Archive for 2014
Posted by jpluimers on 2014/04/13
So you think Heartbleed is over. Think again. Not only servers are affected. Clients too. And you need to tighten your security even more.
Basically it comes down to this:
Expect all sites using HTTPS to have been vulnerable, and all data you exchanged to be captured. Unless you can have hard proof they were not vulnerable, or the traffic was not captured. If you have not started changing passwords, private keys, credit card numbers, etc: do so now.
and
In layman’s terms/pictures: xkcd: Heartbleed Explanation.
If you still don’t get it: anyone with any HTTPS connection to a once vulnerable system could copy data out of that system. There is no guarantee that data did not contain your identity (username, password, public key, credit card check-digits, etc) or server identity (private and public key).
Since often you cannot prove a system was using OpenSSL, there is no way to prove your data didn’t get copied.
Here are some interesting reads from last week: Read the rest of this entry »
Posted in OpenSSL, Power User, Security | Tagged: Heartbleed | 1 Comment »
Posted by jpluimers on 2014/04/13
Whereas Windows 7 was really fast, Windows 8.1 on my ThinkPad W701 is very slow in an erratic way.
Need to check out this:
Windows 8.1 proves to be extremely slow on their computers, with Microsoft yet to address the problem with a workaround or a patch.
According to some posts on Microsoft’s Community forums, this is mostly happening on Lenovo laptops and the fastest way to deal with performance issues is to uninstall the “Intel Dynamic Platform and Thermal Framework” from the device manager.
In addition, you need to access the BIOS menu and in the “Configuration” screen, make sure you disable the DPIF option to turn it off completely until Microsoft comes up with a fully-working fix.
–jeroen
via: How to Fix Windows 8.1 Slow Performance Issues.
Posted in BIOS, Boot, Power User, ThinkPad, W701 | Leave a Comment »
Posted by jpluimers on 2014/04/13
Whereas the OpenSSL heartbleed vulnerability investigations initially were aimed towards servers, over the last few days the client side got more attention.
Ouch. This might count for more than 30% of the Android devices out there: Android 4.1.1 Devices are Vulnerable to Heartbleed.
Time to check which Android version your device is running.
The @Lookout security firm did some statistics and published them on Twitter:
Detector app data: Germany has the most affected phones at 12.46%. Check out our geographical break down: Read the rest of this entry »
Posted in OpenSSL, Power User, Security | 1 Comment »
Posted by jpluimers on 2014/04/13
A while ago, I wrote about getting rsync on ESXi: ESXi 5.1 and rsync – damiendebin.net.
Now I needed [WayBack] 7zip on ESXi to make sure I could test unpack some 7zip archives.
This turned out much easier than I thought, thanks to [WayBack] 7Zip for ESXI | Vladimir Lukianov: Заметки who pointed me to the [WayBack] P7ZIP project. P7ZIP actually created three things:
- p7zip (a POSIX 7zip),
- J7ZIP (a Java port of 7zip)
- java_lzma (the Java port of the [WayBack] 7zip lzma SDK which had the first implementation of [WayBack] lzma).
Here are the full steps to get 7zip on ESXi 5.x:
Read the rest of this entry »
Posted in *nix, *nix-tools, ESXi4, ESXi5, ESXi5.1, ESXi5.5, Linux, Power User, SuSE Linux, VMware, VMware ESXi | Tagged: 7z, 7zip | 3 Comments »
Posted by jpluimers on 2014/04/11
Frequencies of pin numbers. 1234 is most popular, but do not rule out MMDD and DDMM combinations, or YYYY ones.
via: PIN number analysis.
Posted in Uncategorized | Leave a Comment »
Posted by jpluimers on 2014/04/11
Interesting:
ESXi-Customizer is a user-friendly script that automates the process of customizing the ESXi install-ISO with drivers that are not originally included. Unlike other scripts and manuals that are available for this purpose ESXi-Customizer runs entirely on Windows and does not require any knowledge of or access to Linux.
Download latest version | Donate to support
Requirements:
- The script runs on Windows XP or newer (both 32-bit and 64-bit) including the latest version Windows 8.1 and Server 2012 R2.
- For customizing ESXi 4.1 Windows 7 (32-bit or 64-bit) or Windows Server 2008 R2 and administrative privileges are required.
- You need to have a copy of the original VMware install-ISO. It is available at VMware (free registration required to download). The script currently supports ESXi version 4.1, 5.0, 5.1 and 5.5.
- For ESXi 4.1 you need to have a OEM.tgz file with a custom driver.
- For ESXi 5.x you need to have a OEM.tgz, a VIB file or an Offline Bundle ZIP file.
- A good source for ESXi 4.1 and 5.x community drivers is Dave Mishchenko’s vm-help.com site. See the ESXi 4.1 Whitebox HCL and the forums there.
–jeroen
via: VMware Front Experience: ESXi-Customizer.
Posted in ESXi4, ESXi5, ESXi5.1, ESXi5.5, Power User, VMware, VMware ESXi | Leave a Comment »
Posted by jpluimers on 2014/04/11
This Explorer extension is brilliant: Path Copy Copy – Home.
It works in Windows XP and up (including 7, 8 .x, 20xx Server, etc).
The Open Source is done in Visual Studio with C++.
–jeroen
Read the rest of this entry »
Posted in C++, Development, Power User, Software Development, Visual Studio 2010, Visual Studio and tools, Windows, Windows 7, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2014/04/11
In layman’s terms/pictures: xkcd: Heartbleed Explanation.
If you still don’t get it: anyone with any HTTPS connection to a once vulnerable system could copy data out of that system. There is no guarantee that data did not contain your identity (username, password, public key, credit card check-digits, etc) or server identity (private and public key).
Since often you cannot prove a system was using OpenSSL, there is no way to prove your data didn’t get copied.
–jeroen (who just discovered this is post #2000 on my blog; ain’t this cool? <g>)
Read the rest of this entry »
Posted in Internet, OpenSSL, Power User, Security | 8 Comments »
The Wiert Corner - irregular stream of stuff 