if your data passes through a network, it can be read on that network. if your data passes though several networks on the way to the recipient, it can be read at every single point along the way. encryption won't the interception, but it will stop the understanding.
So, after a few months of procrastinating (almost 5), I've gotten around to renewing the SSL certificate on the website. There's no need to be alarmed, this doesn't really affect anybody who's visiting the site. You'll only notice if you visit using https://itjc.net. Don't be alarmed by the warning about an untrusted certificate. All that means is the certificate has changed, which in this case was intentional, and your browser doesn't trust the certificate automatically, because I haven't bribed a Certificate Authority, but opted for a self signed certificate instead. For this particular site, that doesn't matter a whole lot.
However, for any merchant or banking website, or a website which you log into (like Gmail, Facebook, etc.), the security certificate matters a lot.
This provides an opportunity to explain what's going on for those who may not already know. In the next few days (months?), I plan on writing a bit about certificates, what I've learned about how to make them, and some of my thoughts on the advantages/disadvantages of creating your own versus purchasing one.
For now, we'll start on what a security certificate is, in simple terms for non techies. In the context of the internet, a security certificate is like a proof of identity. Every time you visit a website, it presents you with it's identification papers (it's security certificate). This certificate doesn't change. Therefore, every time you see the same certificate, you get an assurance that the website is authentic, you are actually talking to the real website.
If you are the victim of a spoofing or phishing attack, you might think you are visiting https://bank.com, but actually be looking at https://attacker.com. When this happens, https://attacker.com presents you with a bogus security certificate. Naturally, this does not match the trusted certificate on file for https://bank.com, and you get a big red scary warning, telling you that the site is fake. When you see this warning, you decide not to give attacker.com your credit card and banking details, and your pocketbook is much happier.
In a nutshell, that's why security certificates matter. In the next article, I'll explain a bit about different kinds of certificates, and how your browser automatically knows that a certificate is valid or not.
I just noticed something rather curious today. The laptop was starting up a little sluggish, and so I checked the start-up items. A really fast and easy way to do this is with the built in Windows utility called: msconfig
On the "Startup" tab, I found an item for Citrix ICA Client. I don't use this very often, and for irrational reasons, I really don't like seeing it in my task tray. Therefore, I distinctly remember disabling this particular process a few weeks ago. Sure enough, there were two entries for Citrix ICA Client, one was enabled, and one was disabled. After disabling both entries, and reopening the msconfig utility, the second entry has disappeared.
The moral of the story, is that the Citrix ICA client automatically writes to your CurrentVersion/Run registry path, and creates an entry for itself when it runs. I don't suppose this would be a problem in the typical use case, where Citrix is used to daily access some form of virtual desktop. However, I find it rather annoying that I can't find an option within the client itself to turn off this feature. I do not want it to start every time I turn on the laptop, as I only use it once every few months. For now though, it looks like I'll have to pay extra attention when I do use the Citrix ICA client, and be sure to disable it's related start-up item when I'm finished.
Warning: this is probably only of interest to a small few of you out there. However, those small few may find this very interesting.
Disclaimer: this is also skipping lots of steps, but those steps have been linked to. If you can't follow along, reread those links until you can.
Recently, I decided that I was going to get a Wifi Pineapple. You should get one too. However, I also decided that I could get away with just buying the same router off Amazon, and installing the Pineapple software myself. I learned a valuable lesson about making assumptions based on looks and form factor. The Wifi Pineapple is based off the Alfa Hornet-UB and has an Atheros chip in it. As you may guess from the title of this post, I mistook that for the Alfa R36, which I promptly ordered off Amazon, without researching further. The Alfa R36 has a Ralink chip in it. I have since spent a few weeks looking up OpenWRT support for the R36.
Here are a few links which were instrumental in piecing this all together:
http://cloud.wifipineapple.com/index.php?flashing
http://wiki.openwrt.org/toh/alfa.network/hornet-ub
https://forum.openwrt.org/viewtopic.php?id=31264
http://alfanetworkinc.blogspot.com/2012/01/r36-recovery-guide.html
http://downloads.openwrt.org/attitude_adjustment/12.09-beta2/ramips/rt305x/openwrt-ramips-rt305x-w502u-squashfs-sysupgrade.bin
The process of installing OpenWRT turned out to be relatively straight forward. Download the openwrt-ramips-rt305x-w502u-squashfs-sysupgrade.bin file, and rename it to something simple (UseThisFile.bin). Then follow the steps here: http://alfanetworkinc.blogspot.com/2012/01/r36-recovery-guide.html
Start your serial console, choose option 2, Load system code, then write to Flash via FTP. Follow through the instructions, setting up your TFTP server, and launching Putty etc. Then, instead of uploading the recovery image R36-1.2.0.7.img, which is the original firmware, type in the name of the file above instead.
After a few minutes, the install was done, the router rebooted, and I was displayed with the OpenWrt splash screen.
Yay!
Over the past few weeks, we have consistently had an hour or two free each day. As efforts to get some online training haven't yet been approved, we've decided to take matters into our own hands and train ourselves as best as possible.
Around my work area, there are a number of "disposed" workstations and old servers. I have taken the initiative to salvage what can be salvaged, and to turn these workstations into a training server environment. The object was to create a Windows Server 2008 environment, which would be a hands on area to learn and practice server administration. It should simulate real client networks, but be effectively isolated from the real world. (read: a safe place to make mistakes, and to learn both what happens when the mistake is made, and how to correct the mistake, without actually knocking down a client site).
In light of this, I can share a few lessons already learned.
