General Blather

I noticed a bit of an uptick in Log4j abuses. more »

More accurately, my intrusion detection systems try to block Cloudflare. more »

I started tinkering with my mail server configuration, and while looking at some of the "can I encourage TLS?" bits I found MTA-STS and learned that there's a whole DNS-based authentication thing I never knew about. more »

For both protecting my systems and playing with what's out there, I incorporate Crowdsec into my system's intrusion detection and prevention. For other reasons, I updated one of my servers to the latest Ubuntu (not LTS), and an update to Crowdsec balked. more »

I noted in a different blog post some concerns I had where my intrusion detection had a gap caused by log aggregation. Specifically, my Docker web containers forward their logs to a Splunk server for collection and possible analysis later, which means… more »

Hot on the heels of the v2.15.0 fix came a v2.16.0 fix, which removed the core of the vulnerability, taking away a feature that was probably not used correctly, if ever used. more »

A meaty exploit was discovered and shared on 9 December. more »