It is not very difficult but every time I want to create and populate an ssh certificate I have to search for it. So I will show how to create and populate an ssh certificate for password less login over ssh. And if we have a look to man page of ssh (see below), it sounds really simple. Just create your key, copy the key to destination and register in authorized_keys. But how to do that in a simple way? Steps to do: create a key: eeelin:~$ ssh-keygen #(Don’t enter a password for password...
Packet Analyzer on ESX Server
Last week I needed to analyze traffic form a Virtual Server hosted on a ESX machine. Normally this job would be a piece of cake if the server has his own NIC. But the way with an “old” hub or with an port mirror (port spanning) do not work with a vSwich (a virtual switch on the ESX server).
Skype communication protocol has been reverse engineered
After eight years the skype communication protocol has been reverse engineered. See for yourself:
Thawte Personal Email Certificate discontinued
Since the year 2004 I’m a member of the Web of Trust from Thawte and have been giving trust points to a number of people. To spread the web of trust we did also signing parties at some universities and schools. This era has come to an end! Thawte decided to discontinue the personal e-mail certificate and the web of trust services. Thawte recently published that security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these...
The solution: Formbased access to sharepoint by WebDav
In the first post of this serie I describe the problem which can be read here. In the second post of this serie I explained how the problem was analyzed using Live HTTP Headers which can be read here. In this post I want to present you a possible solution how to achieve a succesful login on a sharepoint server which uses form based authorization. The WebDavSession from the ITHit component has unfortunately no public interface to set cookies from the outside (although I’m in contact with...
The analyzation: Formbased access to sharepoint by WebDav
In the previous post I described the problem of accessing WebDav resources by using WebDav on a sharepoint server which has enabled form based authentication. The basic idea behind the solution is actually quite easy: When accessing the sharepoint portal on the external zone with the ASP.NET membership accounts you have to fill out the login form with your credentials. When you click on the “Sign In” button a HTTP Post is sent to the server containing some uniquely generated IDs for...
The problem: Formbased access to sharepoint by WebDav
In one of my projects I’m currently using WebDav to communicate to a sharepoint server. To minimize the developing costs regarding WebDav and to speed up the project I evaluated a nice library from ITHit which fully implements WebDAV RFC 2518 and DeltaV RFC 3253. The library is pretty straight forward to use and implemented in TDD manor. The cool thing also about this library is that resources and items from the remote location are returned as interfaces which really simplifies testing in...
Fine grained password policy
Today we take a closer look at the Microsoft Active Directory in the 2008 native mode. One of the problems that windows administrators often face in the daily business is the setting of password policies for the whole company. Under Windows Server 2003 it was not possible to set more than one policy for the accounts. So from the domain administrator to the user every body needed the same complex password. Under active directory in version 2008 there is a new object type in the schema which is...
Baseline Security of Windows Networks
One of the hard tasks in the daily live of an IT administrator is to ensure that the network and the server are secure. The perfect security is not possible. There will always be some small leaks either provoked through the behavior of the user in version 1.0 or the administrator of the system. Not to mention design leaks in the software itself. Most environments are too large and too complex for a manual checkup of all security patches and service packs. One other factor is most users need...
OpenSSH 5.1 and Hash Visualization
As we all know the major issue with security is the user itself, because current security systems don’t consider the human factor. Most of the security measures neglect the human limitation in the real world with the result that the users are annoyed by the system. Annoyed users stop paying attention or even worse they stop considering the whole security aspect of the system they are using. OpenSSH 5.1 implements a new (experimental) feature based on an innovative visualization...