Skip to content

Instantly share code, notes, and snippets.

View mtigas's full-sized avatar

Mike Tigas mtigas

507 followers · 36 following
View GitHub Profile
@mtigas
mtigas / 0.md
Last active October 6, 2019 03:46

Moved to http://www.propublica.org/nerds/item/is-the-u.s.-government-behind-torsploit

A new version of this report is located at ProPublica. Includes more detail and a comment from Susan Prosser, Vice President of Industry Relations at DomainTools, about the how the DomainTools "IP Explorer" tool gathers the "C block owner" value.

The new version mostly just adds information, but previous versions of this gist can still be seen at the "Revisions" button to the left. Earlier versions should be considered draft quality.

@mtigas
mtigas / cannonball_core_auth_crypto.py
Last active December 19, 2015 22:08
Simple subclass of Django PBKDF2PasswordHasher (which uses pbkdf2+sha256) that ups `iterations` to 3x the Django default and adjusts digest to use SHA384 (to fit within the 128 char limit in DB).
from django import VERSION
if (VERSION[0] == 1) and (VERSION[1] >= 4):
from django.contrib.auth.hashers import PBKDF2PasswordHasher
import hashlib
class PBKDF2SHA384PasswordHasher(PBKDF2PasswordHasher):
# don't use SHA512: growing the `iterations` too much will likely
# cause name:itr:hash to grow beyond the 128 character limit for
# the `password` field in DB
#
@mtigas
mtigas / 1-ssldump.md
Last active February 13, 2019 21:24
patches for ssldump. see also https://github.com/mtigas/homebrew-ssldump

Patches for ssldump

Patches for [ssldump][ssldump] (the last ssldump-0.9b3.tar.gz version).

You can install a Mac OS X version of ssldump with these patches included, using [Homebrew][brew]. Check https://github.com/mtigas/homebrew-ssldump for instructions.

Patch 2-ssldump-tls12.diff adds information about new TLSv1.2 cipher suites

@mtigas
mtigas / gist:5959014
Last active December 19, 2015 12:59
List of some cybersecurity-related sessions from recent journalism conferences
@mtigas
mtigas / README.md
Created March 28, 2013 15:56
README.md

PROJECT_NAME

@mtigas
mtigas / google_v3_upgrade.md
Last active December 14, 2015 21:49
@mtigas
mtigas / twitter_ebook.py
Last active December 11, 2015 06:48 — forked from argv0/gist:3627514
oh god what have i done
"""
usage: twitter_ebook.py [-h] [--num NUM] archive_dir
Generate some tweets based on the CSV in a Twitter archive download
positional arguments:
archive_dir path your unzipped Twitter archive
optional arguments:
-h, --help show this help message and exit
@mtigas
mtigas / base.html
Created December 21, 2012 21:36
<!doctype html>
<html>
<head>
<title>test</title>
{% block extra_head_tags %}{% endblock %}
</head>
<body>
{% block content %}{% endblock %}
</body>
</html>
@mtigas
mtigas / gist:4323274
Created December 17, 2012 23:04
sudo aptitude remove nginx-light nginx nginx-common nginx-full
sudo apt-get install python-software-properties software-properties-common
sudo add-apt-repository ppa:chris-lea/nginx-devel
sudo aptitude update
sudo apt-get install nginx-light
@mtigas
mtigas / README.md
Last active December 16, 2022 02:12
this is the nginx config for https://mike.tig.as/, with config to avoid the BEAST exploit (by using TLS 1.2+ ciphers or RC4) and enable SSL perfect forward secrecy (by preferring ECDHE ciphers)

[mike.tig.as][mta] server configuration

This gist contains the nginx and tor configurations for the [mike.tig.as][mta] servers, mainly to show:

  • Use of the chris-lea/nginx-devel PPA to allow use of SPDY.
  • ssl_ciphers selection to mitigate BEAST attack, enable [perfect forward secrecy][pfs] if possible and select the strongest possible ciphers within those bounds. (Exception is made for several ciphers at the end of list, for compatibility reasons.)