By default, WordPress allows an unauthenticated user to view the list of the registered users with the help of the REST API. But, for example, to view the list of the users in the Dashboard, the user needs to have `list_users` capability (that is, be an Administrator). While the REST API does not expose sensitive information (such as emails) to unauthenticated users, it may be desirable to restrict `users` endpoint form unauthenticated users.
We live in a world where data is an incredibly valuable currency, and you are always at risk of loss. Because of this, you must do everything you can to ensure what you hold on your desktops and servers is safe. If you are looking to lock down your Linux servers and desktops as tight as possible, you should consider to make use of two-factor authentication. This article explains how to configure two factor authentication using pam_u2f.
A Facebook user asked how to forbid write access to an external USB drive, allowing only for read-only access. This article explains how to do that with the help of udev.
During an intrusion, an intruder leaves signs of his actions in various system logs. Without reliable logs, it could be very difficult to figure out how the attacker got in, or where the attack came from. This information is crucial in analyzing the incident. It is evident that the logs are a valuable audit trail that should be well protected.
Of course, when an intruder gets in to the system, they will try to remove all traces. So, how can we stop an intruder from removing evidence?
BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security exploit against HTTPS when using HTTP compression. This article shows several ways to deal with BREACH using Length Hiding technique with nginx’s builtin modules.
When using Cloudflare to hide IP address of the origin server (for example, to protect against DoS attacks), it is important to configure ACLs to allow connections to the origin server only from Cloudflare IPs. However, the list of Cloudflare IP ranges is not static, it changes over time. This post describes how to import this list into nginx automatically.
Sometimes it can be useful to get notified when someone logs into the system via SSH. This article shows several possible solutions how to configure those notifications.