Diamond Pickaxe Hard Enamel Pin-Badge

 

Following the success of my previous minecrafter badges, I have made some hard enamel versions of a diamond pickaxe. It is of amazingly high quality.

IMG_4942 IMG_4943 IMG_4944

If you are interested in purchasing this badge then contact me.

 

All proceeds from this badge are donated to a local charity to provide equipment and support for children from disadvantaged backgrounds to play the game Minecraft and learn computer programming at the local Coderdojo and Scouts and are not for commercial or individual gain. Minecraft ®/TM & © 2009-2013 Mojang / Notch

 

OpenSSL HeartBleed Bug – Explanation and fix

Heartbleed is a recently discovered small bug that relates to the OpenSSL’s implementation of the TLS ‘heartbeat’ mechanism.

The bug is present only in the OpenSSL versions 1.0.1 through 1.0.1f!

By exploiting this bug, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain data such as:

1) private keys
2) TLS session keys
3) confidential data
4) session ticket keys.

The remedy

You can test if a given server is vulnerable using this tool: http://filippo.io/Heartbleed/ (enter your domain as for example: yourdomain.name:443)

To check the OpenSSL version running on your server, use the following command via SSH:

CentOS

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Ubuntu

# dpkg -s openssl | grep Version
Version: 1.0.1-4ubuntu5.6

Having identified a problem, the first step is to patch OpenSSL. Fortunately this is relatively easy. The 1.0.1g version is not vulnerable, and Debian has a patch. You can also recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS option.

Installing OpenSSL 1.0.1g on CentOS:

# cd /usr/local/src
# wget -N http://www.openssl.org/source/openssl-1.0.1g.tar.gz
# tar -xzvf openssl-1.0.1g.tar.gz
# cd openssl-1.0.1g
# ./config
# make
# make install
# alias cp=cp
# cp /usr/local/ssl/bin/openssl /usr/bin/openssl
# cd /usr/local/ssl/include
# ln -s /usr/local/ssl/include/openssl openssl

Once done, check the version again and restart the web server:

# openssl version
OpenSSL 1.0.1g 7 Apr 2014

Restart any services using SSL.

Installing OpenSSL 1.0.1g on Ubuntu:

# apt-get update
# apt-get install -y openssl libssl1.0.0

Restart any services using SSL.

What’s the TLS Heartbeat mechanism ?

The TLS Heartbeat mechanism is designed to keep connections alive even when no data is being transmitted. Heartbeat messages sent by one peer contain random data and a payload length. The other peer is suppose to respond with a mirror of exactly the same data.

If you want to read more about this, the best written article I’ve found on this topic can be found here: http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Do not stand at my grave and weep, by Mary Elizabeth Frye

Do not stand at my grave and weep,
I am not there, I do not sleep.
I am in a thousand winds that blow,
I am the softly falling snow.
I am the gentle showers of rain,
I am the fields of ripening grain.
I am in the morning hush,
I am in the graceful rush.
Of beautiful birds in circling flight,
I am a star shining in the night.
I am in the flowers that bloom,
I am in a quiet room.
I am in the birds that sing,
I am in each lovely thing.
Do not stand at my grave and cry,
I am not there. I did not die!