Some readers asked which Wordpress theme we use. The simple answer: We do not use Wordpress at all. Wordpress and other big content management systems (CMS) like Joomla or Drupal are extremely overpowered for personal blogs and smaller projects like our InfoSec Handbook blog. In this article, we give a basic introduction to the static site generator Hugo and discuss security issues of CMS.
Web server security – Part 3: TLS and security headers
In the second part of this series, we showed you how to harden your web server software. In this part, we introduce TLS cipher suites, talk about OCSP and show you additional security-related HTTP response headers.
Web server security – Part 2: Harden the web server
In the first part of this series, we showed you how to harden your server by configuring your firewall and SSH. In this part, we show you how to secure your web server software.
What is 'secure'?
Secure crypto, secure passwords, secure messaging, secure e-mail, secure browsing—we see ‘secure something’ everywhere, but no one defines this term. On closer inspection, ‘secure’ even becomes a catchword most of the time. We discuss these examples in this article.
Limits of end-to-end encryption
Skype, WhatsApp, Telegram, Signal, Protonmail—more and more services offer end-to-end encryption. While this is good for privacy, it is not a magic bullet. In this article, we show you some limits of E2EE.