(Fabio Alessandro Locati|Fale)'s blog
June 5, 2017
Lately I have been programming quite a bit and - for the first time - I have used Golang doing so. Go is a very nice language and really helped me with the development. One of the reasons why I have enjoyed this much Go is the standard library, which is amazing. I would like to share today the easiness of creating a basic Certificate Authority and signed certificates in Go.
Read More 
May 12, 2016 - Amsterdam, NL
Read More 
April 13, 2016
Yesterday, Let’s Encrypt moved from beta to GA. During the beta phase, which started last September, more than 1.7 million certificates were issued.
I think this is a crucial step for the project and overall for the Internet as well. Until now, the only way to obtain a valid TLS certificate was to pay a CA. This artificial constraint made no sense since the CAs were forcing users to buy an insurance policy that made no sense (and often, it was completely worthless).
Read More 
Published on July 28, 2015
Authored by Fabio Alessandro Locati
Published by Packt Publishing Limited
OpenStack is a system that controls large pools of computing and networking resources, along with cloud storage, allowing its users to provision resources through a user-friendly interface. OpenStack helps developers with features such as rolling upgrades, federated identity, and software reliability.
You will begin with basic security policies, such as MAC, MLS, and MCS, and explore the structure of OpenStack and virtual networks with Neutron. Next, you will configure secure communications on the OpenStack API with HTTP connections. You will also learn how to set OpenStack Keystone and OpenStack Horizon and gain a deeper understanding of the similarities/differences between OpenStack Cinder and OpenStack Swift.
Read More Buy it on Packt Buy it on Amazon 
May 20, 2015
Today it was published a new kind of downgrade attack against TLS: logjam. The attack relies on the fact that for Diffie-Hellman key exchanges, a prime is necessary. Many applications use a pre-generated prime to speed up the Diffie-Hellman process. Using a pre-generated prime is not a security issue by itself, but it can become one if coupled with a server that accepts very short Diffie-Hellman keys such as the 512 bits ones (the maximum allowed for DHE_EXPORT).
Read More 
April 2, 2014
I usually don’t start with this, but lately I had some time constraints that made me wondering if is right to use so much time reading books. The Wireshark Field Guide Analyzing and Troubleshooting Network Traffic by Robert J. Shimonski is only 149 pages long (if we cut the introduction, indexes, etc. it boils down to 128 pages). This is a really short book and I have really appreciated this fact. Wireshark is a very useful and powerful tool, but many people do not need to know everything about it. If you need to know everything about wireshark, the best option is to download the source and read it, but this is not the case for 99.99% of the people interested in Wireshark.
Read More 
October 16, 2013
A month after the CompTIA Linux+, I decided to do the CompTIA Security+.
As for the Linux+, the Security+ uses on a multiple-choice test. In this case, I think this kind of exam is a perfect fit since it’s essential that the candidate has and can demonstrate a solid understanding of the theory behind security.
Overall I liked the exam, and I would suggest it to anyone interested in starting a journey in security or wants (or needs) to have a certification that certifies a base knowledge around security.
Read More 
May 7, 2013
The anonymity on the web is probably one of the most debated topics on the web. Is possible to be completely anonymous? The short answer is no. This book tries to help the read to improve its anonymity, staying is the “real world”, as the “Practical” world in the title suggests. In this book you will not find anything that is too complex for an average user.
Whether this is good or bad, depends on you expectations. I’ve took this book the first time with really high expectations and I was really disappointed. When I took it for the second time, with different expectations, I did found the book pretty good.
Read More 
April 30, 2013
After few months after the review of CompTIA Security+ Rapid Review, I’m now here to speak about it’s bigger brother: the Training kit.
With its 569 pages, this book is more than twice the length of the Rapid Review one. Even if someone can think that they did a better summary in the Rapid Review one, I have to say that this is not the case for these two books. While the Rapid Review allows you to pass the exam if you already know the certification contents and you only need to evaluate your level and to refresh some contents, the Training Kit will teach you the certification contents.
Read More 
April 16, 2013
Mike Shema speaks about a lot of different kind of attacks in his book in a real deep way, at the point that sometimes I wondered if he was planning to instruct people how to hack websites or only how to secure own websites. The book has often some code samples that allow a faster understanding of what the author is saying. Even if a coding knowledge is not required, the ability to understand HTML, JS, SQL, PHP, Python and C++ speeds up the reading.
Read More