Netscape’s How SSL Works document is a good introduction to SSL.
This document explains how Netscape uses RSA public key cryptography for Internet security. Netscape’s implementation of the Secure Sockets Layer (SSL) protocol employs the techniques discussed in this document.
Its somewhat easier to follow if you have some understanding of public key encryption techniques, but I found it useful anyway.
SANS through its Internet Storm Centre is tracking the average survival time for an un patched Windows machine connected to the internet. Currently its at around 24 minuts, almost half what it was 12 months ago.
The survivaltime is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe.
My last experience with an unpatched Windows machine directly connected to the Internet was that it lasted around 10 minutes. Whether 10 minutes or 24, it graphically demonstrates that the Internet is a hostile place.
Of course the problem now is that if you rely on Windows Update, your machine is likely to be compromised before it is even fully patched! SANS also has advice for resolving this in Windows XP: Surviving the first day. Its almost sad that we need a guide which explains the defensive measues required just to connect a machine to the Internet long enough to patch it, but I guess thats life on today’s internet.
While I’m pointing out some HTML tricks, here’s another one which I’ve used recently… Eric Meyer’s techniques for creating printer friendly versions using CSS. Very cool!
One of the wonderful things about CSS is that it allows authors to create media-specific styles for a single document. We’re pretty used to styling for the screen, but thinking about other media isn’t a habit yet. And as all the “printer-friendly” links attest, our thinking about the print medium has been limited to recreating a document in a different way.
I’ve used this technique before but haven’t blogged it. So while I’m using it again, I figured I’d better point everyone towards youngpup.net’s how to create popups tutorial.
Forget everything you know about creating pop-up windows. Most importantly, forget you ever knew that the javascript pseudo-protocol ever existed . Do you hear me??
Youngpup’s technique results in a hyperlink which opens into a new window, but still responds to a right click correcty. Very useful stuff.
I first mentioned SPF on this blog back in February. Since then SPF has been adopted widely as a useful anti-spam tool. I’ve been publishing SPF records for the domains I host for a month or two now, and will start SPF checking inbound mail soon. Now, CircleID has an interview with the Lead Developer of SPF. Part 1 and Part 2, both make good reading.
CircleID recently interviewed Meng Weng Wong, the lead developer of Sender Policy Framework (SPF) and founder of Pobox.com. As one of the leading anti spam authentication schemes, SPF is used by companies such as AOL, Earthlink, SAP [ … ]. Last month, Microsoft announced its agreement to merge Caller ID, its own proposed anti spam authentication scheme, with SPF — the joint standard is called ‘Sender ID’.
This article from The Register (Spam fighters infiltrate spam clubs) makes me think that my earlier speculation that MyDoom was a professional job may not be too far from the mark.
“People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don’t know how ties between spammers and virus writers was first forged but there is clearly a strong link there,” he added.
It also confirms speculation that spammers are now starting to use viruses and the proxy servers they leave behind instead of open relays.
Linux Exposed is running an introduction to IP Spoofing.
IP Spoofing is a trick played on servers to fool the target computer into thinking that it is receiving data from a source other than you. This in turn basically means to send data to a remote host so that it believes that the data is coming from a computer whose IP address is something other than yours.
Interesting reading, although a little difficult to follow at times due to poor layout.
I can’t vouch for the reliability of their service (yet), but secondary.org offers a free Secondary DNS Service. Could be hndy for anyone hosting domains on an ADSL service with only 1 IP address. From their site…
Free secondary DNS is available here. Add redundancy for your DNS by adding an extra DNS server to your list. Great for home users or small sites.
The D-Link DSL-500 & DSL-504 Router Info Dump is a really handy collection of tips and tricks for the D-Link DSL-504 routers.
I needed to know recently whether or not I was behind a transperent proxy server. After a fair bit of searching, I’ve found two ways of figuring it out. I’ve tried both on my system at home, which I suspect is behind a transperant proxy, and they give conflicting results. The first method relies on the proxy server inserting its own stuff into the http headers (most do, but some don’t), so it isn’t guarenteed to work. Basically, point your browser at a page somewhere on the internet which will show you all of the headers on the http request. Two examples are here and here … Then check the results for either a “HTTP_VIA” header or “HTTP_X_FORWARDED_FOR” header. Obviously this assumes the proxy modifies the http request, which is usually the case, but its easier than the second method.
The second method is the telnet test I’d seen done before…
From a command prompt (linux or Windows) type “telnet www.google.com 80″. Once connected, copy and paste the following two lines into your telnet session and hit enter a couple of times (you need a blank line after the bogus http request).
GET / HTTP/1.1
Host: www.microsoft.com
Have a look at the source code for the page which you get back (or save it to a file and display it in the browser). If it looks like google, then chances are there’s no proxies involved. If it looks like Microsoft, then you’re behind a proxy. This works because regardless of the IP address your system resolved for www.google.com because the request was for port 80 is should be re-reouted into the transperant proxy. The proxy should then look at the host header and give you back the www.microsoft.com page. This is all great in theory, but I couldn’t make it work on my home ADSL (which I suspect is behind a transperant proxy), so it may not be 100% foolproof.
