Let’s Encrypt for non-webservers standard

Let’s say you want to use Let’s Encrypt for something that isn’t a website. So you download certbot, you get things going with your manual cert, and you realize that when it goes to rotate you will need to restart some services. When you go look through the docs, it’s not very clear on how to do this exactly. So here’s my post to remind myself what I did (and if it helps you as well, then hooray!). What you want to do is configure a hook. They come in three varieties: pre-hooks (commands to run prior to running the re-issue), deploy-hooks (commands to run immediately after the cert is issued but prior to deployment), and post-hooks (commands to be ...

Continue Reading

When Man Pages Go Weird standard

You may not realize that I got my start in the technology world in the early 1990s learning Unix. From my first Netcom account to my high school allowing me, A JUNIOR, to have and run a Slackware machine directly connected to the Internet. My first Linux kernel was a 1.2.8 kernel, and I vividly remember someone trolling me on IRC to fix some strange problem the best bet was to rm -rf /* as root. He got me good. Working through *nix in those days was made easier (and still is today) through Manual Pages, or manpages for short. It’s the thing that people would expect you to go do when they replied “RTFM” when you asked a question ...

Continue Reading

Ten Things Companies Get Wrong About CIAM standard

Customer Identity and Access Management (CIAM) is a core component of creating your digital user experience. If you are unfamiliar with Customer Identity and Access Management, it is the process by which companies grant access to their digital assets (like websites, mobile apps, and even chatbots) to their customers, as well as controlling what those customers can access. The idea is to ensure the right person or process has access to the right applications and information at the right time while being risk and context aware. In a previous role, I was responsible for a complete CIAM modernization at a large bank. More recently, I modernized an entire IAM system for the premier identity company. In both cases, my guiding ...

Continue Reading

Protect Yourself and Freeze Your Credit standard

Breaches are never ending, and if you have not already put freezes on your credit reports, make a late New Year’s resolution and do it now. There are a couple of steps you will need to take for each of the four bureaus (yes four). Before you freeze, get in a habit of requesting your report annually. Some bureaus partner with apps you can use as well (such as Credit Karma, Credit Sesame) that are free to download and set up. You want to make sure nobody opened a line of credit in your name without you knowing. One thing you need to know about freezing your credit report is anytime you take an action that requires a hard inquiry, ...

Continue Reading

Selective Domain Filtering with Postfix and a SPAM Filtering Service standard

Yes, that title was a mouthful, but I’m trying to make sure I’m descriptive enough for the next guy who is in this situation. I was facing something interesting lately. There is a spambot network that is ignoring whatever you put in the MX record, and trying to send emails to other IPs associated with the domain. Yep, rookie mistake on my part. Should have set things up so that domains forwarding to my spam filtering service can only be delivered locally if they come FROM that service. So I turned to the extremely helpful Postfix Users group. Essentially, they suggested leveraging access(5) rules to define this in main.cf. You could throw the domains into a hash table as well, ...

Continue Reading

PCI DSS 4.0 and TLS standard

In 2015, I published an addendum to our PCI DSS 4th Ed. book that covered version 3.1. I titled it, “PCI DSS 3.1: The Standard that Killed SSL” because that version removed the ability to use old and outdated versions of the standard in favor of the improved TLS standard originally released in January 1999. Now eight years later, we’re still struggling with moving past version 1.0 of TLS, something that the Council required after June 2018. Outdated versions of these protocols still exist in certain embedded devices, and are only allowed in limited scenarios. Version 4 of the standard pushed the remainder of TLS version requirements to your routine vulnerability scans—prioritized by the resulting CVSS score. You will find ...

Continue Reading

Why APA is Important in your Masters Journey standard

Another semester has closed and the reviews are in. As always, I had one student who rails on their hatred of APA formatting and one student who loved it. OK, maybe not loved it, but mentioned that it made a positive impact on their journey. The goal of this post is to help provide some context on why I take points off of papers for poor APA formatting. If you are one of my current students reading this, please take some notes. I make APA 7th Ed. an optional text because there are freely available resources you can use to learn what you need to do. You should also use the services of the writing coach provided by the university ...

Continue Reading

Writing a Book in Markdown with GitHub standard

December is the month! PCI Compliance, 5th Edition is ready for pre-order and will be shipping on the 22nd. James & I are so excited to hear what you think! But of course, this project is several years in the making. Even before James & I sat down in early 2020 to hammer out where we wanted this to go, I’ve been involved in this book since the 2nd edition in 2009. Back in the old days, Microsoft Word was the tool we used to get things done. But we have such better options these days to collaborate on projects like this. As we talked with several industry folks about the project and our progress, one of you asked me ...

Continue Reading

HowTo: Kindle Paperwhite Night Mode standard

I’ve been a kindle reader for a very long time—pretty much since the first version of it. I traveled with one, had a waterproof case for the pool, and generally consumed the vast majority of my fiction reading on it. While my previous device was still cranking along just fine, the cases were not. After breaking my second waterproof case and learning they were not made anymore, I joined the masses and got a new Paperwhite Kindle. All was well for a while! It’s absolutely brilliant to read from outside, and I never had problems in normal light inside a house or building. I’ve recently started taking up some reading before bed to help slow things down in my brain ...

Continue Reading

PCI DSS 4.0 Released plus BOOK DETAILS! standard

It’s been nearly six years since we had a major release of PCI DSS, and March 31, 2022 was the day that the final version of PCI DSS 4.0 released. For those that had access to the last discussion draft (released early this year), there are virtually no changes from that (with the exception of refining Requirement 9.4.1 and inserting 9.4.1.1). But don’t go changing your assessment processes yet! PCI DSS 3.2.1 won’t sunset until March 31, 2024 (see page 36). This means, you have to START your last PCI DSS 3.2.1 assessment BEFORE March 31, 2024 (better if you complete by then), and then you have a year to prep for the base PCI DSS 4.0 until the extended ...

Continue Reading