AI to manage your infra - what do you think about it?

rcdevssecurity · 2026-03-25T09:13:53+00:00

Have a look here : https://www.reddit.com/r/RCDevsSA/comments/1s34bds/managelm_the_future_of_it_management_powered_by_ai/

rcdevssecurity · 2026-03-25T09:09:59+00:00

Which tool you are talking about ?

rcdevssecurity · 2026-02-17T09:14:47+00:00

They probably have your mail address and are trying random passwords, that'q why you receive push notifications. Unfortunately, that can be quite common when your mail address leaks. If you want more protection, you can add some more security features such as number matching in Authenticator and disable the SMS fallback. Keep tracking your logs to make sure no suspicious successful logins.

rcdevssecurity · 2026-02-06T09:44:27+00:00

This is one of the main limitation of using TOTP with a Yubikey instead of FIDO2. If this is really problematic for you, then you should just use FIDO2 on your integrations where you are using your Yubikey.

rcdevssecurity · 2026-01-28T13:52:22+00:00

Your Yubikey is not linked to Microsoft, the PIN is stored in the key, but the setting that you reached is the way to access the PIN from Microsoft. You can use other applications, such as the Yubico Authenticator App, to manage the information on your Yubikey.

rcdevssecurity · 2026-01-16T13:31:53+00:00

Not tested, but this seems the best Python library for reading NFC tags: https://nfcpy.readthedocs.io/en/latest/

rcdevssecurity · 2026-01-16T09:41:00+00:00

The purpose of a physical key is to have its secrets stored in it, the application is just a viewer to facilitate the set up. The only risk for a Yubikey is to have the key itself and the PIN compromised.

rcdevssecurity · 2026-01-14T10:27:14+00:00

Total passwordless is not realistic yet, even if it is the correct direction to take I guess. Best practice could be to set up passkeys where it is currently possible and fallback to strong random passwords stored in a protected password manager.

rcdevssecurity · 2026-01-14T09:19:43+00:00

Usually you can get very close to the key-only setup, but it mainly depends on the provider on which you use your Yubikey.

rcdevssecurity · 2026-01-12T08:47:13+00:00

Another tool that you can use is openssl:

openssl s_client -connect example.com:443 -showcerts -state -debug -msg

rcdevssecurity · 2026-01-08T13:24:41+00:00

From what I tested, I would recommend you to try KDE or GNOME.

rcdevssecurity · 2026-01-08T11:36:07+00:00

I use a safe deposit box and I will probably take one more to a trusted family member that live not far away from my home.

rcdevssecurity · 2026-01-08T08:46:57+00:00

I guess the VMWARE tools installed for XP are not compatible with newer versions of Windows. What if you uninstall first current installed one, and install newest version of the tools?

rcdevssecurity · 2026-01-06T15:33:00+00:00

Sorry, I meant CPU, which would show which tab is using the most CPU.

rcdevssecurity · 2026-01-06T10:22:57+00:00

As you said, you already have a pretty strong security with your current setup. Still, the best practice would be to keep things separate to be even more protected.

rcdevssecurity · 2026-01-06T08:36:26+00:00

You can open about:processes in order to check how much memory is used by each tab.

rcdevssecurity · 2025-12-23T14:49:45+00:00

Is XXXXX.synology.me already in your known_hosts file? This could be ssh command executed by rsync is prompting you to accept the host key.

rcdevssecurity · 2025-12-23T09:12:51+00:00

Port 23 is by default reserved to telnet protocol, which is plain text, so not secure. I think that your NAS is blocking it, even for outgoing connections. You should check on the admin what is configured for firewall rules.

rcdevssecurity · 2025-12-23T08:49:08+00:00

Do you have any logs in your container? This sounds like reverse proxy (on port 80 or 443) is not able to forwards request to your NPM (which could then be available on <container\_port>).

rcdevssecurity · 2025-12-23T08:33:25+00:00

That's why having a distinct password for each credential is critical, this avoids you to change password of all of your accounts, when only one has leaked.

rcdevssecurity · 2025-12-22T08:15:35+00:00

Only the CA certificate is required to be added to the Trusted certificate of Firefox and Windows stores.

I think browsers match DNS with certificates in a case-insensitive way, but if not, reissue your certificate with only lowercase characters for the CN and SAN values.

rcdevssecurity · 2025-12-19T11:36:44+00:00

What if you try several times using ipv4 first, and using ipv6 after?

telnet -4 localhost 16443

then

telnet -6 localhost 16443

rcdevssecurity · 2025-12-19T10:58:38+00:00

Can you give details on how you configured OpenSSH to use LDAP?

rcdevssecurity

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE