Electricmonk

Ferry Boender

Programmer, DevOpper, Open Source enthusiast.

Blog

Category: security

A short security review of Bitwarden

Bitwarden is an open source online password manager: The easiest and safest way for individuals, teams, and business organizations to store, share, and sync sensitive data. Bitwarden offers both a cloud hosted and on-premise version. Some notes on the scope of this blog post and disclaimers: I only looked at the cloud hosted version. This […]

Lurch: a unixy launcher and auto-typer

I cobbled together a unixy command / application launcher and auto-typer. I've dubbed it Lurch. Features: Fuzzy filtering as-you-type. Execute commands. Open new browser tabs. Auto-type into currently focussed window Auto-type TOTP / rfc6238 / two-factor / Google Authenticator codes. Unixy and composable. Reads entries from stdin. You can use and combine these features to […]

Umatrix makes the web usable again

As happens with all media, once corporations join in because there is money to be made, things quickly devolve into a flaming heap of shit. The internet is no exception to this rule. With the coming of Javascript and DHTML in the late 90's, ads soon started appearing on the web. Not long after, pop-ups […]

Root your Docker host in 10 seconds for fun and profit

Disclaimer: There is no actual profit. That was just one of those clickbaity things everybody seems to like so much these days. Also, it's not really fun. Alright, on with the show! A common practice is to add users that need to run Docker containers on your host to the docker group. For example, an […]

Criticize grsecurity? Get sued.

Thinking about using the grsecurity linux kernel hardening patches? Better check with your legal team. Not only are they likely violating the GPLv2 with their patch-set, but if you point out that, in your opinion, they are violating the GPLv2, they'll sue you. And not only you, but anybody that is even remotely involved in […]

Two-factor authentication via SMS is worse than no two-factor authentication at all

Another case of online theft whereby the attacker takes over a victim's phone and performs an account reset through SMS has just hit the web. This is the sixth case I've read about, but undoubtedly there are many many more. In this case, the victim only lost $200. In other cases, victims have lost thousands […]

HTTP Error 429 on Reddit

Getting HTTP error 429 when trying to call Reddit APIs or .json endpoints? Try changing your User Agent header to something else. Reddit bans based on user agent.

cfgtrack: A simpel tool that tracks and reports diffs in files between invocations.

Sometimes other people change configurations on machines that I help administer. Unfortunately, I wouldn't know when they changed something or what they changed. There are many tools available to track configuration changes, but most are way overpowered. As a result they require too much time to set up and configure properly. All I want is […]

Exploring UPnP with Python

UPnP stands for Universal Plug and Play. It's a standard for discovering and interacting with services offered by various devices on a network. Common examples include: Discovering, listing and streaming media from media servers Controlling home network routers: e.g. automatic configuration of port forwarding to an internal device such as your Playstation or XBox. In this […]

Openvas v8 on Ubuntu 14.04: Login failed. OMP service is down

Recently I suddently couldn't log into Openvas v8 running on Ubuntu 14.04 anymore. Nothing had changed about the machine (as far as I knew), but I got the following message when trying to log in with any account: Login failed. OMP service is down The logs (/var/log/openvas/openvasmd.log) showed the following message: lib serv:WARNING:2016-01-19 15h52.12 utc:21760: […]

The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.