REDELIJKHEID
Recently I bought a new MacBook (late 2008 edition). Since Apple charges the world for options I got the cheapest one available, and decided to upgrade the hard disk and/or memory when I saw the time fit. Well, that time has come.
Today I got a new Western Digital Scorpio Black 7.200rpm 320GB (WD3200BJKT) for €85.00 to replace the default 160GB 5400 rpm drive.Even though the risk is minimal, there's always the risk of screwing things up. So ...
WebTrust broken?When a CA issues a SSL certificate they (the registration authority) should verify certain information provided by the requester. This includes at least the domain name ownership and preferably the person or company tied to the domain name ownership. Basic stuff really, but what happens when certificates get issued without any verification? Well, this happened to Mozilla [2].
Basically the complete trust framework collapses (for that CA). Especially combined with hosts file and/or DNS hijacking. What if this incident isn't the first? What if some cybercrook got some SSL certs due to similar mistakes of your favorite bank? You're no longer sure if the https connection of your bank really terminates on the servers of your bank. They could just as easily terminate on a server in Russia or Albania. Which leaves you with an empty bank account (most likely).
If the certificate is issued (signed) by a Comodo Root CA (as it was in this case), your browser accepts this as a valid/trusted CA and for the user everything seems fine. This takes me back to the issue of all those trusted root certification authorities in the average OS or browser.
This time, it's a Comodo affiliate that's screwed up (there's no other way of describing this), but what are the chances that some of those trusted 100+ CA's make a mistake? The bigger the list, the bigger the chance of wrongfully issues (SSL) certificates.
By the way, if you're using an older browser (pre IE6 e.g.), chances are that SSL certificate revocation checking is disabled by default. So even when the revoke they certificate you still wouldn't know.... You can verifiy this by opening the Internet Explorer options section and checking the Advanced tab.
Even in real life (IRL) I get spam. X-mas cards from people I don't know (and don't want to know), and to make it even more real; even the recipients address (mine) is wrong (most of the time)....
This could mean three things;
Anyway, I treat it the same as the Internet spam.... Straight to /dev/null (a.k.a. the trashcan). Because I can't be bothered playing a mailman. It's not really a (sexual) fantasy of mine.
So, if you're missing out on some x-mas cards..... ;-)
While in the mids of my Juniper exam preparation I ran into a problem with my Apple equipment. Managing the Juniper firewall (SSG5 in this case) with SSH was not possible from OSX. The connection itself would work, but after entering the password the connection was closed by the remote host (the firewall).
Trying this from a Windows laptop (with SecureCRT) everything worked as expected.
Some searching revealed that this is an OpenSSH bug. To manage your Juniper with SSH from OSX you need to add a parameter to the ssh command (or edit the SSH config file).
Parameter to add:
-o ControlMaster=auto
e.g. ssh willem@127.0.0.1 -o ControlMaster=auto
Or add the following line to the global SSH config (/etc/ssh_config) or the user config (~/.ssh/config).
ControlMaster auto
Juniper has a knowledgebase article (KB12409) on the issue.
The new aluminum MacBook arrived this week. This time no Pro verion but the cheaper (and smaller) MacBook. Initial impressions are good... really good.
The only drawbacks are directly related to the fact that I was too cheap to buy the more expensive version. The keyboard color is white letters on black keys (this was black letter on 'silver' or white keys). This makes it harder to read them in low light conditions. So not having the backlit keyboard is a bit annoying.
Also, the lack of an USB port on the right-side of the MacBook is annoying. The cable of my mighty mouse is too short to get from the left-side USB port to the right-side where I use it.
MacBook for LeftiesBest (free) configuration option is the US keyboard. Finally a 'normal' keyboard on the MacBooks.
While the installation of the SafeSign software is relatively easy, the removal of the software is a bit harder. The installation package lacks an automated removal feature. So removing the driver/application must be done by hand.
The removal of the software (both the SafeSign as well as the TokenLounge software) can be reconstructed by analyzing the original packages/installation scripts.
WARNING: Before you continue, you need to realize that this uninstall procedure is without ANY warranties. So make a backup BEFORE proceding.
After my blog post on OSX and Aladdin eToken I received a phonecall from Haaino @ AET Europe. He offered the SafeSign software for OSX so I could try their OSX software as well.
The SafeSign software is used with smartcards and smartcard readers like the OmniKey smartcard readers. Through my line of work, no lack of smartcards and/or readers. Only the software was missing (up till now).
Due to the nature of my work, and my fondness of Apple products I wasn't able to get my Aladdin eTokens working with OSX. After several months of not trying to crack this I decided to try it again.
The trigger for me was stumbling on the possibility of adding so-called keyfiles to the eToken for accessing TrueCrypt volumes.
First challenge was the eToken PKI software for OSX... Thankfully I'm a Certified eToken guru, so I've got access to their download area (you will have to get your own software). The current version of the eToken software for OSX is v4.55. I installed the Aladdin software on OSX 10.5.5.
Adobe released an update for Adobe Camera RAW. The update adds RAW support in Photoshop for the following camera's;
The Camera RAW update dosn't include the RAW capabilities for Lightroom. The upcoming Lightroom v2.2 update (scheduled for December 2009) will incorporate the RAW capabilities for these camera's.