Yesterday, Scott Arciszewski from ParagonIE published The 2018 Guide to Building Secure PHP Software. If you develop for (or attack) the web in any language, this is an excellent reference that addresses a number of common web application pitfalls.

In the section devoted to security headers, I saw a reference to one that's flown under my radar until now: Expect-CT. Scott Helme has a nice write-up of Expect-CT, and I went off to read the specification for myself. As it happens, the HTTP Working Group just posted an updated draft today, but the changes aren't substantive.

The executive summary of Expect-CT is that Chrome can no...

When downloading and compiling software, it's always a good idea to verify the integrity of the source files you obtain. Package handlers like yum and apt handle this automatically, but it must be done manually when you download software yourself.

ISC, the publisher of the BIND DNS server, provides cryptographic signatures with each release. If you have gpg installed, you can use the signature to validate your downloaded BIND tarball. ISC's download URLs follow a consistent naming pattern; simply change the version number in the URLs below to match the version you need.

Download the BIND source

[root@host /home/files]# wget https://ftp.isc.org/isc/bind9/9.11.5-P4/bind-9.11.5-P4.tar.gz
  `bind-9.11.5-P4.tar.gz' saved [8819038/8819038]

Download the associated signature file

[root@host /home/files]# wget https://ftp.isc.org/isc/bind9/9.11.5-P4/bind-9.11.5-P4.tar.gz.sha256.asc
  `bind-9.11.5-P4.tar.gz.sha256.asc' saved ...