Posts tagged 'Security'

Shared auEduPersonSharedToken (user ID) for all University of Notre Dame Australia users across Australian Access Federation (AAF) Resources

Outline: for an undisclosed period of time until 28 June 2019, all users from The University of Notre Dame Australia (ND) accessing federated, Shibboleth-secured SSO resources provided through the Australian Access Federation (AAF) were issued identical auEduPersonSharedToken values. This identifier is frequently used as a unique user identifier (username); thus for systems where this was the case, all users from ND were considered the same person, causing permission assigned to one user to effectively apply to all members of the ND community, breaking authentication and risking information exposure to sensitive resources. The level of impact on a given system depends …

Static sites, continuous deployment and HTTPS with Netlify

I’ve been doing a variety of things pertaining to web security in recent weeks and one thing that’s been gnawing at my brain is the fact that my blog could still only use insecure http:// because of GitHub Pages. My blog’s content was using GitHub Pages for its serving and gh-pages really hasn’t been seeing a lot of love - that I know of - since its inception a few years back, especially since the development of concepts like Let’s Encrypt with free SSL certs for the web.

I felt I probably should have taken a more …

SCP remote files back home using reverse SSH (in 1 command)

My recent work has involved copying files from a remote host, only accessible via a hop, back to my local computer. This has been simple in the past as the remote host has been able to connect to the local computer and SCP files directly, on account of the firewall allowing this. Recently, the firewall against the local computer has been reconfigured for security and direct connection is no longer possible. I could pass my files through a 3rd-party that both the remote and local machines can get to, but let’s say I don’t have one.

What you …