TagGovTLS

Gov-TLS-Audit got a brand new domain today. No longer is it sharing a crummy domain with sayakenahack (which is still blocked in Malaysia!), it now has a place to call it’s own. The domain cost me a whooping $18.00/yr on AWS, and involved a couple hours of registration and migration. So I felt that while migrating domains, I might as well implement proper security headers as well. Security...

Couple months back I started GovTLSAudit. A simple service that would scan  .gov.my domains, and report on their implementation of TLS. But the service seems to have benefits above and beyond that, specifically around having a list of a government sites that we can use to cross-check against other intel sources like Shodan (which we already do daily) and VirusTotal. So here’s 3 times...