Planet Mediocrity

The Server Gate Cryptography secret your CA doesn't want you to know

Aug 292010

Padlock by Ralph Aichinger

Certification Authorities (CAs) offer two types of SSL certificate, one type includes Server Gate Cryptography (SGC) and is often promoted as a premium, or high security option and is charged at a much higher price than the non-SGC equivalent. So, it should be a no-brainer that you should buy the best, most expensive certificate you can afford to ensure the security of traffic with your website, shouldn’t it?

Well, no.

Until late 1999, the United States were imposing restrictions on the export of strong cryptography which resulted in ‘export versions’ of Internet Explorer, Netscape and other web browsers which did not enable high encryption by default. Instead, browsing SSL sites with an ‘export version’ browser resulted in a connection which was encrypted with 40 or 56-bit encryption. A non-export version would negotiate 128-bit encryption. To allow very sensitive sites to step-up the encryption to 128-bit even on an export version browser, special certificates were issued to authorised sites, for example government sites and financial institutions, which would unlock the high encryption functionality and allow 128-bit secure connections.
By 2000, the export restrictions were dropped and the international browser versions began supporting 128-bit encryption by default. At the same time, SGC certificates were offered to anyone who wanted them to allow older export browsers to use high encryption.

For a few years after 2000, it made sense to use an SGC enabled certificate if you wanted to ensure everyone could access your site securely and it was worth paying a premium to ensure that your site was available to the maximum number of customers. Now, though, there are many fewer users with the old browsers, so you won’t affect as many customers by removing the SGC capability.

But, it can’t hurt to use an SGC certificate, can it?

Well, yes.

These old browsers (e.g. Internet Explorer 4.01 to 5.01, Netscape 4.07 to 4.72) are over 10 years old now, they have not received security updates or patches since 2000. The security patches which have been released for more modern browsers in the past ten years help to protect the system against keyloggers, viruses and other malware which can intercept data on the client, even if it is transmitted across the network securely encrypted. This means that the connection which is assumed to be secure by the user probably isn’t, and malware in the browser could potentially be carrying out unauthorised transactions on your server using the client’s credentials. Worse still, the malware could hide the fraudulent transactions from the user so he never sees evidence of a problem.

Updating these browsers to modern, secure versions is free and simple. High-encryption packs are available from Microsoft for older operating systems – Windows 95, Windows 98, Windows NT and Windows 2000, and a huge variety of secure browsers are available for free download.

So, how many customers are likely to be unable to access my site when I move to non-SGC certificates?

In an Entrust Whitepaper on the subject from July 2009, the estimate is that 0.07% of browsers on the Internet would be affected, less than 1 in a thousand, and this number is likely to be even lower now.

This small percentage of users who will be unable to connect to your site are unlikely to be surprised as more and more of the Internet will be becoming unavailable to them every day as other sites move away from these outdated certificates. It really is time they dragged themselves into the 21st Century and spent 5 minutes upgrading their browsers to ensure their connection is secure. By making sites unavailable to them, you are doing your customers a favour by encouraging them to upgrade, and are helping to protect your other customers by making it harder for malware to get a foothold on your server.

There is one very important change you need to make to your server though, ensure that weak encryption is not supported otherwise these old browsers will negotiate 40 or 56-bit connections with your server!

Share and Enjoy:

Android on three.co.uk

Techie Stuff No Responses »

Apr 242010

Today I changed my mobile provider after a number of problem-free years with T-Mobile to Three who have a good deal on at the moment for a 30-day contract SIM only with ‘unlimited’ (1Gb/mo) data for £15. I had a T-Mobile G1, but bought a SIM free Nexus One from Google a couple of months ago. Now that my 12 month contract with T-Mobile has finished, I grudged paying them £35 per month. The best deal they could do on a 30 day contract with unlimited data was £20/mo according to their website.

The new Three SIM was enabled within an hour of purchasing it but, although I could make and receive calls, I had no network access. In order to get access, you need to set up an APN with these settings:

Name – 3
Apn – three.co.uk
proxy – not set
port – not set
Username – not set
Password – not set
Server – not set
MMSC – http://mms.um.three.co.uk:10021/mmsc
MMS proxy – mms.three.co.uk
MMS port – 8799
MCC – 234
MNC – 20
APN type – not set

To set up the APN on a Nexus One do Menu > Settings > Wireless & networks > Mobile networks > Access Point Names > Menu > New APN

Update: This morning, I called T-Mobile to get my pac code and to terminate my contract with them. To tempt me to stay with them, they offered me a £5/mo contract with 1Gb Data allowance, 100 minutes and 100 texts on a 24 month contract. I was extremely tempted, but didn’t want to be tied into a long contract, the rep then said he could do exactly the same deal but leave me out of contract – that means I can still cancel with 30 days notice! This is the best deal I’ve had from a mobile phone operator – good work T-Mobile! Anybody else paying less than 17p per day for their mobile service?

I called Three to cancel my new contract and they were also extremely helpful. Cancelling my account and promising that I would only pay pro rata for the 23rd to 26th of May (30 day notice required) – I expected to have to pay the full £15 for the month. Excellent service from Three too!

