General Musing

blaze your trail

Posts Tagged ‘certificate

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. 🙂

Read the rest of this entry »

Advertisements

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

OCSP Troubles #security #x509 #certificate #revoke

with one comment

A company was having intermittent trouble with their new authenticated SSL, it wasn’t that they experienced trouble with the certificates, which came from a large international CA, or the authentication. There was a bug which caused the OCSP check on some certificates to fail. And after it had failed the first time for a certificate it would continue to fail for that certificate until the application server had been restarted. As this was a mission critical application for their customers between 8am-6pm they had taken to restarting the servers at 7am to ensure that there would be less issues during the day. This was obviously not a permanent solution so the vendor was called to fix the issue.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

June 23, 2011 at 7:05 am

A catalog of this year’s risky articles #2010

leave a comment »

Programming Hands

Risk is something which can be difficult to evaluate for the average person, there is a lot of work which goes in to learning not to do the two things that people usually do when they are confronted with risk:

  1. Ignore
  2. Overreact

It looks like every man and his dog needs to have a Facebook page, even banks…

It has been almost 1.5 weeks since Google’s FeedBurner removed the Frie…

Some days ago I tweeted to Prosper, a personal loan marketplace, whether they…

I don’t really think most people get “it” when it comes to …

Just noticed that Google Translate translates the name of the Dutch social ne…

I find a 400 plus page manual of office policies and job descriptions for eac…

In the last two days I’ve not been posting so much, and focussing on up…

I started playing with Google Scribe and wanted to see if patterns emerged so…

I have my Google account set up with English as the preferred language, my br…

For the last 2 years LinkedIn has been running a bad poor IT management depar…

When I just started I too had trouble with getting all the items I required t…

On August 11th 2007 I exceeded my GMail quota, I blogged about it here. At th…

Brian Szymanski send a reply to me concerning another bank implementing SMS b…

I don’t understand why url expansion after url shortening is such an is…

I just read an article Web Coupons Know Lots About You, and They Tell in the …

This morning/night China’s networks were sending rerouting messages to …

The lack of trained and experienced computer security people working in small…

Last week I saw an episode of a popular Dutch Ombudsman program Kassa, they r…

After seeing a program about a lifecoach trying to find the time to get his p…

Image source Radio Nederland Wereldomroep

This year’s articles about programming #2010

leave a comment »

Programming Hands

In 2010 I was less focussed on programming articles on the blog than previous years, still I have managed to create some interesting articles with code in 2010. This is an overview of the activity:

Having some fun today with QR codes, JavaScript and the Google Analytics URL …

The only questions that are asked in the Daily Scrum, aka Stand-Up, are: What…

UPDATE: GMail has introduced my number 3. YEAH! (Gmail introduces Priority In…

I like YouTube, and often subscribe to new channels and unsubscribe after a w…

Since I started working for my company I’ve been exposed to PCI DSS (Pa…

I don’t understand why url expansion after url shortening is such an is…

VeriSign – Personal Identity Portal is a OpenID provider with multiple …

Image source D’Arcy Norman

Did The LinkedIn Certificate Expire Again? #linkedin

leave a comment »

For the last 2 years has been running a bad poor IT management department, this have been my headlines for the last two years:

I am so sure of LinkedIn’s incompetence, as with their product they won’t ignore a chance to punish their customers for wanting to use their services.

In about two hours we should know.

Written by Daniël W. Crompton (webhat)

July 6, 2010 at 8:22 am

VeriSign PIP Browser Certificate workaround (PIN Request) #identity #openid

leave a comment »

VeriSign – Personal Identity Portal is a OpenID provider with multiple factor identification: Password +

  • Mobile Credential (phone or mail PIN)
  • Account Information Card (can be used by applications such as Microsoft CardSpace)
  • VeriSign browser certificate
  • VeriSign Identity Protection (VIP) Credential (Physical Token)

As I have a browser certificate linked to my old browser and couldn’t login with my current browser I had to figure out a workaround when I don’t have the browser certificate: PIN Request. On the page that does the browser certificate request there is a hidden link to get a PIN send by mail or mobile, which you can find here.

Hope that helps you.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 7:24 pm

LinkedIn Certificate Expired Again! #linkedin

with 3 comments

You would not believe it, last year today I wrote the article: LinkedIn Certificate Expired. And today it happened again, this time it’s not in a weekend.

http://www.linkedin.com uses an invalid security certificate.

The certificate expired on 06/07/2009 19:41.

(Error code: sec_error_expired_certificate)

Will they learn from this for next year?

Thanks to Ali for the heads up!

Technorati Technorati Tags: , , , , , , ,

Written by Daniël W. Crompton (webhat)

July 6, 2009 at 6:48 pm

%d bloggers like this: