- https://bugcrowd.com/ “Traditional Security Testing Is Finite. Human Power Isn’t.”
- https://www.crowdcurity.com/ “Bug bounty programs and security audits tailored for you.”
- https://hackerone.com/ “Modern security is hacker-powered
The Vulnerability Management & Bug Bounty Platform”
Monthly Archives: June 2015
WP Engine rolling out support for TLS 1.2
I have recently noticed, first on a client’s site, then this site, that WP Engine is rolling out support for TLS 1.2.
Also numerous other improvements including
- Removing weak Diffie-Hellman (DH) key exchange parameters. Going from a 1024-bit to 2048-bit group. (think Logjam)
- Adding additional cipher suites
- Supporting TLS_FALLBACK_SCSV to prevent protocol downgrade attacks
- Additionally supporting TLS 1.1
I have been using TLS with WP Engine on this site since April 10th, 2015 and in just under two months have seen my overall rating from Qualys SSL Labs improve from a C to a B to an A-.
Graham Cluley, who also hosts with WP Engine, mentioned in his post, And it’s goodbye to HTTP from this website…, that he switched over on March 3th, 2015 and quickly replied to a comment that, “Unfortunately at the moment my hosting provider doesn’t offer TLS 1.1 and 1.2.”
Well good news for Graham, his server configuration has also been updated and he is scoring an A- as well.
and this from back in November 2014
@TimHaines Hi, Tim! Not at this time ^EZ
— WP Engine Support (@WPESupport) November 11, 2014
Most Popular Stripe Subdomains
Top 15 Stripe Subdomains
| Rank | Subdomain | Daily Visitors | % |
| 1 | stripe.com | 284,000 | 45.02 |
| 2 | dashboard.stripe.com | 279,000 | 44.22% |
| 3 | support.stripe.com | 34,900 | 5.53% |
| 4 | connect.stripe.com | 21,700 | 3.44% |
| 5 | manage.stripe.com | 3,400 | 0.54% |
| 6 | status,stripe.com | 1,900 | 0.30% |
| 7 | checkout.stripe.com | 1,400 | 0.22% |
| 8 | js.stripe.com | 1,100 | 0.17% |
| 9 | shop.stripe.com | 1,000 | 0.16% |
| 10 | silver.stripe.com | 500 | 0.08% |
| 11 | admin.stripe.com | 500 | 0.08% |
| 12 | tiller.stripe.com | 500 | 0.08% |
| 13 | api.stripe.com | 400 | 0.06% |
| 14 | hackpad.stripe.com | 300 | 0.05% |
| 15 | dashboard-admin.stripe.com | 300 | 0.05% |
Source: based on Alexa estimates, as of June 8, 2015 via Wolfram|Alpha Archive (PDF)
Longest expired SSL certificates
#1 – hmctsformfinder.justice.gov.uk | Test for yourself
Certificate valid until: Thu, 04 Mar 2010 21:11:48 UTC (expired 5 years and 3 months ago) EXPIRED
#2 – secure1.wn.com.au | Test for yourself
Certificate valid until: Sun, 12 May 2013 18:38:34 UTC (expired 2 years ago) EXPIRED
Nonce
Nonce Definition
In security engineering, a nonce is an arbitrary number used only once in a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time the 401 authentication challenge response code is presented, thus making replay attacks virtually impossible.
Source: Cryptographic nonce – Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/Cryptographic_nonce
Enumeration
An enumeration is a complete, ordered listing of all the items in a collection. The term is commonly used in mathematics and theoretical computer science (as well as applied computer science) to refer to a listing of all of the elements of a set.
Source: Enumeration – Wikipedia, the free encyclopedia
https://en.wikipedia.org/wiki/Enumeration
Powerful Words for Content Marketing
Boost Blog Traffic – 317 Power Words That’ll Instantly Make You a Better Writer
Copyblogger – 50 Trigger Words and Phrases for Powerful Multimedia Content
CoSchedule – Proof That Emotional Headlines Get Shared More On Social Media (180+ words)
Useful Status Pages
Having trouble connecting to SFTP on WP Engine?
Having trouble connecting to SFTP? Your SFTP port may have changed, please use port 2222 if you are having trouble.
Click here for step by step instructions for FileZilla and Core FTP clients.
Install and use both Chrome 32-bit and Chrome 64-bit on Windows
Unfortunately, last I checked you, cannot have Chrome 32 and 64-bit versions installed on Windows at the same time. So as a workaround you can install one production release (stable) and one Canary development release.
Chrome Release Channels page notes that canary “… will run in parallel to any other Chrome channel you have installed, it will not use the same profile”
Downloads
| Production 32-bit | https://www.google.com/chrome/browser/desktop/index.html |
| Production 64-bit | https://www.google.com/chrome/browser/desktop/index.html?platform=win64 |
| Canary 32-bit | https://www.google.com/chrome/browser/canary.html?platform=win |
| Canary 64-bit | https://www.google.com/chrome/browser/canary.html?platform=win64 |
This guy installs the 32-bit production release and the 64-bit Canary