Share and Enjoy:

Domain Renewal Scam

Techie Stuff 1 Response »

Feb 032010

When I came home from work, an official looking envelope from the ‘Domain Renewal Group’ was waiting for me. Inside was an equally official looking letter which I initially thought was a bill. It turns out it is just a marketing letter posing as a renewal notice for one of my domains.

It seems they look at the WHOIS records for domains which are expiring soon and send out these letters in the hope someone will think it is a bill and give them a cheque or credit card number. They expect me to pay £20 to renew my domain and make them my new registrar, this is vastly more expensive than renewing with my current registrar which would cost only £5.46 for a year.

I think this is a deliberately deceiving letter designed to look like a bill in the hope that it will just be paid and forgotten – many people with websites don’t really understand the roles of registrar, hosting company etc. and this will just confuse them further.

In short, if you’re happy with your current registrar, don’t bother changing. If you do decide to change, don’t be forced into it by someone sending you direct marketing letters.

Share and Enjoy:

Invasion of the Not Quite Dead Trailer released today!

Creative Stuff No Responses »

Jan 292010

IndywoodFILMS presents: ‘Invasion Of The NOT QUITE Dead’ teaser promo…

In August 2009, a special teaser promo was created to raise awareness for a horror feature film called ‘INVASION OF THE NOT QUITE DEAD’ which has the support of such names as: Tom Savini, Kevin Pollak, Ken Russell, David Hess, Lloyd Kaufman, HG Lewis, Lee Boardman, Justin Kerrigan & talk show host Jonathan Ross.

The teaser was shot on S16mm film on location at a small farm in Kent and stars horror veteran Leslie Simpson (Dog Soldiers, The Descent, Doomsday), Efisia Fele and Frank Jakeman.

Visit www.theindywoodproject.com and help them to independently raise funds to make the feature film, they are currently receiving an incredible amount of media attention due to them selling pre-order producer packages to help raise our £100,000 budget, so far as of Jan 29th they have sold 449 producer packages to 18 different countries, raising over £16,000 – help them to continue the success…

I am preorder number 10 and have recently upgraded to VIP Executive Producer status.

For more information on how you can help the production of ‘INVASION OF THE NOT QUITE DEAD’ please visit: http://www.theindywoodproject.com or http://www.invasionofthedead.com

and for real time updates why not folow them on twitter: @indywoodFILMS

and our official facebook page: http://www.facebook.com/pages/Invasio…

or contact writer/producer/director Antony Lane: adlane@indywood.co.uk

Share and Enjoy:

Edinburgh Winter Festival

Creative Stuff, Edinburgh No Responses »

Dec 052009

Edinburgh Winter Festival

Originally uploaded by Lesault

Yesterday, @rich_dyson invited me to join him taking some long exposure photos of the Edinburgh Winter Festival in Princes Street Gardens. We met near the ‘Giant Wheel’ and set up the cameras in the middle of Princes Street looking towards the wheel, carousel and helter skelter. I knew I wanted a long exposure to blur the wheel and people, and to get some nice light streaks from taxis and buses passing in front of us. With my 18mm lens at the smallest aperature, the exposure was about 15″, so I put put on an ND8 to increase the length of exposure. I am happy with about 3 of the 20 or so photos I took, the best is probably this one. (20″ f/13 iso100 18mm)

After that we took a wander through the ‘Scottish Market’. I had taken a photo earlier of ‘Amelia‘ (1/60 f/1.4 iso800 50mm) who was doing Tarot readings in her Gypsy Caravan (are you still allowed to say ‘Gypsy’? I can never remember)… although I did see another woman giving readings there earlier – I wonder if there really is only one Amelia. I did a bit of photoshopping to add detail back into the sitter’s white hat and reduced the exposure of the background which was a bit bright before.

We set up on the Plaza between the Art Galleries at the bottom of the mound where I took the photo you see on this page (10″ F/9 iso100 92mm). It is actually a merge of 2 photos, the wheel, shed and clock tower are from one, the sky, trees and helter skelter are from another – I think it was worth editing to get the nice sky.

I had never tried a long exposure with my long lens, so I also took a close-up of the clocktower on the Balmoral Hotel (5″ f/9 iso100 149mm) from the same position. Unfortunately, the nice moonlit clouds were beginning to disappear.

Share and Enjoy:

Chomp! Descends on Edinburgh

Creative Stuff, Edinburgh No Responses »

Aug 062009

The cast of Chomp! take over the Royal Mile

This evening I was doing the City of the Dead Underground City tour at 9pm, but I was on the Royal mile from about 6.30 to see the street performers and generally hang out. At about 7pm, the cast of “Chomp! The new Zombie Musical” took over the High Street.

Usually at festival time you get hundreds of posh schoolkid luvvies who are in productions and make a fool of themselves on The Mile trying to get people interested in seeing their shows. Chomp! seems a little different – these actors are really getting into the part – a gang of zombies came sprinting up the Royal Mile, chasing each other and terrorising members of the public. Luckily the army arrived and a huge fight broke out between them and the zombies.

