CryptedNets.org

Tag: Security Info

CA Root services cannot start after CA Root certificate expires

by on Dec.04, 2014, under Computer Stuff, Windows Info

Since by design, you cannot recover from a CA root certificate expiring, sometimes you need to limp along, and continue to issue certs even though you cannot necessarily revoke them, because the CRL published in Active Directory is now incorrect, or offline.
While we can argue all day about the benefits/detractors of this, here it is:
To bring the CA Root back online after the Root certificate expires, issue these commands in an elevated powershell:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Now, go back to the drawing board, and PLAN your PKI implementation, and DON’T LET YOUR CA ROOT CERTIFICATE EXPIRE!!!

Incidentally, once you’ve fixed your certificate snafu, to stop ignoring offline CRLs, do this in an elevated command prompt:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Leave a Comment :, , , more...

Guess what time it is…

by on Jul.29, 2009, under Windows Info

Give up?
It’s time to upgrade your version of Windows!!
http://www.us-cert.gov/cas/techalerts/TA09-209A.html
If you don’t know what that means, you’re in trouble. Yes, you.
Basically what this says is that EVERY version of Internet Explorer on every version of Windows is vulnerable to a Remote Code Execution exploit. (in English, that means that Mr. Bad Guy can run *ANY* program he wants on your computer with full administrative privileges. This of course, being in direct violation of Rule #1 of the 10 Immutable Laws of Computer Security.)
The patches will implement a kill-bit, and disable parts of COM and ActiveX controls, p(robably)ossibly breaking legacy applications.

The solution?
Run out ->don’t walk<- and buy the latest copy of the Microsoft Windows 7 Operating System. Oh. Sorry. You can't get it, just... yet... It's coming, though.. Microsoft Partners will see it in about 2 weeks, and it will be available to the general public some time in October. The attack vectors are not only via Internet Explorer. Any application (such as MS Office) with access to ActiveX and/or COM objects can exploit this vulnerability. Here’s the bulletin. Extensive testing is suggested if you use ActiveX controls or COM objects in mission-critical applications.

Leave a Comment :, more...

Before you download Google Chrome, read the Privacy Policy.

by on Sep.13, 2008, under Rants

Before anything else, I have to say that I *LOVE* Google. They’re my default homepage in all browsers.
Their search engine is nothing short of phenomenal. Google Labs’ developers frequently show that they are talented, capable programmers, who really enjoy what they do. However…
Call me silly, but I just can’t see downloading and using Google’s new web browser (Chrome), until they make some major changes to the Privacy Policy. It basically says that “anything you use Chrome to view or edit is automatically (and irrevocably) the property of Google.” It’s the main reason I don’t really use my Gmail account for anything.. Gmail has the same policy.
Snipped *Directly* from their (non-)Privacy Policy:

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

Uhhh… I don’t think so, Tim.
When you type into the Omnibox, everything you type is immediately sent to Google. The search terms you enter are tied to a unique UID that CAN IDENTIFY YOU INDIVIDUALLY.
Maybe it’s time to start developing the “Home User Search Indexing Engine”, so big brother doesn’t get to peruse the contents of your daily searches.

I once helped my son with a project for school regarding wartime propaganda. During the course of this project, we downloaded many images of governmental and political propaganda. Does the fact that I searched for and downloaded propaganda items from the web mean that I’m a subversive? Of course not! Will I have to defend my actions regarding this information because my search provider “flagged” a search? I had damn well better not.

Keep yer fancy new plugins and “protective features”. I don’t need ’em. I like to keep what I produce, unless I choose to give it away. Google, PLEASE fix this *rediculous* policy, and let us have our work, if we so choose.

Iceweasel on Debian wins again.

2 Comments :, more...


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets.org is proudly powered by

Use OpenDNS

Entries (RSS) and Comments (RSS)
Register - Login - Stats

Visit our friends!

A few highly recommended friends...