The dirty little secret about SSL certificates is that:
The tools to become a certificate authority, and therefore to publish your own SSL certificates, is included in a wide variety of systems – chances are if you have an Ubuntu or CentOS install you already have the capability of becoming an SSL certificate authority via OpenSSL.
Categories: Security
Tagged: certificate-authority, SSL
Firesheep by Eric Butler has just been released to the world. This Firefox plugin does a few things that have already been fairly easy to do for a while, but rolled up in one easy to use package:
So what sites are impacted by default? Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, and Yelp are among the few. A plugin system allows anyone to add their own sites (and cookie styles) to the plugin.
Yikes! It goes without saying that this is a major security problem for anyone who uses unencrypted wireless networks. Includes on this list are many universities and companies such as Starbucks.
Categories: Security,System Administration
I’m not trying to say I had anything to do with Google adding two-factor authentication to Google Apps. I’m really not. But on September 9th, MakeUseOf published an article named How To Secure Your Google Apps Account with Two Factor Authentication. In this article, I wrote: All of this brings up the question: why doesn’t Google enable a direct way to use two factor authentication with their Gmail, Calendar and other services? Many folks such as myself use Google services for all too many things in their lives, and that login is potentially the most important one of their online life. I would suggest that Google gets onto the security boat and enables this as an option for everyday folks. Today, 11 days later, Google released their own Two-Factor authentication scheme for Google Apps account (Premier, Education and Government). An example of accurate prognostication? Or just dumb luck? Either way,….
Categories: Google,Security,Software
Tagged: authentication, Google, Security
It is very easy to create a random file using the linux command line. Much like the command to fill a file with all zeros, for example a 1 Meg file: dd if=/dev/zero of=zero.filename bs=1024 count=1000 You do the same using /dev/urandom: dd if=/dev/urandom of=random.filename bs=1024 count=1000 Resulting in a 1MB file: 1000+0 records in 1000+0 records out 1024000 bytes (1.0 MB) copied, 0.0294247 s, 34.8 MB/s This is transferring random data from the virtual device urandom to the output file. We use /dev/urandom instead of /dev/random because the /dev/random source generates random data very slowly. urandom is much faster at this but remains very random, if not quite a random as /dev/random. This should work with any system with dd and /dev/urandom.
Categories: Code Samples,Linux,Security,Shell
Tagged: command line, Linux, tips
Did you ever have a situation where you needed to access a website that had an IP restriction in place? I recently had a situation where I needed to access the web via my university connection (due to IP restrictions placed on accessing databases of research papers). They do not have a VPN setup so it is hard to do this off-campus. I do however have access to a linux machine on campus. I am familiar with port forwarding using SSH but I had never used it to actually tunnel web traffic using a web browser on Windows. Turns out it is surprisingly easy! The ssh command to use is: 1ssh -C2qTnN -D 8080 username@remote_host This command sshes to the remote_host, and creates a tunnel on your localhost, port 8080. Note that you need to have private key authentication already set up for this host – it will not work….
Categories: CentOS,Linux,Security,Software,System Administration,Ubuntu
The Remote Desktop connection settings for Windows Server 2008, and I believe Windows Vista, includes 3 levels of service: Don’t allow connections to this computer Allow connections from computers running any version of Remote Desktop (less secure) Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure) At first blush, you would probably choose the “more secure” option. Practically, this mainly means that it only allows connections from the latest Remote Desktop software in Windows Vista. It is probably another attempt by Microsoft to force consumers and businesses into upgrading to Windows Vista. But… I digress. When connecting with an older Terminal Services (TS) client in XP or even Vista, you will get this message: “Remote computer requires Network Level Authentication, which your computer doesn’t support” Not all is lost. There are two ways around this. The first and most obvious solution is to select the….
Categories: Configurations,Security,System Administration,Windows
Tagged: credssp, network level authentication, nla, remote desktop, Security
It is possible to install Active Directory authentication in Ubuntu 8.04 and later. The Likewise Open packages accomplish this task, and it is actually pretty easy. Just a note – when installing Ubuntu, do not add a user named “administrator” as I did. This makes it impossible to join the Ubuntu workstation to the domain using the “administrator” active directory user – but you can use a different Domain Administrator username and password. The steps to follow: sudo apt-get install likewise-open sudo domainjoin-cli join fdqn.yourdomainserver Administrator sudo update-rc.d likewise-open defaults sudo /etc/init.d/likewise-open start As a side note – you should also consider adding the following code to make it so that users do not have to login with DOMAIN\username on the ubuntu login screen. You can do this by changing /etc/samba/lwiauthd.conf and adding this line: 1winbind use default domain = yes Also, another helpful tidbit of information is getting your….
Categories: Linux,Security,System Administration,Ubuntu,Windows
Tagged: active directory, likewise, login, lwidentity, Ubuntu
