Archive for 'Security'

Rustock.A and Advances in Rootkits

Forget DRM, it’s gonna be scarier things like the new generation of rootkits that are going to drive me off of Windows at home.

Strongspace - Secure File Storage and Sharing

Having several gigs of data that my wife and I would really be sad to lose (mostly baby photos), I’d been thinking about off-site backups for quite some time.

However, until recently, I’d only set up local redundancy. I set up a SuSE Linux server in my house, and made redundant copies of important files, so that if my main machine failed me in some way, I would still have the copies on the other machine. This is a decent solution for files of medium importance, but not for very important data that would be disasterous to lose in say, a fire or some other major accident.

This weekend I signed up for an account at Strongspace, created by the fine folks at TextDrive. They provide a nice, clean web interface to backup for files with. You can also create unlimited accounts to have read-only access to all the files you have backed up. This makes for a nice way to us to securily share photos online with family.

However, for those a little more technically inclined, you can set up rsync over SFTP, and keep your Strongspace account in sync with multiple directories on your local network. This is very conveniant, as rsync will automate the adding, updating, and deleting of any set of files/directories you tell it to. Once you initially populate it with your data, the next time you sync, you will only upload what changed. You don’t have to re-upload everything again.

I am very happy with Strongspace so far, and my wife and I feel much better knowing we have secure, off-site backups of our daughter’s photos and other files that our important to us.

Only one complaint so far: Setting up rsync on Windows was a little difficult. For instance, I know that my wife couldn’t do it, let alone my mother. I would love to see Strongspace include a GUI rsync application as part of their services. This would enhance their value and customer satisfaction multiple times over.

How to create a free SSL certificate from CAcert.org

Having an SSL certificate on your domain for encrypted traffic may be very attractive, but like me, you may get turned off at spending around $400 for personal use. CAcert.org to the rescue! They are making SSL certificates available for free. Awesome! Now I can use a valid SSL certificate for traffic on this domain. Read on for tips on how to do this yourself..
One caveat to this process, is that CAcert is currently not ‘known’ to browsers. This means you will get a warning from the browser stating it doesn’t know the signer of the SSL certificate. You can either always accept this warning, or you can tell your browser who CAcert is by installing their own certificate. To do this, go to CAcert’s Root Certificate page, and click the appropriate link for your browser. The link for IE is obvious, but for Firefox I chose the PEM format. Firefox then presented me with a helpful prompt that completed the install. After that, no more warnings! (Note: for this exact reason alone, I currently would not recommend using CAcert for commercial business, as you could make your potential customers nervous with the warning.) With that taken care of, let’s move on..

While not a complete step-by-step walkthrough, this is essentially how I created a signed SSL certificate for collicott.net from CAcert.org.

Requirements

• A host with openssl installed.
• A registered account with CAcert.org
• Access to your web server’s config to reference/install the SSL certificate

Creating an SSL certificate

1. First, I logged into my host, and created a key for the hostname I wanted to use SSL on. This key will subsequently be used to create a certificate request we will send to CAcert. Obviously, in these examples, replace out collicott.net with your hostname.
   

   $ openssl genrsa -out www.collicott.net.key 1024

   Important: Ideally, you should keep this file in a location where others cannot access it.

2. After the key is created, we want to use it to create a certificate request file to submit to CAcert. Perform this action on the *.key file (on a single line):
   

   $ openssl req -new -key www.collicott.net.key -out www.collicott.net.csr

   When you create this certificate request file, you will be asked for information for your domain. Some of this information is optional, but make sure you enter the hostname you want in the “Common Name” field (for example, www.collicott.net).

3. Now that we have the *.csr file, we need to submit it to CAcert. Log in to your CAcert account, then go to “Server Certificates”, then click “New”. At the bottom of the page, paste in the contents of the *.csr file. CAcert will then sign and create an SSL certificate for you.

Once the certificate has been sent from CAcert, we need to install it on our web server. Since there are many types of servers, and your hosting company may provide its own interface on installing an SSL certificate, I won’t go into how to do that. Our host is currently running Apache 1.3, and it was pretty easy to modify the config in about 2 places, and then restart the server. You can find information on a couple servers here:

• Apache 2.0
• IIS 5.0
• IIS 4.0

The information in this post is essentially a hybrid of my experience, and the following two support pages. If you want further information, you might start with them:

• HOWTO cacert.org SSL certificates
• CAcert: How do I generate a private key and CSR using OpenSSL?

