As the traditional pen and paper exams have slowly been replaced by computers either on location or remotely, the need for tools to combat cheating has become a necessity to ensure the integrity of the exam results. Although one would hope moral values would discourage one from cheating when in an exam setting faced with […]
Linux homedir encryption
ZFS features (excerpt) Snapshots and clones. Useful for e.g. docker and system backups. Copy-on-write (making snapshots initially zero-cost). Raid. Encryption. SSD caching. See more on the ZFS wiki page (features) or this reddit post. Ubuntu has released Focal Fossa (20.04) and as I had just acquired my new laptop, I decided to test it out. Getting a software […]
Session Timeout and Concurrent Session Control with Spring Security and Spring-MVC
A web application me and my team are building recently underwent a security review. As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface. We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects […]
Web security; a haven for hackers if you’re not careful!
Web security is becoming more of more of an issue. In the Netherlands alone it’s at the heart of the daily news. For example the recent final report from a security company commissioned to investigate the DigiNotar attack shows that the compromise of the now-bankrupt certificate authority was much deeper than initially thought. Or the instance where a […]
Securing connections with TLS
In this article I’ll explore some ways to secure socket communication with TLS from a java application. To make it more concrete I’ll show you SubEtha SMTP (an excellent Java based bare bones SMTP server) and the recent TLS extensions I added to it. What you’ll get from this article: How to mix secure with […]