Latest articles

In the previous part of this series, we talked about TLS, OCSP and security-relevant HTTP response headers. In this part, we introduce the web application firewall ModSecurity and the intrusion prevention system Fail2ban.

Security and privacy on the internet affects nearly everyone nowadays. However, there are many myths rattling around. We discuss and debunk five common myths in this article.

AFWall+ (Android Firewall +) is an open-source, IPtables-based firewall for Android. It requires a rooted Android 5+ device and can be retrieved from F-Droid, GitHub or Google Play Store.

AFWall+ 3.0.0 introduced support for Tor. In this tutorial, we show you how you can configure your device to use this feature.

Universal 2nd Factor (U2F) is an open authentication standard originally developed by Yubico and Google and now hosted by the FIDO Alliance. Security devices with U2F support allow you to use two-factor authentication more easily since they contain a secret key that provides a second factor only by pressing the device’s button. You don’t need to manage more credentials.

We already compared the YubiKey 4C and Nitrokey Pro that offer more features than only U2F. In this article, we compare the Yubico Security Key and Nitrokey FIDO U2F. Both tokens offer similar features and come with support for U2F.

Some readers asked which WordPress theme we use. The simple answer: We do not use WordPress at all. WordPress and other big content management systems (CMS) like Joomla or Drupal are extremely overpowered for personal blogs and smaller projects like our InfoSec Handbook blog. In this article, we give a basic introduction to the static site generator Hugo and discuss security issues of CMS.