Now might be time to re-think your online resume

Recently, I had begun to think about wrapping some low-tech security around my resume, just to keep out passive candidate robots and the like. After reading this article however, I’m thinking about just taking it offline:

SecurityFocus: Privacy watchdog warns job seekers to beware

Online fraudsters are increasingly taking advantage of vulnerable job seekers by using online résumés to steal their identity, a privacy expert warned this week.

“I think we have about a year and a half,” she said. “Then people will start looking at this whole online job search as a really risky affair.”

I honestly don’t pay much attention to e-mail inquiries, as they are usually offering something like 4-month contracts in some place far, far away. Yeah, like I really want to give up my full-time employment status for four months and then have to move again. So, I don’t think the risk of having my resume posted publicly online is outweighed by much benefit. I mostly have it up for historical purposes anyway, so I’ll probably take it down soon..

How to reset the master password in Firefox

I’ve noticed a couple people coming to this site searching for help on resetting their master password in Mozilla Firefox, so I found help on this and am posting it here in case you happen to be one of those people.

Master password - MozillaZine Knowledge Base

If you have lost or forgotten your Master Password or you want to disable the feature, reset your master password. Note that, upon resetting, you will lose all the stored information in the Passwords Manager as this is a built-in security feature to prevent people otherwise resetting your master password and gaining access to your passwords.

• For Firefox: go to “chrome://pippki/content/pref-masterpass.xul” (see Chrome URLs) and click on “Reset Password”.
• For Thunderbird: “Tools -> Options (Edit -> Preferences on Linux) -> Advanced -> Saved Passwords -> Master Password -> Reset Password”.
• For Mozilla Suite: “Edit -> Preferences -> Privacy & Security -> Master Passwords -> Reset Password”.

Microsoft AntiSpyware to be free of charge

Bill Gates has pledged that the Microsoft AntiSpyware software, with technology aquired from Giant Software, will be made free to all licensed Windows users.

“Just as spyware is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge,” Gates said.

This is good news, and keeps MS from appearing to have a conflict of interest (in not fixing security holes), but I’m guessing the specifity of the word “licensed” means another layer of OS validation (re: “genuine Microsoft Windows”). This isn’t a huge deal if you’re legal (like I am), but it could be annoying given the troubles they’ve had in the past with XP activation.

You’ll need a firewall for your refrigerator.

The kitchen has long been considered a breeding ground for germs, but you probably don’t expect your toaster to infect your cell phone.

Oh great.

Verse of the Day

Through him then let us continually offer up a sacrifice of praise to God, that is, the fruit of lips that acknowledge his name. (Hebrews 13:15, ESV) (Listen)

Recent Posts

• No more phone numbers?
• Convert PHP Eclipse projects into PDT projects
• Compound conditions and regex in SharePoint Designer workflows
• Microsoft WorldWide Telescope Launched
• Free Photoshop Book from SitePoint

Categories

• Current Events (46)
• Entertainment (59)
• General (50)
• Security (17)
• SharePoint (1)
• Web Dev/Tech (126)

Tags

Apple blogs book browsers eclipse Firefox fix google ie iTunes linux microsoft MS Office mtb photos photoshop Photoshop Elements php regex RSS Safari Security SharePoint Silverlight software ssl Thunderbird training video Vista webpart wireless workflow

Recent Comments

• Adam B on Compress your Photoshop Elements Catalog
• ModemMan on Thunderbird Stuck in Endless Upgrade
• Dad on No more phone numbers?
• caffeinelover on Thunderbird Stuck in Endless Upgrade
• ditfos on Thunderbird Stuck in Endless Upgrade

Ma.gnolia Bookmarks

• LOLCATS.COM - Funny Lolcat Pictures
• GParted -- Gnome Partition Editor
• Vista-like Ajax Calendar version 2
• 40 Professional Icon Sets For Free Download | Smashing Magazine
• Fiddler HTTP Debugger - A free web debugging tool
• Microsoft: SharePoint Developer Introduction for .NET Developers
• WE WERE ONE by Patrick K. O'Donnell
• Lolcats ‘n’ Funny Pictures of Cats - I Can Has Cheezburger?
• Converting existing eclipse projects into PDT projects - globalways Developer Blog
• SharePoint MVP blogs - Aggregated feeds (English)

meta

• RSS
• Comments RSS