Monthly Archives: November 2014

VPN Introduction

I have been doing some work with VPNs lately, having set up a PPTP(Point to Point Tunneling Protocol) VPN for some Android network analysis that I have been doing lately.  It is easy to set up on a server and a mobile device, but PPTP generally isn’t secure unless you are using (P)EAP.  I wanted to try out something that overlaps with something that I’m pretty knowledgeable about, TLS/SSL, with something I have never had to actually set up, an SSL VPN.  Most people who use a VPN to connect into work use an SSL VPN.  Probably either from someone like Cisco or Juniper.  They are pretty easy to set up on the router side of things, and relatively easy for client device to get set up.  Other advantages are that they can be run over port 443, so they won’t be blocked by most firewalls, and that they use the verification properties inherent to TLS/SSL rather than some sort of challenge-response handshake.  Using TLS/SSL allows them to also be flexible about key sizes and cipher suites used and upgrade them as the future requires.
Read Full Article

I’m very excited to announce the launch of AM I SHA-1 – the SHA-1 Checkinator. This is a site that I have been working on for a few months off and on. Ever since Google announced that they were going to sunset support for SHA-1 support in Chrome, I felt that it would be cool to have an easy site to check your SSL/TLS certs. It isn’t difficult to check your certificates yourself, but not everyone is able to analyze their own certificates and understand the context under which they need to act to upgrade their certificates before the end of 2016. The tool/site I made takes a URL and downloads and parses the certificates for a site, and then helps you determine what action if any is required on your certificates. I realize that there are several tools out there that check for this already, but most of these are bundled into more extensive tests and the tests often take a long time to run. My goal with this site, was to be lean and quick so I focused on just checking for the presence of SHA-1 signatures in chain and leaf certificates. Plus it was a great learning experience.
Read Full Article

My wife has a 27″ iMac from late 2009. We upgraded her to a more powerful Windows machine about a year ago. The iMac has a beautiful screen and is in good shape, but the performance of it had slowed quite a bit. I took a look at the specs of the machine. It had 4 GBs of RAM and a 1 terabyte hard drive. It also has a Core 2 duo, dual-core processor, which is meh. I figured that there wasn’t a whole lot I could do about the processor, but the hard drive and RAM could be upgraded.

Upgrading RAM on an iMac is supported by Apple and very easy to do on most models. I decided to upgrade it to 8 GBs. I made sure that I bought RAM that was supported by the version of iMac that I was using. I used Crucial’s RAM picker as I have had good experiences with it in the past. On a regular PC I can usually suss out what RAM will be compatible with the motherboard in question. With Macs, I have been burnt by buying RAM that isn’t compatible, so I always check. Actually performing the upgrade was fairly straightforward. I tipped the iMac back so that it was lying horizontal, then unscrewed a panel from the bottom of the monitor housing. As I recall there are some tabs that help you eject the RAM modules. Before you pull the modules out, you may want to take a minute to understand how to put the tabs back before you insert the new modules. It will make it easier to eject the new modules should you ever need to. Also it just looks tidier.
Read Full Article