Search the Site

 

Top
Blog

My Social
Services
Meta
Powered by Squarespace

Entries from December 1, 2008 - December 31, 2008

Tuesday
Dec302008

Cloning and Exchanging MacBook Hard Disk

DateTuesday, December 30, 2008 at 14:03

Recently I bought a new MacBook (late 2008 edition). Since Apple charges the world for options I got the cheapest one available, and decided to upgrade the hard disk and/or memory when I saw the time fit. Well, that time has come.

Today I got a new Western Digital Scorpio Black 7.200rpm 320GB (WD3200BJKT) for €85.00 to replace the default 160GB 5400 rpm drive.Even though the risk is minimal, there's always the risk of screwing things up. So ...

CONTINUE AT YOUR OWN RISK!!!

Click to read more ...

AuthorWillem | CommentPost a Comment |
tagged , , , , , in , , , ,
Monday
Dec292008

Broken SSL Trust

DateMonday, December 29, 2008 at 14:44

Webtrust WebTrust broken?When a CA issues a SSL certificate they (the registration authority) should verify certain information provided by the requester. This includes at least the domain name ownership and preferably the person or company tied to the domain name ownership. Basic stuff really, but what happens when certificates get issued without any verification? Well, this happened to Mozilla [2].

Basically the complete trust framework collapses (for that CA). Especially combined with hosts file and/or DNS hijacking. What if this incident isn't the first? What if some cybercrook got some SSL certs due to similar mistakes of your favorite bank? You're no longer sure if the https connection of your bank really terminates on the servers of your bank. They could just as easily terminate on a server in Russia or Albania. Which leaves you with an empty bank account (most likely).

If the certificate is issued (signed) by a Comodo Root CA (as it was in this case), your browser accepts this as a valid/trusted CA and for the user everything seems fine. This takes me back to the issue of all those trusted root certification authorities in the average OS or browser.
This time, it's a Comodo affiliate that's screwed up (there's no other way of describing this), but what are the chances that some of those trusted 100+ CA's make a mistake? The bigger the list, the bigger the chance of wrongfully issues (SSL) certificates.

By the way, if you're using an older browser (pre IE6 e.g.), chances are that SSL certificate revocation checking is disabled by default. So even when the revoke they certificate you still wouldn't know.... You can verifiy this by opening the Internet Explorer options section and checking the Advanced tab.

AuthorWillem | CommentPost a Comment |
in , , ,
Monday
Dec222008

X-Mas Snail Mail Spam

DateMonday, December 22, 2008 at 22:27

Even in real life (IRL) I get spam. X-mas cards from people I don't know (and don't want to know), and to make it even more real; even the recipients address (mine) is wrong (most of the time)....

This could mean three things;

  1. The Internet is adapting to the real life
  2. People sending X-mas cards are just plain stupid....
  3. The mailman is drunk

Anyway, I treat it the same as the Internet spam.... Straight to /dev/null (a.k.a. the trashcan). Because I can't be bothered playing a mailman. It's not really a (sexual) fantasy of mine.

So, if you're missing out on some x-mas cards..... ;-)

AuthorWillem | CommentPost a Comment |
in ,
Thursday
Dec182008

SSH Connection to Juniper Devices

DateThursday, December 18, 2008 at 19:09

While in the mids of my Juniper exam preparation I ran into a problem with my Apple equipment. Managing the Juniper firewall (SSG5 in this case) with SSH was not possible from OSX. The connection itself would work, but after entering the password the connection was closed by the remote host (the firewall).
Trying this from a Windows laptop (with SecureCRT) everything worked as expected.

Some searching revealed that this is an OpenSSH bug. To manage your Juniper with SSH from OSX you need to add a parameter to the ssh command (or edit the SSH config file).

Parameter to add:

-o ControlMaster=auto
e.g. ssh willem@127.0.0.1 -o ControlMaster=auto

Or add the following line to the global SSH config (/etc/ssh_config) or the user config (~/.ssh/config).

ControlMaster auto

Juniper has a knowledgebase article (KB12409) on the issue.

AuthorWillem | CommentPost a Comment |
tagged , , in , , , , ,
Wednesday
Dec172008

New MacBook Impressions

DateWednesday, December 17, 2008 at 17:03

The new aluminum MacBook arrived this week. This time no Pro verion but the cheaper (and smaller) MacBook. Initial impressions are good... really good.

The only drawbacks are directly related to the fact that I was too cheap to buy the more expensive version. The keyboard color is white letters on black keys (this was black letter on 'silver' or white keys). This makes it harder to read them in low light conditions. So not having the backlit keyboard is a bit annoying.

Also, the lack of an USB port on the right-side of the MacBook is annoying. The cable of my mighty mouse is too short to get from the left-side USB port to the right-side where I use it.

MacBook for Lefties MacBook for LeftiesBest (free) configuration option is the US keyboard. Finally a 'normal' keyboard on the MacBooks.

AuthorWillem | CommentPost a Comment | Reference1 Reference |
tagged in , ,
Tuesday
Dec162008

Lightroom 2.2 Released

DateTuesday, December 16, 2008 at 15:48

Adobe just released Adobe Lightroom 2.2 with Panasonic Lumix LX3 support.
Finally, I'm able to import my Lumix LX3 photos directly into lightroom :)

Click to read more ...

AuthorWillem | CommentPost a Comment |
tagged , , , , in
Thursday
Dec112008

Uninstall SafeSign on OSX

DateThursday, December 11, 2008 at 20:39

While the installation of the SafeSign software is relatively easy, the removal of the software is a bit harder. The installation package lacks an automated removal feature. So removing the driver/application must be done by hand.

The removal of the software (both the SafeSign as well as the TokenLounge software) can be reconstructed by analyzing the original packages/installation scripts.

WARNING: Before you continue, you need to realize that this uninstall procedure is without ANY warranties. So make a backup BEFORE proceding.

Click to read more ...

AuthorWillem | Comment5 Comments |
tagged , , in , , ,
Wednesday
Dec102008

SafeSign and OSX

DateWednesday, December 10, 2008 at 20:27

Updated on Thursday, April 22, 2010 at 22:07 by Registered CommenterWillem

After my blog post on OSX and Aladdin eToken I received a phonecall from Haaino @ AET Europe. He offered the SafeSign software for OSX so I could try their OSX software as well.

The SafeSign software is used with smartcards and smartcard readers like the OmniKey smartcard readers. Through my line of work, no lack of smartcards and/or readers. Only the software was missing (up till now).

Click to read more ...

AuthorWillem | Comment15 Comments |
tagged , , , , , , , in , ,
Thursday
Dec042008

OSX and Aladdin eToken

DateThursday, December 4, 2008 at 22:00

Due to the nature of my work, and my fondness of Apple products I wasn't able to get my Aladdin eTokens working with OSX. After several months of not trying to crack this I decided to try it again.
The trigger for me was stumbling on the possibility of adding so-called keyfiles to the eToken for accessing TrueCrypt volumes.

First challenge was the eToken PKI software for OSX... Thankfully I'm a Certified eToken guru, so I've got access to their download area (you will have to get your own software). The current version of the eToken software for OSX is v4.55. I installed the Aladdin software on OSX 10.5.5.

Click to read more ...

AuthorWillem | Comment6 Comments | Reference1 Reference |
tagged , , , , in , ,