraine without even looking at the treaty and even being stupid in Interviews due to lack of knowledge about those treaties.

The Dutch political landscape has changed, a lot. If this does not stop we might end up with a landscape that will be governed by 150 individual parties. Probably fighting their asses of in the parlement.

This is NOT a good thing folks. Shit will hit the fan within a year.
Add a comment...
Wait while more posts are being loaded