Tag Archives: Security

Secure your MySQL installation

I just noticed this instruction at Marc Liyanage’s MySQL install page, and it’s really good advice:

In recent distributions of MySQL, you can also run the script mysql_secure_installation instead of just changing the root password. That script allows you to change the root password, delete the test database, remove the anonymous user, remove remote access (allowing access from the local machine only) and reset the privileges table.

A nice handy script to tidy up your MySQL installation. I’ve installed it so many times lately on so many machines, and I foresee many more in my not-so-distant future. This will come in handy.

Gig Land: Web Designer for Zone Labs

Zone Labs in San Francisco needs a web design contractor and quick! Interested folks can send their resumes to khalperin AT zonelabs.com.

Position Title:  Web Design Contractor

General position responsibilities:

The Web Design contractor is responsible for supporting all production efforts for Zone Labs online campaigns.

Proactively manage and produce all of E-commerce-oriented, technology partner and SMB initiatives including web promotion activity such as email campaigns, landing pages, ad banners, etc.

Required skill set and experience:
  • High-level proficiency with HTML, CSS, and Javascript
  • Demonstrated expert understanding and implementation with popular email clients
  • Detailed understanding of cross-browser compatibility and proven experience creating highly-compatible web deliverables
  • Hands-on experience with Dreamweaver HTML editor/design tools a must
  • Excellent sense of web design to ensure optimal response from online campaigns
  • Detailed-oriented with ability to track, organize and prioritize multiple, simultaneous projects and request
Desired skill set:
  • Demonstrated ability to positively affect visitor/user behavior
  • Demonstrated ability to engage in cross-department planning and the ability to manage your own work schedules and commitments
  • B2C and B2B background desired
Education:

BS/BA degree required or equivalent industry experience, with a minimum of 3-5 years of web design/ production experience.

Send your resume to khalperin AT zonelabs.com.

Certificate Assistant for Mac OS X

Well I had no idea this was coming stumbled across the feature when I was checking out the new Keychain Access app. In the Keychain Access menu, look for the Certificate Assistant menu item. As Apple states:

Apple – Mac OS X – 200+ New Features

Certificate Assistant
Easily request, issue and manage certificates for small workgroups with this utility that blends many functions of a commercial Certificate Authority at none of the cost.

Well, well, well. What have we here? This is a pleasant suprise – create my own little self-signed certificates and a CA using a Mac-based assistant? How easy!

Self-signed certs don’t do much good for public use of things like SSL or S/MIME, but can be very nice for testing or for securing private communications. An administrator could go and create their own CA, install the cert as valid on the machines in the local network, and issue people certificates for S/MIME on the LAN.

I’d been hoping for better X.509 tools for Mac since I started working at Xcert back in 1998. With the improved Keychain Access, Certificate Manager, client certificate authentication in Safari, and S/MIME built in to Mail and Entourage, it seems that things have finally arrived.

Imagine

Some thoughts on the cuture of Macintosh and the relative security that Mac users enjoy:

SecurityFocus HOME Columnists: Apple’s Big Virus

Just as Windows users have become accustomed to 140,000 viruses, Apple users have become accustomed to none. It’s a major cultural difference that admittedly, sometimes causes Apple users to do stupid things — and get away with them. It’s hard to describe the freedom of using a system with no malware known to have spread. It’s liberating.

Beyond critical mass, I would like to believe there’s a better reason for the lack of viruses on OS X, and it’s based on the culture of the Mac — which is distinctly different from other platforms. Is it wrong to try a new computer system and actually enjoy the user experience, for a change? Can you imagine a world where (today) you can click on anything and never worry about malicious intent? Can we not continue this unwritten rule that there can be a platform out there that is simple, easy-to-use, with Unix (and a cool ports tree) underneath that has no threat at all from viruses?

It’s true really. As a Mac user, I pretty much surf the web without fear, and the last time I saw a Mac virus was CDEF back in the early 1990s, which usually got transmitted via floppy disk exchanges and cured via good old Disinfectant or a desktop rebuild.

The author in his article states: “…understand that users can still be tricked into clicking on anything — social engineering will always work, and there will always be people who click.” Certainly, ask a bunch of users to do something stupid, and a few of them are bound to click the big red shiny button. There is, in fact, a sucker in every crowd. And certainly part of the perceved security is a cultural thing people just don’t do that to their Mac-wielding bretheren. But I think also that a fair amount of credit needs to be given to the tradition of strong security practices in the Mac OS in general, and even more credit is due to Microsoft for making the most penetrable, bug-riddled, insecure operating system ever.

Incredibles Authentication

After watching The Incredibles today for what seems like the five hundreth time with my son Max, I realized a funny thing about the way they present polar opposites of good vs. bad authentication.

The good authentication scheme is presented in the scene where Edna Mode escorts Elastigirl into her lab. She proceeds with a numeric passcode, a biometric handprint, a biometric retina scan, and a voice analysis. On success of the credentials, a robotic weapon appeared out of the roof and was trained on the supposed intruder until Edna cleared it. The only thing missing from it was a cryptographic key token. The chance of unauthorized access is almost nil.

The bad authentication was in Syndrome’s computer room. Wall of lava yes, but nothing else really seemed to monitor who was coming in and out of the room. The computer system was protected by a dictionary password (“KRONOS”, which is a wonderful reference to a 1957 film about a robot sent to destroy earth), and that’s it. And it seemed from the dialogue that this password controlled systems outside the secure area, which would make it about as effective as guarding a bank vault with a squirt gun.

I loved the polarity. One was so perfect in it’s implementation, the other deeply flawed and exploitable. Would make a nice intro clip for an info security class.