Observations of a geek.

Personal Password Management

In this video Software Architect, Steve Moitozo, addresses the issue of personal password management. For links to resources mentioned and a previous blog on this topic refer to Password Management. See the post Personal Password Management Survey to see the questions and the response numbers.

Firefox 3 sec_error_crl_invalid errors

For the last month or so I've been experiencing sec_error_crl_invalid errors on a couple of sites when using Firefox 3. Thanks to this post on NZGeek's blog I was able to resolve the issue. It turns out by deleting the CRLs (that where disabled anyway) I was able to solve my issue.

Jesse's Favorite Interview Question

Jesse Robbins elegantly described the kind of person that would be a good candidate for the Internet Services Engineering aspects of my job in his O'Reilly Radar post.

My favorite interview question to ask candidates is: "What happens when you type www.(amazon|google|yahoo).com in your browser and press return?"

Twitter

Follow me on Twitter @SteveMoitozo2

Configuring Firefox 3 for Increased Privacy

I have written about configuring Firefox for increased security, now it's time to talk about increasing privacy. Some of these ideas will also have a positive impact on your security as well. I'm not going to get into ways to can keep your wife from knowing where you've been on the Internet. I'm more concerned about maintaining your privacy with regard to Web site operators.

HOWTO: Apache Name-based SSL-enabled Virtual Hosting

I want to do virtual hosting of SSL-enabled virtual hosts on the same Apache server as my other non-SSL-enabled virtual hosts. I don't want to assign more than one IP address to the server and all of my virtual hosts will be within the same domain (e.g., example.com).

BACKGROUND

When Apache processes a request for a name-based virtual host it receives the request from the browser, which includes the Host header (e.g., Host: www.example.com). Apache uses the Host header to determine which name-based virtual host to route the request to. It works this way regardless of the connection type, HTTP or HTTPS.

Personal Password Management Survey

My next computer security video will cover personal password management. In anticipation of that I decided to do an anonymous survey to see how folks manage their passwords. I don't claim that it's statistically accurate or that it reveals anything conclusive. It's a sampling of people from Facebook, Twitter, and work.

49 people from all over the place took the survey.

-----
When asked to rate themselves on their management of passwords:
6% said less than OK
49% said OK
45% said better than OK

-----
When asked about their approach to using passwords:
57% said they use a different password for each class of service (one for commerce, one for banking, one for social services, etc.).
24% said they use a unique password for each service.
19% said they use the same password for everything.