Observations of a geek.

Twitter

Posted Tue, 2009-04-28 23:59 by geekwisdom

Follow me on Twitter @SteveMoitozo2

Configuring Firefox 3 for Increased Privacy

Posted Fri, 2009-04-10 12:14 by geekwisdom

I have written about configuring Firefox for increased security, now it's time to talk about increasing privacy. Some of these ideas will also have a positive impact on your security as well. I'm not going to get into ways to can keep your wife from knowing where you've been on the Internet. I'm more concerned about maintaining your privacy with regard to Web site operators.

HOWTO: Apache Name-based SSL-enabled Virtual Hosting

Posted Thu, 2009-03-26 09:34 by geekwisdom

I want to do virtual hosting of SSL-enabled virtual hosts on the same Apache server as my other non-SSL-enabled virtual hosts. I don't want to assign more than one IP address to the server and all of my virtual hosts will be within the same domain (e.g., example.com).

BACKGROUND

When Apache processes a request for a name-based virtual host it receives the request from the browser, which includes the Host header (e.g., Host: www.example.com). Apache uses the Host header to determine which name-based virtual host to route the request to. It works this way regardless of the connection type, HTTP or HTTPS.

Personal Password Management Survey

Posted Thu, 2009-03-19 14:49 by geekwisdom

My next computer security video will cover personal password management. In anticipation of that I decided to do an anonymous survey to see how folks manage their passwords. I don't claim that it's statistically accurate or that it reveals anything conclusive. It's a sampling of people from Facebook, Twitter, and work.

49 people from all over the place took the survey.

-----
When asked to rate themselves on their management of passwords:
6% said less than OK
49% said OK
45% said better than OK

-----
When asked about their approach to using passwords:
57% said they use a different password for each class of service (one for commerce, one for banking, one for social services, etc.).
24% said they use a unique password for each service.
19% said they use the same password for everything.

Automated backups of MySQL databases

Posted Fri, 2009-03-06 15:35 by geekwisdom
Unless you have intelligent backup software that can do something smart to backup your databases, restoring a backup of a running MySQL server is like restarting your database after a hard system crash, it's a crap shoot. Since I don't have any fancy backup software that can help I decided to use mysqldump to create a snapshot of my database server and write it out to a compressed SQL file. Then my (dumb) backup software can continue to be used and I will be able to recover easily if my server dies.

Here's the quick and dirty script:

#!/bin/sh
#
# This script automates a call to mysqldump
# and sends the output to a file in a backup
# directory. The script is set up to keep
# seven days of history.
#
# Before you can run this script you must
# set up a MySQL user that can perform the
# backup. This user must have permission to
# SELECT and LOCK TABLES. The user should not
# be permitted to access MySQL in any way other
# than through the local socket. Here's how the
# user should be created:
#
# GRANT SELECT,LOCK TABLES ON *.* TO 'SomeUser'@'localhost' IDENTIFIED BY 'SomePassword'
# FLUSH PRIVILEGES;
#
# This script should be owned by root and only
# root should be able to read, write, and
# execute it. (i.e., chmod 700)
#

Upgrading MySQL from version 3.23 to 5.0.x

Posted Wed, 2009-03-04 14:46 by geekwisdom
I recently had to upgrade a moldy old MySQL database server from version 3.23 to 5.0.x. Instead of stepping from 3.23 to 4.0, then from 4.0 to 4.1, and finally from 4.1 to 5.0.x I decided to use mysqldump.

I ran the following command on the old database server:
/path/to/mysqldump -u root -p -h oldserver.example.com --opt --all-databases > bigdump.sql

Then all I had to do was move the bigdump.sql file over to the new server and run the following command:
/path/to/mysql -u root -p -h newserver.example.com < bigdump.sql

Now all that is necessary is to flush the privileges so that users can access the databases. I logged into MySQL:
/path/to/mysql -u root -p -h newserver.example.com mysql

The problem with security questions

Posted Mon, 2009-02-16 23:56 by geekwisdom

In this video Software Architect, Steve Moitozo, addresses the problem of providing secure answers to "security questions" on Web sites? He's written about this issue in the past in Death to the Secret Question and thought it would be helpful if I addressed it here in video form.