SSL Blacklist is a nice addon for Firefox that has the ability to detect MD5 signed certificates and block access. If you don’t know what’s the problem with MD5 signed certificates then enjoy reading this.

I’ve stumbled on a new Google App, Google Sites. The Google Sites engine is the old JotSpot enhanced with the “Google Experience”. If you need to set up a site quickly with a wysiwyg editor then Google Sites might be a good tool for this …

A recent upgrade of Hotmail prevented me from sending new mails with Firefox 3 on Ubuntu. I could hit “reply” but it was impossible to edit the body of the e-mail. The editor just remained disabled.

The solution to this is fairly simple. Open Firefox, type in “about:config” in the addressbar and look for the setting “general.useragent.vendor“. On my Ubuntu machine this was set to “Ubuntu”. If you change this to “Firefox”, quit Firefox and restart it then you should be able to compose new e-mails in Hotmail.

On the other hand you might also consider using a reliable free mail provider.

A couple of people mailed me a couple of times saying that when they run ddclient in daemon mode their hostnames sometimes get blocked because of abuse (to frequent update requests). I run an update script from cron every time, the script is rather straightforward but might prove useful for some.

As incident handlers we always need to look out for sources that report possible malicious activity coming (or going to) our networks. We run a couple of honeypots and have a netflow monitor that alerts us when something is out of the ordinary. Extra sources however are always an extra bonus.

Recently I came across ATLAS from Arbor Networks.

They have an excellent service where you can easily sign up and if they approve your account you get access to alerts from their honeypots. According to their website they cover a large part of the Internet. There’s of course some commercial mumbo jumbo but at first their service seems to be very useful. A feed (RSS) allows you to get instant updates with a short description with the type of incident -scan, phish, …-, a timeframe and a link to their site with additional information.

I’ve been using courier-imap for a couple of years now. I prefer to install courier-imap on OpenBSD as it is very stable, secure, fast and low maintenance.

Unfortunately, hardware failures however can’t be solved by OpenBSD. In the last two weeks I had two clients that had a broken hard drive in their mailserver. Because these environments were relatively small they choose to use a ‘regular’ desktop instead of a decent server with RAID. Setting up a new machine and reconfiguring it takes a couple of hours. In the mean while their employees don’t have access to their e-mail.

An easy and quick ‘access’ is to restore your backuped maildirs to a shared folder. Then use Evolution (yes, they are running Linux on their desktops) to access the maildirs. In Evolution you can add a server type ‘Maildir-format mail directories’. By using this you can access your mail just like as it was sitting on a central mailserver. It’s not ideal because ‘Sent mails’ for example can end up in the wrong place … but it is a quick fix.

I got the error

when I wanted to read the information from my e-id.

This was because both open openct and pcscd were running. Stopping openct and restarting pcscd solved this. Depending on your hardware you can only use one of these two daemons, if they are both running then you won’t have any luck reading the card.

This worked for my type of reader

Joined action against the excessive surveillance by governments and businesses

11-Oct-2008,
More info at http://www.vorratsdatenspeicherung.de/content/view/242/144/

Something I came across when I writing a PHP script that dynamically creates hyperlinks through JavaScript.

According to Microsoft, Internet Explorer will not send the Referer header in situations that may result in secure data being sent accidentally to unsecured sites.

You can’t rely on the referer header as a trustworthy check for tracking down the origin of your visitors but still …
Something in the same bulletin seems rather strange:

If a site is placing sensitive data in the URL then I sure hope it’s hashed and it’s use is limited in time and restricted to one browser session.

The video of the Dan Kaminsky presentation of the DNS cache bug is available on the Black Hat site. It’s a 100 MB download but it sure is worth it. There’s also an MP3-version.