Posted by jpluimers on 2015/02/21
I didn’t even know there was a “PC Decrapifier”, but it exists: “PC Decrapifier” – Google Search.
Anyway: never use OEM Windows installs ever.
Would the Dutch Microsoft Store offer the same service?
–jeroen
via: Machines Plus Minds: Regarding Lenovo preinstalling SSL-breaking MITM on their machines.
Posted in Power User, Security, Windows | Leave a Comment »
Posted by jpluimers on 2015/02/20
The quickest way to get Win64 and Win32 binary builds of the youngest OpenSSL, you should get them from Shining Light Productions – Win32 OpenSSL.
Despite the link name, you can get the Win64 binaries from there too..
Besides binaries, they also have the source to build them from, and any other redistributable you’d need.
They run on virtually any Windows version, though I only used them on NT based Windows versions of XP/2003 and younger.
Two notes:
–jeroen
via: Shining Light Productions – Win32 OpenSSL.
Posted in OpenSSL, Power User, Security, Windows, Windows 7, Windows 8, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP | 1 Comment »
Posted by jpluimers on 2015/02/18
Mac OS X has md5, but no md5sum.
I agree with Mac OS X: Replicating md5sum Output Format that the second way of emulating md5 is better than the first one.
So here it is:
| #!/bin/bash | |
| /sbin/md5 -r "$@" |
–jeroen
via: Mac OS X: Replicating md5sum Output Format – Raam Dev
Posted in Apple, bash, Development, Hashing, Mac, Mac OS X / OS X / MacOS, Mac OS X 10.4 Tiger, Mac OS X 10.5 Leopard, Mac OS X 10.6 Snow Leopard, Mac OS X 10.7 Lion, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, md5, OS X 10.8 Mountain Lion, Power User, Scripting, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2015/02/16
Wow, finally a TrueCrypt successor. And it is open source too!
VeraCrypt is the successor of the venerable TrueCrypt file encryption software, which was abandoned by its developers a while ago. VeryCrypt is compatible with TrueCrypt containers, and is open-source. (TrueCrypt was not). The resulting product fixes all known vulnerabilities that TrueCrypt had, and strengthened the security.
Read more about changes from TrueCrypt at https://veracrypt.codeplex.com/discussions/569777#PostContent_1313325
Veracrypt is now at these locations:
https://sourceforge.net/projects/veracrypt/
https://github.com/veracrypt/VeraCrypt
–jeroen
Posted in Encryption, Power User, Security | Leave a Comment »
Posted by jpluimers on 2015/02/03
Really interesting. Need to implement this when it gets public. djm’s personal weblog: Key rotation in OpenSSH 6.8+.
Watching https://github.com/openssh/openssh-portable …
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2014/12/08
I just added a FIDO U2F Security Key | Yubico as a FIDO second factor to my Google Account: Add a Security Key to your Google Account – Accounts Help.
The cool thing: if you don’t have your FIDO U2F key with you, you can fall back to Google two step verification mechanisms like Authenticator, SMS/Phone or pre-generated backup security codes.
–jeroen
Posted in Chrome, Google, Google Apps, GoogleAuthenticator, Power User, Security, U2F FIDO Security Keys | 4 Comments »
Posted by jpluimers on 2014/11/24
Posted in Google, Power User, Security | Leave a Comment »
Posted by jpluimers on 2014/11/07
Great! And it is open source at https://github.com/google/nogotofail:
The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet.
There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.
–jeroen
via Google Online Security Blog: Introducing nogotofail—a network traffic security testing tool.
Posted in *nix, Android Devices, Chrome, Google, iOS, Mac OS X / OS X / MacOS, OpenSSL, Power User, Security, Windows | Leave a Comment »
Posted by jpluimers on 2014/09/29
Funny to discover these two articles today:
–jeroen
Posted in https, Power User, Security | Leave a Comment »
Posted by jpluimers on 2014/08/22
openssl s_client -connect localhost:443
I don’t have a Linux machine here, but this might work too:
gnutls www.somesite
And note that when using telnet, the hostnames must match:
$ openssl s_client -connect XXX.XX.XX.XXX:443
... connection information will be displayed …
GET / HTTP/1.1
host: XXX.XX.XX.XXXor
$ openssl s_client -connect www.example.com:443
... connection information will be displayed …
GET / HTTP/1.1
host: www.example.comDon’t MIX
Now I need to research how it works with a proxy… simulate a “connect http/1.1 443” proxy – Google Search.
–jeroen
via:
Posted in OpenSSL, Power User, Security, Windows, Windows-Http-Proxy | Leave a Comment »
The Wiert Corner - irregular stream of stuff 