Category Archives: Security

Rolling your own certificates in Windows

Forget what I said a few weeks ago about creating your own certificates, at least for testing secure web services. You can do this from within Windows server; this KB article gives all the details.

There’s heaps more detail hidden away in this Word document… which probably would have come up in my Googling if MS would just put this information on a web page somewhere instead of as a Download.

Don’t have a Windows Server? Grab a trial download of one, and chuck it on one of those free Virtual Servers!

Common Passwords

A UK mob has collected Top 10 Most Common Passwords; soccer teams rate highly. German passwords are just as lame, with the f-word, hello and digits strings starting with 1234 rating very highly, as does treasure and, for some odd reason, Daniel (care to explain, mister?).

Dictionary based searching works – if you aren’t going through something that monitors that sort of thing. Ophcrack will break into a Windows system, by running through very large dictionaries, some of which are available only by purchase.

Perhaps to read the advice on Choosing a Pretty Good Password. Myself, most of my passwords are highly insecure. But that’s only because they’re on systems I don’t give a tinker’s cuss about. The ones I do are pretty tight.

Does anyone out there use multiple, changing, strong passwords? If so, how do you keep them straight? If not, why are you toying with your security like that?

Name and address, please.

Those of us in AU who used to frequent Tandy Electronics might recall that they always asked for a name and address — ostensibly for customer service, but in practice to send you catalogues. I had a CompSci teacher in year 12 who refused to provide it; he found it ridiculous to do be asked, especially when buying something like a single resistor.

Raymond Chen writes about this happening at the affiliated Radio Shack stores in the USA, and tells a funny story refusing to give his name.

Does Installing SSH Enable More Exploits Than it Solves?

I dunno, but John TrÃ¤nkenschuh thinks Installing SSH Enable More Exploits Than it Solves. I don’t see what the alternative is ‘tho.

Stop Ian Frazer turning your daughter into a Wanton Slut

Ian Frazer (born January 6th, 1953) is an Australian immunologist, best known for his work on the development of a cervical cancer vaccine, which works by protecting women from Human papillomavirus (HPV). In January 2006 he was named Australian of the Year. — Source:Wikipedia

Now, this is a vacine, not a cure. It will only protect you if you get vacinated prior to exposure. HPV is a STD transferred regardless of condom use. It is also transferred mother-to-child in the birth canal.

In another example of misogynistic intervention, the Christian Right in the USA is opposing mandatory vaccination against the Human papillomavirus vaccine. I can imagine economists wanting to block it (at USD$300-$500 per patient), but they’d have no leg to stand on (USA: 4K deaths/pa @$1m each =$4b; that buys you 8m-12m vacinations per annum, which is more than the number of people you’d be looking to vacinate – figures go higher if you count number of non-fatal cancer cases, lower if you lower the value of the affected lives). The administration in the US is leaning towards the Christian Right’s views.

Katha Pollitt thinks that blocking this vaccine is the stupidist thing imaginable:

Raise your hand if you think that what is keeping girls virgins now is the threat of getting cervical cancer when they are 60 from a disease they’ve probably never heard of.

She rants like someone who cares. Cares a lot. Read her article.

“Sailorman” says that by not mandating this vaccine, the US government isn’t being rational:

I am a parent. And I confess that even though I KNOW the statistics, saying “sex” and relating it to “your 10 year old daughter” gives me the heebie-jeebies. But you bet your ass I’d have her in there for the shot.

He then goes on to give a detailed logical analysis that leads to the same conclusion as Katha Pollitt’s “Raise your hand” opinion.

CSL (an Aussie company) have been trying to make this vaccine fly:

CSL is working with Merck and Co. Inc (USA) to develop a vaccine to prevent cervical cancer and genital warts. The vaccine is based on proprietary virus-like particle (VLP) technology developed at the University of Queensland. This technology produces virus-shaped particles which mimic the real virus to produce a safe and effective immune response. The vaccine has four VLP components covering the HPV types 16, 18, 6 and 11. Following smaller scale clinical trials, the vaccine is now in advanced trials aimed at demonstrating its safety and effectiveness in tens of thousands of subjects.

I wonder what the Australian government’s position on this is? What would you guess? After all, Ian Frazer was named Australian of the Year.

Update: In 2007 the vaccine was listed in Australia for teenage females, and from February 2013 all 12 and 13 year olds are immunised.

Protecting yourself against the BitTorrent bandits!

Yet again the internet works around corruption. With the anti-P2P crowd attempting to poison the BitTorrent well, here’s today’s workaround to Wasted BitTorrent data.

Basically, it’s a list of IPs known to host fake/posion BitTorrent peers that can be loaded into ÂµTorrent.

Human to human transfer of Birdflu seen in Indonesia

Human to human transfer of Birdflu has been seen in Indonesia. Six of the seven infected people have died. The infection chain from the index case is three people long.

That which was a matter of time may actually be upon us.

So, what’s your H5N1 survival strategy?

Get to a Live Operator

Some Americans hate IVR systems. Oh, that’s Interactive voice response.

Electronic Road Signs : so easy to hack

Some guy reprogrammed Electronic Road Signs that were annoying him. Signs were removed.

On a related note, Wikipedia has an article on Street Sign Theft. Is everything encyclopedic?

Dev SSL certificates

If you’re just mucking about with IIS, you don’t really want to pay a CA to get a legit certificate, do you?

No, of course you don’t. Fortunately these guys have a freebie certificate generator. Mucho handy.

Just don’t even think about using it in production code.

Oh, and don’t get the page to email you the certificate to a mailbox you can only look at via Outlook. Outlook’s dumbarse “protecting you from shadows” attachment filter won’t let you at the CER certificate file that comes through.

Starfire Optical Range Eyeball

Check it out! The US military is trying to blow stuff up with lasers – project starfire, I think it’s called. They’re trying to use atmospheric distortion to focus a wide laser onto a teeny-tiny satellite. Of all the stupid ideas… oh well, at least all they’re doing is spending buckets of money.

Wireless Skate Speedometer – a solution looking for a problem?

Finally, a Wireless Skate Speedometer, so now you can know how fast you’re skating. As an added bonus, it’s water resistant at up to 30ft/10m, for when you accidentally skate into a swimming pool.

You have to turn it on and off, because the batteries will only last 300hrs. I can’t imagine that would be hard to do, given where the wheel is – on the bottom of your shoe. And heaven help you if you forget, two weeks later your speedo will be knackered.

Of course, the wheels and bearings wear out, but they thought of that. Just buy your wheels and bearings from them! An electronics company! They’ll also sell you a battery kit, I guess because it uses special batteries or something. Or perhaps because they know you’re going to forget to turn the darn thing off.

They’ve got a big write-up on their site about how pushbikes have the wheel in contact with the ground all the time, but skates don’t, so their computer has to do all sorts of tricks to figure out the right answer. Perhaps hooking up a GPS might have been a better idea?

And of course, you have to consider the privacy implications or wireless transmission of personal data like your velocity…