Chinese Ghostnet

Posted on March 31, 2009, under Current Events, Web Dev/Tech.

1

Everyone in normal IT is focused on Conficker right now, but the news on a Chinese Ghostnet is pretty fascinating:

…is controlled by computers almost exclusively located in China and has infected 1295 computer in 103 countries in the last two years…

They report that, not only can the espionage software monitor email and documents on infected computers, it can also control a PC remotely, switching on any cameras or microphones attached to it, to carry out surveillance of its surroundings.

Creepy.

Watch out for increased Internet crime

Posted on January 15, 2009, under Current Events, Security.

0

I caught an interesting quote from the bottom of a Symantec news article:

Explaining why Symantec continues to invest heavily despite the recession, Bregman said that during economic downturns Internet crime rises, creating opportunities for security companies.

Probably time to re-think through how you are securing your company and personal data, and watching out for cons.

Apple pushes insecure web browser on computers

Posted on March 31, 2008, under Current Events, Security, Web Dev/Tech.

0

Apple pushes Safari on Windows via iTunes updater (posted 3/21)

Apple has started offering Windows users its Safari 3.1 Web browser through the same online updater it utilizes for iTunes and the QuickTime video player.

Not just offering, but pushing. As in you must manually un-check the install or ignore it, or Safari will be installed the next time you run the updater to bring your iTunes up to the next release.

MacBook Air hacked in security contest (posted 3/27)

A team of security researchers has won $10,000 for hacking a MacBook Air in two minutes using an undisclosed Safari vulnerability.

Bad decision, Apple. I don’t want that accidentally pushed out on my machines, or any of the family members I help support.

If you want to prevent this from happening on your machine when you run the Apple updater, make sure the Safari option is checked, and then in the top menu, select “Tools > Ignore selected updates”.

How to create a free SSL certificate from CAcert.org

Posted on June 3, 2005, under Security, Web Dev/Tech.

0

Having an SSL certificate on your domain for encrypted traffic may be very attractive, but like me, you may get turned off at spending around $400 for personal use. CAcert.org to the rescue! They are making SSL certificates available for free. Awesome! Now I can use a valid SSL certificate for traffic on this domain. Read on for tips on how to do this yourself..
One caveat to this process, is that CAcert is currently not ‘known’ to browsers. This means you will get a warning from the browser stating it doesn’t know the signer of the SSL certificate. You can either always accept this warning, or you can tell your browser who CAcert is by installing their own certificate. To do this, go to CAcert’s Root Certificate page, and click the appropriate link for your browser. The link for IE is obvious, but for Firefox I chose the PEM format. Firefox then presented me with a helpful prompt that completed the install. After that, no more warnings! (Note: for this exact reason alone, I currently would not recommend using CAcert for commercial business, as you could make your potential customers nervous with the warning.) With that taken care of, let’s move on..

While not a complete step-by-step walkthrough, this is essentially how I created a signed SSL certificate for collicott.net from CAcert.org.

Requirements

  • A host with openssl installed.
  • A registered account with CAcert.org
  • Access to your web server’s config to reference/install the SSL certificate

Creating an SSL certificate

  1. First, I logged into my host, and created a key for the hostname I wanted to use SSL on. This key will subsequently be used to create a certificate request we will send to CAcert. Obviously, in these examples, replace out collicott.net with your hostname.
    $ openssl genrsa -out www.collicott.net.key 1024

    Important: Ideally, you should keep this file in a location where others cannot access it.

  2. After the key is created, we want to use it to create a certificate request file to submit to CAcert. Perform this action on the *.key file (on a single line):
    $ openssl req -new -key www.collicott.net.key -out www.collicott.net.csr

    When you create this certificate request file, you will be asked for information for your domain. Some of this information is optional, but make sure you enter the hostname you want in the “Common Name” field (for example, www.collicott.net).

  3. Now that we have the *.csr file, we need to submit it to CAcert. Log in to your CAcert account, then go to “Server Certificates”, then click “New”. At the bottom of the page, paste in the contents of the *.csr file. CAcert will then sign and create an SSL certificate for you.

Once the certificate has been sent from CAcert, we need to install it on our web server. Since there are many types of servers, and your hosting company may provide its own interface on installing an SSL certificate, I won’t go into how to do that. Our host is currently running Apache 1.3, and it was pretty easy to modify the config in about 2 places, and then restart the server. You can find information on a couple servers here:

The information in this post is essentially a hybrid of my experience, and the following two support pages. If you want further information, you might start with them: