Saturday, July 19, 2008
A Certificate Dilemma
I've been trying to get a new certificate for my SSL enabled software from a very reputable certificate giving web site (cacert.org) and I was shocked with a notification that the certificate of this web site is not proper!! see the image below for yourself. How come that the certificate issuer web site has an untrusted certificate!!? :D
Monday, July 7, 2008
Screw symbian and their DRM
I've been struggling for a week now with that piece of metal of mine (mobile phone) trying to install a simple app and yet I couldn't !!. The problem is that symbian (God saves their brains!) decided that no application to be installed on your very own mobile except if it's signed by symbian (hmm maybe someone is paranoid over there or something!!! ) . Of course there's that "self signing" thing that you can do. But it only grants you access to limited set of APIs and you cannot access all system calls. Funny it is how this DRM stuff work. You have your mobile at your palm and you app on you pc and due to some DRM "issues" you can't install it!!. My last option is to hack the image of my symbian OS to make it bypass signing from the beginning. I was hoping not to come to this part because the place where i read this article it had this big warning
" !!!!!!! This hack is not for the faint hearted and is known to brick a few models that perform a CRC check. Anything that you do following the article below is at your own risk and responsibility.!!!!!!"
so i decided to wait and give it another try with searching.
Symbian was so generous to allow people to have their apps signed online (What if I don't want anybody to see my app?!!! , what a big nose !) and of course this online signing is also limited to the IMEI and must have the UID same as the email that you wrote in the app. itself. which means that you can't give your app to some friends to try it. shame on you! ... symbian people are the best guys can't you see it!
And last but not least of symbian's generousity is their developers' signing request program. If you are a developer and you want a certificate to test up some apps. you can send a request to symbian and they will give you one. However the trick here is that you have to sign up with your email which MUS NOT be a public known or unknown! free email service provider neither it can be any domain with lots of people signing up from. Whenever a domain (even it's your domain) has a certain limit of users singed up from, it gets banned!! .. so you can imagine how many free emails I've singed up in the last couple of days and tried with that stupid program.
ANYWAY, like a friend of mine always says "A brownie can always solve the problem" . I think I'll just eat some brownies and try to forget.... (hhh sighs)
UPDATE: I used a hack that was mentioned in the comments. Thanks Sheero for the hack , it WORKEDDD :D ..you saved my day (or month actually!) I shall rename the post "God saves old friends (& screw symbian & their DRM!)" LOL .. I think um gonna save the cookies for some other problems.
" !!!!!!! This hack is not for the faint hearted and is known to brick a few models that perform a CRC check. Anything that you do following the article below is at your own risk and responsibility.!!!!!!"
so i decided to wait and give it another try with searching.
Symbian was so generous to allow people to have their apps signed online (What if I don't want anybody to see my app?!!! , what a big nose !) and of course this online signing is also limited to the IMEI and must have the UID same as the email that you wrote in the app. itself. which means that you can't give your app to some friends to try it. shame on you! ... symbian people are the best guys can't you see it!
And last but not least of symbian's generousity is their developers' signing request program. If you are a developer and you want a certificate to test up some apps. you can send a request to symbian and they will give you one. However the trick here is that you have to sign up with your email which MUS NOT be a public known or unknown! free email service provider neither it can be any domain with lots of people signing up from. Whenever a domain (even it's your domain) has a certain limit of users singed up from, it gets banned!! .. so you can imagine how many free emails I've singed up in the last couple of days and tried with that stupid program.
ANYWAY, like a friend of mine always says "A brownie can always solve the problem" . I think I'll just eat some brownies and try to forget.... (hhh sighs)
UPDATE: I used a hack that was mentioned in the comments. Thanks Sheero for the hack , it WORKEDDD :D ..you saved my day (or month actually!) I shall rename the post "God saves old friends (& screw symbian & their DRM!)" LOL .. I think um gonna save the cookies for some other problems.
Wednesday, July 2, 2008
Social networks... How to surf safely
Social networks is actually a crawling disaster with all this information passing, threats that we never thought of has emerged leading to serious problems
I was reading this article on Outpost security lab and they suggested few practices to make surfing through social networks more secure.
Best Practices:
"
Use the latest browser software and install Windows Updates as soon as they become available.
Use a firewall to protect your system against unknown threats; use up-to-date antivirus to block known threats and intrusion prevention software to alert you to potentially dangerous activities on your computer.
Do not download, open or respond to content published or sent by unknown people. There has recently been a virus outbreak in the Russian portion of an SN that resulted from unwary users clicking on a reference to a fake image file that led to the activation of a virus that then wiped user data from the affected computers.
Remember that SN is still in its infancy: the engines are still immature and the platforms are vulnerable to determined attackers. Reports of faulty SN code appear regularly in the media, and you cannot rely on the integrity and non-disclosure of your personal details due to multiple weaknesses in SN systems. Cross-scripting errors (XSS) enabling attackers to view restricted sections of user data have affected almost every SN site, much like the way spyware targeted Windows systems that had not been patched with SP2 back in 2003.
The 3rd party applications (widgets) that Facebook and Myspace offer as additional downloads are even more problematic. These programs are not tested for compatibility or security defects, so be sure you understand exactly what you are installing when you choose to use one of these applications.
Don’t access your online profile from public computers – such actions are fraught with additional risk because of the potential for theft or malware compromise. Your log-in details might be stored in a local cache and later extracted and used to illegally access your profile, or the computer may be infected with keylogger that will silently capture any piece of information, including log-ins and dialog sessions, and relay this data to unauthorized third parties.
Do not disclose sensitive information ever! - A recent British survey revealed that more than half the SN users interviewed publish contact details and private details in their online profiles, making them the easy targets to ID thieves and other miscreants.
Due to the open nature of the Internet and the fact that your account can be hijacked, coupled with the vulnerabilities of SN platforms, you should NEVER publish any sensitive information about yourself, like your home address, Social Security or cell phone numbers. And don’t post anything that could backfire against you, like videos of your student parties, or anything else that you wouldn’t want a prospective employer to see.
Prevent anonymous users from viewing your profile
By making your profile private, you limit access to your online profile only to friends and people you know.
Authorize and add as friends only people you know
The smaller your inner circle of friends, the more private your online profile is.
Never trust online-only acquaintances
It’s important to keep in mind that people and their identities are not always what they claim to be, and you should not blindly trust people that you meet online. Don’t meet these people in real life except in very public, safe places, and you must strive to avoid any other physical contact with them.
You may have heard the dramatic story of a girl committing suicide after her online date supposedly let her down, whereas in fact the cheating partner was the mother of a teenager who didn’t want her son to date the girl. If she had been a little less trusting of what she read online, she would probably be alive today.
Favor sites that use encryption
Facebook, for example, encrypts your interactive sessions, whereas Myspace hasn’t yet followed suit. Encryption garbles data in transit so that no-one can read intercepted information, protecting your passwords and other information from outsiders.
Report abuse
Should you encounter cases of spam, harassment, stalking or other intrusions into your private life, you should report such incidents to the people responsible for proper conduct on the social networking site. Consult the FAQ or Contact Us section to find specific contact information.
Don’t access SNs from your workplace
Research indicates that half of the workforce access SNs during the workday, reducing productivity and distracting from work-related issues. Such activities may also be in violation of your employer’s “appropriate Internet use” policies.
"
After all, nothing is totally secure. And if the information is there then someone somtime will be able to get it somehow!. Maybe I'm paranoid but who knows what can happen :D
I was reading this article on Outpost security lab and they suggested few practices to make surfing through social networks more secure.
Best Practices:
"
Use the latest browser software and install Windows Updates as soon as they become available.
Use a firewall to protect your system against unknown threats; use up-to-date antivirus to block known threats and intrusion prevention software to alert you to potentially dangerous activities on your computer.
Do not download, open or respond to content published or sent by unknown people. There has recently been a virus outbreak in the Russian portion of an SN that resulted from unwary users clicking on a reference to a fake image file that led to the activation of a virus that then wiped user data from the affected computers.
Remember that SN is still in its infancy: the engines are still immature and the platforms are vulnerable to determined attackers. Reports of faulty SN code appear regularly in the media, and you cannot rely on the integrity and non-disclosure of your personal details due to multiple weaknesses in SN systems. Cross-scripting errors (XSS) enabling attackers to view restricted sections of user data have affected almost every SN site, much like the way spyware targeted Windows systems that had not been patched with SP2 back in 2003.
The 3rd party applications (widgets) that Facebook and Myspace offer as additional downloads are even more problematic. These programs are not tested for compatibility or security defects, so be sure you understand exactly what you are installing when you choose to use one of these applications.
Don’t access your online profile from public computers – such actions are fraught with additional risk because of the potential for theft or malware compromise. Your log-in details might be stored in a local cache and later extracted and used to illegally access your profile, or the computer may be infected with keylogger that will silently capture any piece of information, including log-ins and dialog sessions, and relay this data to unauthorized third parties.
Do not disclose sensitive information ever! - A recent British survey revealed that more than half the SN users interviewed publish contact details and private details in their online profiles, making them the easy targets to ID thieves and other miscreants.
Due to the open nature of the Internet and the fact that your account can be hijacked, coupled with the vulnerabilities of SN platforms, you should NEVER publish any sensitive information about yourself, like your home address, Social Security or cell phone numbers. And don’t post anything that could backfire against you, like videos of your student parties, or anything else that you wouldn’t want a prospective employer to see.
Prevent anonymous users from viewing your profile
By making your profile private, you limit access to your online profile only to friends and people you know.
Authorize and add as friends only people you know
The smaller your inner circle of friends, the more private your online profile is.
Never trust online-only acquaintances
It’s important to keep in mind that people and their identities are not always what they claim to be, and you should not blindly trust people that you meet online. Don’t meet these people in real life except in very public, safe places, and you must strive to avoid any other physical contact with them.
You may have heard the dramatic story of a girl committing suicide after her online date supposedly let her down, whereas in fact the cheating partner was the mother of a teenager who didn’t want her son to date the girl. If she had been a little less trusting of what she read online, she would probably be alive today.
Favor sites that use encryption
Facebook, for example, encrypts your interactive sessions, whereas Myspace hasn’t yet followed suit. Encryption garbles data in transit so that no-one can read intercepted information, protecting your passwords and other information from outsiders.
Report abuse
Should you encounter cases of spam, harassment, stalking or other intrusions into your private life, you should report such incidents to the people responsible for proper conduct on the social networking site. Consult the FAQ or Contact Us section to find specific contact information.
Don’t access SNs from your workplace
Research indicates that half of the workforce access SNs during the workday, reducing productivity and distracting from work-related issues. Such activities may also be in violation of your employer’s “appropriate Internet use” policies.
"
After all, nothing is totally secure. And if the information is there then someone somtime will be able to get it somehow!. Maybe I'm paranoid but who knows what can happen :D
Subscribe to:
Posts (Atom)
