Category: security

networking, privacy, security

Protect yourself from WebRTC leaks

The short story There is an unbelievable security flaw in all major browsers that exposes your public and local IP to websites if you have WebRTC and Javascript enabled, which is the default. In particular, this exposes users trying to anonymize their browsing through VPNs, Tor or I2P. This has been known since 2015 and …

ARM, FOSS, security

Security audit your ARM board with Lynis

Be it powerful production servers, or humble home hosted ARM boards, an internet facing system requires that we take security very seriously. But security is hard. No matter how much we try to secure our systems, any small detail we oversee can ruin all our efforts. In the same way that intruders make use of …

FOSS, linux, security

Sandbox your applications with Firejail

One thing I that like about the Android App security model is that for a given app, it presents the permissions to the user and the user has to accept them. This is good because the user has control over the software it runs, and is an invaluable tool to be able to use an …

networking, nextcloud, security

NextCloud, a security analysis

There is no privacy without security. First, I would like to scare everyone a little bit in order to have people appreciate the extent of  this statement. As the figure that opens the post indicates, there are thousands of vulnerable Owncloud/NextCloud instances out there. It will surprise many just how easy is to detect those …

FOSS, networking, nextcloud, nextcloudpi, raspberrypi, security

ModSecurity Web Application Firewall for NextCloud

There is little point in going through all the trouble of setting up and hosting your own private cloud if it is not properly protected. Running your own service means that you are the sole responsible for its management and security. Having a vulnerable setup poses the risk of your most private data being exposed …

debian, linux, nextcloud, raspberrypi, security

Automatic security updates on a Debian system

Computer security is an issue of paramount importance. More even so whenever we are running services exposed to the internet. Much more even so when those services can compromise sensitive data. The first piece of advice you will always get is “keep your system up to date with the latest security patches”, and my favourite …

FOSS, linux, networking, nextcloud, nextcloudpi, raspberrypi, security

Let’s Encrypt installer for Apache

This installer provides a really easy way of installing a signed certificate with Let’s Encrypt for an Apache server. Configuration Note that you need to have both ports 80 and 443 accessible for the authentication challenge to work DOMAIN is the URL to access from outside and inside your house. Use the same one you …

FOSS, networking, nextcloud, nextcloudpi, raspberrypi, security

NextCloudPi Fail2Ban installer

This is just a little script that installs and configures Fail2Ban to work with NextCloud. Fail2Ban will monitor your personal cloud for brute force attacks and block the IP after a number of bad login attempts. Features SSH jail Nextcloud login jail 6 bad login attempts will block the IP for 10 minutes by default. …