Category: Security
The Dirty Little Secret About SSL Certificates
The dirty little secret about SSL certificates is that:
The tools to become a certificate authority, and therefore to publish your own SSL certificates, is included in a wide variety of systems – chances are if you have an Ubuntu or CentOS install you already have the capability of becoming an SSL certificate authority via OpenSSL.
Firesheep Should Be A Call To Arms For System, Network & Web Admins
Firesheep by Eric Butler has just been released to the world. This Firefox plugin does a few things that have already been fairly easy to do for a while, but rolled up in one easy to use package:
- Sniffs data on unencrypted Wireless Networks
- Looks for unencrypted login cookies sent to known popular insecure sites
- Allows you to login to that account with ‘One Click’
So what sites are impacted by default? Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, and Yelp are among the few. A plugin system allows anyone to add their own sites (and cookie styles) to the plugin.
Yikes! It goes without saying that this is a major security problem for anyone who uses unencrypted wireless networks. Includes on this list are many universities and companies such as Starbucks.
Google Adds Two-Factor Authentication To Google Apps (For Real, This Time)
I’m not trying to say I had anything to do with Google adding two-factor authentication to Google Apps. I’m really not. But on September 9th, MakeUseOf published an article named How To Secure Your Google Apps Account with Two Factor Authentication. In this article, I wrote: All of this brings up the question: why doesn’t [...]
Linux Command Line, Generating a Random File
It is very easy to create a random file using the linux command line. Much like the command to fill a file with all zeros, for example a 1 Meg file: dd if=/dev/zero of=zero.filename bs=1024 count=1000 You do the same using /dev/urandom: dd if=/dev/urandom of=random.filename bs=1024 count=1000 Resulting in a 1MB file: 1000+0 records in [...]
A Poor Man’s VPN: Proxy Web Connection to Remote Server (via SSH and Tunnel)
Did you ever have a situation where you needed to access a website that had an IP restriction in place? I recently had a situation where I needed to access the web via my university connection (due to IP restrictions placed on accessing databases of research papers). They do not have a VPN setup so [...]
Remote Desktop from Windows XP to Windows Server 2008 or Windows Vista
The Remote Desktop connection settings for Windows Server 2008, and I believe Windows Vista, includes 3 levels of service: Don’t allow connections to this computer Allow connections from computers running any version of Remote Desktop (less secure) Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) At first blush, you [...]
4 Steps to Authenticate Ubuntu Logins with Active Directory
It is possible to install Active Directory authentication in Ubuntu 8.04 and later. The Likewise Open packages accomplish this task, and it is actually pretty easy. Just a note – when installing Ubuntu, do not add a user named “administrator” as I did. This makes it impossible to join the Ubuntu workstation to the domain [...]
Some Rights Reserved 2012
