This is a preview version of Cyotek's blog and may be missing functionality and/or unstable. Please visit for the current version of the blog.
If you encounter any problems using this preview site, please contact us with the details.

Posts tagged with 'security'

Adjusting the Jenkins Content Security Policy

security jenkins content-security-policy csp 0 Comments

One of the security features of Jenkins is to send Content Security Policy (CSP) headers which describes how certain resources can behave. The default policy blocks pretty much everything - no JavaScript, inline CSS, or even CSS from external websites. This can cause problems with content added to Jenkins via build processes, typically using the HTML Publisher Plugin.

While turning this policy off completely is not recommended it can be beneficial to adjust the policy to be less restrictive, allowing the user of external reports without compromising security.

Read More

StartSSL code signing certificates are crippled

security code signing authenticode 0 Comments

TL;DR: StartSSL code signing certificates are crippled and your binaries no longer trusted once they have expired, even if they have been counter signed.

Two years ago I purchase a code signing certificate from StartSSL which was extremely smooth - I originally documented the process in a blog post.

Read More

Creating a code signing certificate with StartSSL

security code signing authenticode 8 Comments

Edit 02Jan2017: Even if you wanted to ignore the revelations of dubious practices of StartSSL and with them now being owned by WoSign, there is another matter to consider - StartSSL authenticode certificates don't support lifetime signing. Meaning, when your certificate has expired, your signed binaries are no longer trusted, negating the point of signing them in the first place. For this reason, I don't recommend using StartSSL any further.

The process of obtaining a code signing certificate from StartSSL differs significantly from the process I originally went through with Comodo. This blog post serves to document how I did it for StartSSL, both as a reference for myself and for anyone else! Personally I find this approach easier than fiddling around exporting certificates from a browser, and it gives you a lot more control.

Read More