Home › Information Security ›

Information Security

Screenshot: Untrust CNNIC from Mac OS's Keychain Access

voyageur | February 4, 2010 - 6 weeks 4 days

If you use Firefox/Thunderbird in Mac OS, you still need to untrust the CNNIC certs follow the steps in Screenshot: Remove CNNIC from Firefox and Thunderbird.

In Mac OS X: Click Applications -> Utilities -> Keychain Access -> Certificates -> (expand with V button below) -> System Roots -> (Unlock, top left) -> Double-click the cert -> Trust -> When using this Certificate -> Never Trust.

Screenshot: Remove CNNIC from Firefox and Thunderbird

voyageur | February 4, 2010 - 6 weeks 4 days

Instead of removing CNNIC certificates from your system, we should mark them as "untrusted". This way, when your system updates its cerficates, they will not slip in. As a precaution, you might need to form the habit of checking the trusted certficates installed in your system periodically.

Remove CNNIC CA

voyageur | January 30, 2010 - 7 weeks 2 days

Mozilla and Microsoft have added CNNIC root CA to the browser's Authorities and CA directory. Chinese users are in a rush removing them from their computers. Here is a post on how to do it (in Chinese).

Discussions can be found here:

CONFIG_SYSFS_DEPRECATED

voyageur | November 11, 2009 - 18 weeks 5 days

When you compile a program that need to include kernel sources, sometimes the compile might give you an warning message like below:

 *   CONFIG_SYSFS_DEPRECATED:     should not be set. But it is.
 *   CONFIG_SYSFS_DEPRECATED_V2:     should not be set. But it is.

To fix this, you will need to recompile your kernel using menuconfig, and find

Support dm-crypt in Linux Kernel

voyageur | May 3, 2009 - 46 weeks 1 day

When you compile your own kernel, in order to enable support for dm-crypt, please make sure you check

Device Drivers --->
     [*] Multiple devices driver support (RAID and LVM) --->
        <*> Device mapper support
        <*> Crypt target support

 

Securing MySQL

voyageur | April 11, 2009 - 49 weeks 2 days

Remove MySQL from network

By default, MySQL listens on port 3306. Stop it from listening on any TCP/IP port if you don't use it on network.

# vi /etc/my.cnf

Change
#skip-networking
to
skip-networking

Secure the user accounts

A default install of MySQL is somewhat lacking in security. To fix that we are going to do the following:

Local Caching, Forwarding Nameserver on Gentoo

voyageur | April 10, 2009 - 49 weeks 3 days

Install BIND

# emerge -v bind

When it finishes, here is the message: 

SANS Security Awareness Tips

voyageur | April 2, 2009 - 50 weeks 3 days

SANS posts daily security tip to remind users on various security aspect. Nice short paragraphs.

http://www.sans.org/tip_of_the_day.php

Secure Your Web Browsers

voyageur | April 2, 2009 - 50 weeks 3 days

References:

US-CERT Securing Web Browser Information
http://www.us-cert.gov/reading_room/securing_browser/browser_security.html