certificates and security

 crypto, philosophy, security, tech, web  Comments Off on certificates and security
Aug 052014
 
certificates and security

npm is the defacto package manager for the node.js javascript network programming environment thingee. The folks who make npm have taken a security leap: npm no longer supports its self-signed certificates Ah, they build the bastions of light and goodness, protecting us from the sins of the masses by standing tall. So… how do you install npm, anyway? Ah, yes, you look it up on their site… let’s see… why, […]

Linda and Doris rule the ‘net

 ipmi, security, tech, Uncategorized, web  Comments Off on Linda and Doris rule the ‘net
Jul 032013
 

Some misc ramblin’ notes/data on IPMI & SSL Certificates. So I used the SSL observatory software (oddly written, but still cool) to scan for certificates on a bit over 300K systems suspected of running IPMI (which in turn were had from HD Moore of Rapid 7 – thanks HD!) and who were on the net.  In case anyone else was interested in using the SSL Observatory stuff, it’s pretty simple once […]

…losing a half day of my life… and I’m running out of half days.

 dinosaur, perl, philosophy, security, web  Comments Off on …losing a half day of my life… and I’m running out of half days.
Jul 272012
 

This line did it: $ENV{‘PERL_LWP_SSL_VERIFY_HOSTNAME’} = 0; Net::Nessus::XMLRPC, which calls LWP::UserAgent, didn’t emit any hints why something that had been working for many months suddenly doesn’t when I am forced to port to a new system… same OS, how could it go wrong? Turns out LWP changed the default behavior that had been around forever – now it dies if a cert isn’t kompletely kosher.  Since virtually every Nessus install […]