Tag Archives: security

Bolstering HTTPS Security

Last Update: 26 October 2023 When #MovingToHTTPS, the first step is to obtain the necessary certificates for your domains and enable HTTPS on your webserver. After your site is fully HTTPS, there are some other configuration changes you should consider to further enhance the site’s security. Validate Basic Configuration First, use SSLLab’s Server Test  toContinue reading “Bolstering HTTPS Security”

Silliness – Fiddler Blocks Malware

Enough malware researchers now depend upon Fiddler that some bad guys won’t even try to infect your system if you have Fiddler installed. The Malware Bytes blog post has the details, but the gist of it is that the attackers use JavaScript to probe the would-be victim’s PC for a variety of software. Beyond Kaspersky,Continue reading “Silliness – Fiddler Blocks Malware”

Compression Context

ZIP is a great format—it’s extremely broadly deployed, relatively simple, and supports a wide variety of use-cases pretty well. ZIP is the underlying format beneath Java (.jar) Archives, Office (docx/xlsx/pptx) files, Fiddler (.saz) Session Archive ZIP files, and many more. Even though some features (Unicode filenames, AES encryption, advanced compression engines) aren’t supported by allContinue reading “Compression Context”

Downloads and the Mark-of-the-Web

Last update: October 28, 2025 Background To help protect the user and their device, Windows and its applications will often treat files originating from the Internet more cautiously than files generated locally. The Windows Security Zones determination process is most directly implemented by the MapURLToZone API; that API accepts a URL or a file pathContinue reading “Downloads and the Mark-of-the-Web”

Seek and Destroy Non-Secure References Using the moarTLS Analyzer

tl;dr: I made a Chrome Extension that finds security vulnerabilities.It’s now available for Firefox too! To secure web connections, TLS-enabling servers is only half the battle; the other half is ensuring that TLS is used everywhere. Unfortunately, many HTTPS sites today include insecure references that provide an network-based attacker the opportunity to break into theContinue reading “Seek and Destroy Non-Secure References Using the moarTLS Analyzer”