Posted by jpluimers on 2015/01/05
Interesting:
Kristian Köhntopp: Und wieder fällt ein MITM Angriff auf SSL durch Google Certificate Pinning auf…
Gogo Inflight Internet is intentionally issuing fake SSL certificates – Neowin
SSL certificates exist to increase security and prevent snooping on your browsing sessions. Gogo believes you shouldn’t have that and appears to be intentionally performing MITM attacks on its users.
[…]
Kristian Köhntopp +Steffen Storbeck Du kannst Preloading machen, http://blog.stalkr.net/2011/08/hsts-preloading-public-key-pinning-and.html erklärt ein wenig wie das geht.
[…]
Dominik Mähl In diesem Kontext vielleicht interessant: Chrome ignoriert Certificate Pinning, wenn das Serverzertifikat von einer CA unterzeichnet ist, die im lokalen Trust-Store des PCs installiert wurde. So versteht man dann auch, wieso trotz Certificate Pinning Unternehmens-MITM-Appliances noch funktionieren können.
–jeroen
via: Und wieder fällt ein MITM Angriff auf SSL durch Google Certificate Pinning auf….
Posted in Chrome, Google, Power User | Leave a Comment »
Posted by jpluimers on 2014/12/08
I just added a FIDO U2F Security Key | Yubico as a FIDO second factor to my Google Account: Add a Security Key to your Google Account – Accounts Help.
The cool thing: if you don’t have your FIDO U2F key with you, you can fall back to Google two step verification mechanisms like Authenticator, SMS/Phone or pre-generated backup security codes.
–jeroen
Posted in Chrome, Google, Google Apps, GoogleAuthenticator, Power User, Security, U2F FIDO Security Keys | 4 Comments »
Posted by jpluimers on 2014/11/28
Cool, I just found out that Wikipedia has a Screenshot topic, listing how to take screenshots (and often shots of the current window) on many platforms, where (*) means I verified them:
- Apple Mac OS X
(*) Use “⌘ Cmd+⇧ Shift+3” for the screen or “⌘ Cmd+⇧ Shift+4” for a part of the screen (as of Mac OS X Tiger, you can press the “Spacebar” to capture a Window in stead of part of the screen). You can press “Ctrl” with these shortcuts to the shot goes to the clipboard, otherwise it gets saved as a PNG file.
- Microsoft Windows
(*) Use “Prt Sc” for the screen or “Alt+Prt Sc” for the Window
(note that on my laptop and multi-media keyboards, you need to type the “Fn” key in order to press the “Prt Sc”)
- Microsoft Windows Phone
Press the “Sleep/Wake” button and the Startbutton at the same time.
- Apple iOS
(*) Press the “Home” and “Lock” button at the same time.
- Google Android
Hold the “Volume down” button, then press the “Sleep/Wake” button.
(*) Or press the “Sleep/Wake” and the “Home” button at the same time.
- HP WebOS
Press the “Orange/Gray Key+Sym+P” at the same time.
Or press “Home Key+Power” at the same time.
- X Window System
Varies with the installed tooling
- Maemo 5
Press “Ctrl+⇧ Shift+P” at the same time.
- Google Chrome OS
Press “Ctrl+F5” to capture the screen or press “Ctrl+⇧ Shift+F5” to capture a portion of the screen.
–jeroen
via: Screenshot – Wikipedia, the free encyclopedia.
Posted in Android Devices, Apple, Chrome, Google, HTC, HTC Sensation, Keyboards and Keyboard Shortcuts, Mac, Mac OS X / OS X / MacOS, Mac OS X 10.4 Tiger, Mac OS X 10.5 Leopard, Mac OS X 10.6 Snow Leopard, Mac OS X 10.7 Lion, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, Nexus 4, OS X 10.8 Mountain Lion, Power User, Uncategorized, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2014/11/07
Great! And it is open source at https://github.com/google/nogotofail:
The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet.
There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.
–jeroen
via Google Online Security Blog: Introducing nogotofail—a network traffic security testing tool.
Posted in *nix, Android Devices, Chrome, Google, iOS, Mac OS X / OS X / MacOS, OpenSSL, Power User, Security, Windows | Leave a Comment »
Posted by jpluimers on 2014/10/27
Though the Google NCR trick can be used to prevent the Google.com search site from redirecting to a localized one, you need a few extra steps for switching back Google Chrome when it has configured itself to a Google country domain you don’t understand.
Before you follow the steps below, be sure to configure Chrome to remember where it left off: “Continue where I left off” so it remembers which tabs were open.
Steps for switching back to Google.com in Chrome: Read the rest of this entry »
Posted in Chrome, Google, Power User | Leave a Comment »
Posted by jpluimers on 2014/06/23
Every once in a while, a site goes haywire on you and you need to delete one or more of their cookies to fix it.
There are multiple solutions to this, but I like the one below best because it only shows you the cookies involved with the site you are currently visiting:
On
- Windows, press Ctrl+Shift-i.
- OS X, press ⌥-⌘-i (which is option-command-i).
- *nix, press Ctrl+Shift-j
Alternatively, open the Developer Tools pane from the Tools menu.
Open the Resources pane, and delete the cookies you want to delete.
Thanks akira!
–jeroen
via: Delete specific cookies from Google Chrome? – Super User.
Posted in Chrome, Google, Power User | Leave a Comment »
The Wiert Corner - irregular stream of stuff 