300M m/s

Twitter oEmbed broken on DigitalOcean

Marc Kranat — Sun, 18 Jun 2023 00:16:12 +0000

(TLDR solution is to allowlist the Twitter API IP address ranges)

Around 3 weeks back, the end of May I had reports of WordPress authors unable to embed tweets in posts, some using classic editor, others block editor.

The …

DDoS attack leveraging RSS feeds

Marc Kranat — Fri, 14 Apr 2023 02:25:30 +0000

RSS feeds have been around for decades, once very popular with geeks as a lightweight way of keeping up with the news such as https://feeds.bbci.co.uk/news/rss.xml before we all got 1gb cable connections and 5g, not normally read raw by human …

Online threats to consumers

Marc Kranat — Sat, 10 Dec 2022 18:06:51 +0000

Online threats to consumers come in many forms, such as viruses, malware, phishing scams, and ransomware. These threats can compromise the security of a person’s personal information, such as their login credentials and credit card numbers, and can lead to …

How to get around the BBC block in Russia

Marc Kranat — Sat, 05 Mar 2022 17:08:30 +0000

Как обойти блокировку BBC в России

Sharing this as obviously the link that the Beeb shared here can not be seen if forwarded to a Russian, as of course, Russia has blocked all disenting voices, and as this is …

Setting up a Mastodon Server at DigitalOcean

Marc Kranat — Tue, 19 Jan 2021 05:09:30 +0000

Please read the comments which have some updates regarding email config. You can find me on https://noc.social/web/@marc

Some people are really not too happy with Silicon Valley’s monopoly on social media. There are some serious privacy concerns, and we’ve seen …

Mostly Unrecognized immense scale of Solarwinds Hack

Marc Kranat — Sun, 20 Dec 2020 20:16:01 +0000

I’m pretty confused as to why there is so little written in the mainstream news on the scale and implications of this latest, and by far the largest, one of many attacks on our network infrastructure, and by a state …

Advanced Security Headers

Marc Kranat — Thu, 13 Feb 2020 03:35:52 +0000

I have some great security headers on this blog, but they are added using a single checkbox on the Sucuri WAF (web application firewall) this site uses. This is what they look like:

 x-xss-protection: 1; mode=block
 x-frame-options: SAMEORIGIN
 x-content-type-options: nosniff

…

Enumeration, Privacy, Security and the Law

Marc Kranat — Sat, 21 Apr 2018 21:02:15 +0000

There was a recent arrest of a 19 year old in Halifax for “hacking” freedom-of-information releases from a government website. Alleging he is guilty of section 342.1 of the criminal code, which prohibits unauthorized uses of computers “with intent to …

Governments are always wanting to break encryption

Marc Kranat — Fri, 04 Aug 2017 00:36:47 +0000

Everytime governments try to break encryption on social media, and they are doing it a lot these days, they hold up an example such as in this case “Sex Traffickers” so if you dare question them, you are exposed as …

We could be doing more

Marc Kranat — Tue, 02 May 2017 11:45:33 +0000

There is a mostly unreported and unrecognised ongoing attack on our research institutes, commerce and infrastructure, massively damaging our successes in the western world.

UC Cert, the United States Computer Emergency Team released an update (TA17-117A) last week from the …