Since last night the Crypto-Live Tools (cltools) are linked on the web site.
http://www.crypto-live.org/
Update March 24, 09: Unfortunately I cannot find a hosting provider which allows me to use openssl commands via PHP exec(). If you can help please send me a note at info at crypto dashlive dor org. I appriciate your help.
Monday, October 20, 2008
Wednesday, August 27, 2008
Personal online backup with Mozy
Here is something what I wanna share. I am using Mozy Home, from Mozy Inc, a EMC company, to backup my local files to a online system. It was quite simple to install and to configure. Every connection is encrypted, the server certificate is checked and you will see an error if something is wrong with the server's certificate, and all your stuff is encrypted on Mozy with a personal key.
After installation there are two processes running on your machine (WinXP), mozybackup.exe and mozystat.exe, each of them are consuming approx. 7 MB of RAM, so not bad at all.
Mozy client is available for most Windows versions and also Mac OSX.
Check it out
https://mozy.com/?ref=BGQ9M0
For professionals and companies there is also an Mozy Pro version which supports Server OS, Exchange, SQL server etc.
After installation there are two processes running on your machine (WinXP), mozybackup.exe and mozystat.exe, each of them are consuming approx. 7 MB of RAM, so not bad at all.
Mozy client is available for most Windows versions and also Mac OSX.
Check it out
https://mozy.com/?ref=BGQ9M0
For professionals and companies there is also an Mozy Pro version which supports Server OS, Exchange, SQL server etc.
Thursday, May 29, 2008
Subject Name with Microsoft CA 2003
Today I had a challenge to find out how I can request a certificate from a Windows 2003 Server CA with a "free-style" subject name. MS CA is supporting and enforcing those attributes, enabled by default are EMail, CommonName, OrganizationalUnit, Organization, Locality,State, DomainComponent and Country. Optional you can allow Title, GivenName, Initials, Surname, StreetAddress, UnstructuredName, UnstructuredAddress and DeviceSerialNumber.
First I was wasting time to find a way how to extend that list, later I got an tipp that I can disbale the checking. to do so run Certutil –setreg ca\crlflags +CRLF_REBUILD_MODIFIED_SUBJECT_ONLY (see also http://support.microsoft.com/kb/928016).
Now every subject name is accepted. :-)
First I was wasting time to find a way how to extend that list, later I got an tipp that I can disbale the checking. to do so run Certutil –setreg ca\crlflags +CRLF_REBUILD_MODIFIED_SUBJECT_ONLY (see also http://support.microsoft.com/kb/928016).
Now every subject name is accepted. :-)
Saturday, May 24, 2008
Is SSL secure? in addition
SSL is only secure as long your cryptographic toolset is secure. Actual you can find a big hole in Debian based systems (e.g. Debian, Ubuntu). It is not only a problem for SSL, also for SSH or OpenVPN. On SSH and OpenVPN you have that issue not only on the server, it is a client problem! My recommendation is to revoke all keys from which are created between September 2006 and May 2008. There are a few test programs on the Internet, I will get you more detail information if available. Please checkout also the Debian Wiki at http://wiki.debian.org/SSLkeys .
This is realy a bad thing for OpenSource community.
This is realy a bad thing for OpenSource community.
Subscribe to:
Posts (Atom)