There was some extremely realistic looking punches being delivered between a zombie in a bowler hat and tails (who I assume is the leader) and one of the soldiers. Then suddenly two of the Zombies broke into song… “Shooting Out The Brains of the Dead” – A jolly ditty about DIY zombie lobotomy – brilliant!

The show is on in C-1, Venue 34. 5:15pm 7-8 August. I’m working both nights so I can’t make it – you should go though!

Update, If you missed the show live, Andy Evans has made a video of one of the early performances available:

Chomp! The new Zombie Musical – Act 1

Chomp! The new Zombie Musical – Act 2

Share and Enjoy:

DDOS on Twitter - happening now!

Techie Stuff No Responses »

Aug 062009

Twitter.com is currently down. Status.twitter.com reports that they are currently fighting a DDOS (Distributed Denial of Service) attack which has been running by my estimation since shortly before 15:00 BST.

In a DDOS attack, the server is sent enough requests to overwhelm the server and affect genuine users. In the case of a site like twitter, which has lots of bandwidth, the attack generally comes from a botnet (computers infected with malware which can be turned to a variety of uses – from sending spam emails to DDOSing sites).

There is speculation that this attack is being perpetrated by the same “Dastardly Hackers” who brought down Gawker on Sunday while ddosing consumerist.com.

Twitter status - down!

Twitter’s status page currently reports that the site is back up, but I have found that service is still intermittent.

I want my twitter back!

Share and Enjoy:

My second chain attempt

Creative Stuff 3 Responses »

Aug 042009

Having made my own jump rings from silverplated copper wire, I decided to put them together into something that looks a bit more like some jewelery. The result, a 7″ bracelet with a chain made of double links and a box-chain central section.

2x2 chain with Box section

The joins in the links are much tighter this time round than my last attempt. Things to work on for the next one are to scratch the links less with the pliers while closing them, and to make the chain of silver rather than plated copper.

I’m quite pleased with the decorative section in the middle though – really tight due to the aspect ratio of the rings.

Share and Enjoy:

Moo mini-cards

Creative Stuff No Responses »

Aug 022009

My second set of Moo mini-cards arrived a few days ago. I’m delighted with this set too. My last set featured photographs of Greyfriar’s Kirkyard and were intended to give to people who had been on my ghost tour and wanted my details. This new set are a bit more colourful and light hearted for general use where I don’t want to scare people away.

The thing I like about moo mini-cards is their quirky shape and size – they are different to any other business card anyone will have in their wallet (unless you’re at a tweetup where everyone seems to have them!). I love that you can get many different images printed in one order for a reasonable price. Anyway, these are my newest cards – let me know what you think!

Moo mini-cards

Share and Enjoy:

First attempt at jump-ring making

Creative Stuff 1 Response »

Aug 022009

10m of 0.8mm Silver-plated copper wire

I found a shop on St Mary’s Street in the Old Town which sells jewelery making supplies and picked up a 10m length of 0.8m silver plated copper wire for the bargain price of £4.50. At home I looked around for a suitable mandrel and found a short length of metal bar from an old portable TV aerial (who said jewelery-making wasn’t glamorous?) and set about winding the wire round it. Winding will be much easier next time when I get a decent length mandrel and drill a hole in it to hold the wire. In this case, I just did it with my hands. I have a lovely blister on my index finger to prove it. Lesson learned.

Once the wire was wound, I slid the mandrel out and was left with a (not very springy) spring. It wasn’t as uniform as I had hoped for – the diameter was the same all the way along, but there were a few small gaps between each turn. I suspect this won’t make a huge difference, but some rings will be more open than others when I am finished. Hopefully it will not affect the size of each ring too much.

Wire after removing mandrel

Before cutting it, I decided to make sure that I didn’t lose the rings all over the floor. Paul had recommended taping the wire before cutting, but I am out of masking tape and Sellotape wasn’t sticking so well. I slid a length of thread through the middle of the wire and tied it in a loop – my thinking was that most of the rings would end up hanging on the thread. This was fairly successful although I found a lot of the rings ended up linked round the blade of the saw – this meant that the thread tended to get a bit tangled. Next time I may try without the thread or tape. I was holding the rings between my fingers anyway, so I don’t think too many will fall.

I put beeswax on the blade of the saw as recommended (for silver anyway – not sure what I was supposed to use with copper) and it seemed to do the job. It cut much more quickly right after applying the wax, so I stopped regularly to apply more.

After being so careful not to drop any of the rings, I was a bit gutted when I stood up and knocked them all over the floor anyway.

Hand-made jump rings

I now have 110 shiny little circles ready to link together. I suspect I’ll need more to make anything useful (Terri’s Byzantine chain bracelet took 200) but I still have plenty of wire left over to make more.

Share and Enjoy:

Older Entries

The Server Gate Cryptography secret your CA doesn't want you to know

Android on three.co.uk

Domain Renewal Scam

Invasion of the Not Quite Dead Trailer released today!

Edinburgh Winter Festival

Chomp! Descends on Edinburgh

DDOS on Twitter - happening now!

My second chain attempt

Moo mini-cards

First attempt at jump-ring making

Categories

Archives

Blogroll

Meta