Despite Heartbleed bug: certification revocation refused (Updated)

Note: [04/14/14] Today I was contacted by GlobalSign representative Gregory who stumbled over this blog post, and he was so kind to revoke the affected certs free of charge. He also added, in response to my summary below, that there is an option in the Chrome settings to enable revocation checking, and that beginning April 1, 2015, GlobalSign will restrict the maximum validity of then-issued certs to 39 months.

So the Heartbleed bug (CVE-2014-0160) is out, and every administrator using SSL to protect his infrastructure has been wondering the same thing: should I absolutely, positively, without a doubt, replace all certificates and associates keys?

The only reasonable answer is: yes – if you used certificates on a vulnerable machine. Even those in disbelief were quickly proven wrong.

The first thing I did was to patch all impacted OpenSSL instances and restart the services that depend on the OpenSSL library (that includes not only HTTP but also MTA and IMAP, among others). That was the easy part.

What followed was a major pain with my certificate authority and one of its partners.


Continue reading

A list of helpful JavaScript resources (free)

Recently I’ve been refreshing my rudimentary JavaScript skills. Listening to a Mr. Crockford makes me all humble and sentimental. Did you know that he was somewhat involved in the development of Maniac Mansion – mainly in porting the Lucasfilm Games SCUMM engine for Nintendo?

Anyhow, here is my list of free online JavaScript resources that I’ve found extremely helpful. Not all of them are necessary for beginners, but I am sure the list contains something for everyone.

Continue reading

Reconnect VPN upon resume from sleep (Windows)

Windows doesn’t automatically reconnect VPN connections when you resume from standby mode. Sometimes this can be annoying – for instance when you are using someone else’s Internet and want to make sure that your connection is always secured through the VPN. To fix this, I created a task that automatically connects to a predefined VPN whenever you resume Windows.

Continue reading

120+ Live Webcams not requiring Flash

It’s raining outside. It has been cold and gloomy in the last couple days. Since I cannot afford going to a sunny, remote beach right now, the best I can do is load one of the below webcams and watch ocean waves crash onto the sand. Pathetic I know.

The following live streams are from the Earthcam Network. They are pretty well known, and there are quite a few other blogs listing at least some of these streams. With one big difference: All the lists I’ve seen link to them using the Real Time Messaging Protocol (RTMP) protocol. The biggest drawback is that RTMP only works in Flash. But who wants to do Flash these days? Fortunately, Earthcam streams are powered by the Wowza Media Server, which includes support for other protocols as well. So after some food for thought I was able to find the following links which all point to the AVC/H.264 streams using standard HTTP. This means they should be compatible with a wide range of popular video players (I am using MPlayer).

Continue reading

strongSwan 5: How to create your own private VPN

Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.

This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.

Continue reading