Safer alternatives for Skype:
# iucode-tool -S -l /lib/firmware/intel-ucode iucode-tool: system has processor(s) with signature 0x000006e8 ... selected microcodes: 110/001: sig 0x000006e8, pf_mask 0x20, 2005-11-15, rev 0x0039, size 4096 059/001: sig 0x000006ec, pf_mask 0x80, 2006-09-12, rev 0x0059, size 4096 059/002: sig 0x000006ec, pf_mask 0x20, 2006-05-01, rev 0x0054, size 4096
The tool – called ‘SSL strip’ – is based around a man-in-the-middle attack, where the system for redirecting people from the insecure to the secure version of a web page is abused. By acting as a man-in-the-middle, the attacker can compromise any information sent between the user and the supposedly secure webpage. The author of the exploit claims to have used it to steal data from PayPal, GMail, Tickermaster, and Facebook – including sixteen credit card numbers and control of more than 100 email accounts.
This kind of vulnerability has always existed with SSL because it is difficult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon.
SSLKEYLOGFILE
.Solutions:
Install Let’s Encrypt certificate using ACME client
Crypt::LE
dependencies: apt-get install libcrypt-openssl-rsa-perl libconvert-asn1-perl libjson-maybexs-perl liblog-log4perl-perl
apg-get install libmodule-build-perl
cpan -i Crypt::LE
le.pl --key account.key --update-contacts "one@email.address,another@email.address" --generate-missing
le.pl --key account.key --csr domain.csr --csr-key domain.key --crt domain.crt --domains "www.domain.ext,domain.ext" --path /var/www/.well-known/acme-challenge --unlink --live
le.pl --key account.key --csr domain.csr --csr-key domain.key --crt domain.crt --domains "www.domain.ext,domain.ext" --path /var/www/.well-known/acme-challenge --unlink --live --renew 20 && echo "Time to update the certificate file and reload the server"
2017/10/11 20:09:21 [ ZeroSSL Crypt::LE client v0.27 started. ] 2017/10/11 20:09:21 Loading an account key from account.key 2017/10/11 20:09:21 Loading a CSR from domain.csr 2017/10/11 20:09:21 Registering the account key 2017/10/11 20:09:22 The key has been successfully registered. ID: 1031216 2017/10/11 20:09:22 Make sure to check TOS at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf 2017/10/11 20:09:24 Successfully saved a challenge file '/var/www/.well-known/acme-challenge/gzbKv6yOK8anw-hxVmCK-aKTEXrxcdJtJ569v0BcM7M' for domain 'www.domain.ext' 2017/10/11 20:09:27 Domain verification results for 'www.domain.ext': success. 2017/10/11 20:09:27 Challenge file '/var/www/.well-known/acme-challenge/gzbKv6yOK8anw-hxVmCK-aKTEXrxcdJtJ569v0BcM7M' has been deleted. 2017/10/11 20:09:27 Requesting domain certificate. 2017/10/11 20:09:27 Requesting issuer's certificate. 2017/10/11 20:09:27 Saving the full certificate chain to domain.crt. 2017/10/11 20:09:27 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ]
cmd://{%Applications%}\VncViewer\tvnviewer.exe centurion:5901 -password={PASSWORD}
It should be noted however that such behaviour trades convenience for security. That is because an X window provided by GTK/QT pinentries is able to grab input globally, whereas pinentry-curses is not. It would be therefore possible for a malicious application to hijack and record passphrase being given to pinentry curses in X terminal.
To disable the pinentry GUI window:
export PINENTRY_USER_DATA="USE_CURSES=1" unset GPG_AGENT_INFO
pinentry-curses
package installed): pinentry-program /usr/bin/pinentry-curses
Alternatively one can download GPGv1 CLI from this FTP site (e.g. gnupg-w32cli-1.4.18.exe).
See also GPG key management operations via the agent considerations.
systemd[10575]: Closed GnuPG network certificate management daemon. systemd[10575]: Closed GnuPG cryptographic agent (access for web browsers). systemd[10575]: Closed GnuPG cryptographic agent and passphrase cache (restricted). systemd[10575]: Closed GnuPG cryptographic agent (ssh-agent emulation). systemd[10575]: Stopped target Timers. systemd[10575]: Closed GnuPG cryptographic agent and passphrase cache.
systemctl --global mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket
See also /usr/share/doc/gnupg-agent/README.Debian
.
openssl pkcs12 -export -in cert.pem -out cert.pfx
jre\lib\security\
.jre\lib\security\java.security
(ordering may vary): security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
otherwise execution will fail with the following message:
Error reading certificate (wrong password) error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC Error creating keystore error constructing MAC: java.lang.SecurityException: JCE cannot authenticate the provider BC
java -jar PortableSigner.jar -n -t input.pdf -o output.pdf -s cert.pfx -p secret_password -c "Final revision" -r "Approved for publication" -l "Department of public relations"
Alternatively one can use LibreOffice v5.3 or higher:
See also:
Mentioned also in:
2010/02/13 23:22 | ||
2015/04/26 06:25 | ||
2010/02/13 23:22 | ||
2010/02/13 23:22 | ||
2010/02/13 23:22 |
Run one of the reg files below with self-protection off and then reboot:
For 64-bit systems:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP14.0.0\OlaFormScheduler] "enabled"=dword:0
For 32-bit systems:
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP14.0.0\OlaFormScheduler] "enabled"=dword:0
for c in `seq 1 10` do cat proxy_list.txt | while read host port other do https_proxy=http://$host:$port wget -q --tries=1 --timeout=3 -O /dev/null https://www.tut.by && echo "OK $host:$port" done | sort done
"Девица не хочет лезть в Окно" – device not compatible with Windows.