First Steps in Python

To get my feet wet in Python, I started yesterday to solve some smaller programming challenges. I’ve created a new Github repo here and uploaded some of my Python scripts.

The language Python is often used in infosec, so I want to extend my knowledge there. After the first small tests I can tell, that the language seems at first a little bit unfamiliar. I have primarily programmed in C, C++ or Java. There you have classes or at least a main() method. Python just executes the statements in the script. So you can build a working program very fast. And the code is very small. For example, if I want the user to input a value, which I need to compute further, I need three lines in Java. The declaration of the variable, the console output and then the input reader. In Python it’s just one line:

I can’t wait to go further and explore more of the language. And while doing these small coding challenges in Python I can also train some thinking about algorithms again. 🙂

HTTPS? Not available here…

HTTPS is great. Your connection to a website is encrypted so an attacker or just an observer of the connection is not able to read the traffic. Fantastic! However, HTTPS requires a certificate that confirms you’re on the correct site and not on a fake website, used for phishing etc. There are several certificate authorities (CA) out there which can issue a certificate, but most of them require a payment. No money, no certificate.

Then Let’s Encrypt showed up. A project and an automated tool to create certificates for HTTPS connections. And even better: It’s free! Last weekend I wanted to enable HTTPS connection on my blog. I’ve also managed to create a valid certificate. Unfortunately, I was not able to configure it in my webadmin interface provided by my web hoster.

The online documentation had nothing about HTTPS as well, so I opened ticket, requesting more information about how to configure HTTPS in this environment. The answer is more than disappointing: It’s simply not possible and furthermore they do not support Let’s Encrypt in any way, but of course I can buy an extra package for encryption and then my provider will manage to set-up everything. Isn’t it nice?

No, it’s not! I wanted to use a free and widely supported service, that should be a basic procedure nowadays.
Hello! It’s 2017! Have you ever heard of Edward Snowden, the NSA and mass surveillance? Wake up!
And no, I do NOT want to buy your f***** certificate. I’m really thinking about switching my provider asap.