Posted on

Diamond Pickaxe Hard Enamel Pin-Badge

 

Following the success of my previous minecrafter badges, I have made some hard enamel versions of a diamond pickaxe. It is of amazingly high quality.

IMG_4942 IMG_4943 IMG_4944

If you are interested in purchasing this badge then contact me.

 

All proceeds from this badge are donated to a local charity to provide equipment and support for children from disadvantaged backgrounds to play the game Minecraft and learn computer programming at the local Coderdojo and Scouts and are not for commercial or individual gain. Minecraft ®/TM & © 2009-2013 Mojang / Notch

 

Posted on

OpenSSL HeartBleed Bug – Explanation and fix

Heartbleed is a recently discovered small bug that relates to the OpenSSL’s implementation of the TLS ‘heartbeat’ mechanism.

The bug is present only in the OpenSSL versions 1.0.1 through 1.0.1f!

By exploiting this bug, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain data such as:

1) private keys
2) TLS session keys
3) confidential data
4) session ticket keys.

The remedy

You can test if a given server is vulnerable using this tool: http://filippo.io/Heartbleed/ (enter your domain as for example: yourdomain.name:443)

To check the OpenSSL version running on your server, use the following command via SSH:

CentOS

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Ubuntu

# dpkg -s openssl | grep Version
Version: 1.0.1-4ubuntu5.6

Having identified a problem, the first step is to patch OpenSSL. Fortunately this is relatively easy. The 1.0.1g version is not vulnerable, and Debian has a patch. You can also recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS option.

Installing OpenSSL 1.0.1g on CentOS:

# cd /usr/local/src
# wget -N http://www.openssl.org/source/openssl-1.0.1g.tar.gz
# tar -xzvf openssl-1.0.1g.tar.gz
# cd openssl-1.0.1g
# ./config
# make
# make install
# alias cp=cp
# cp /usr/local/ssl/bin/openssl /usr/bin/openssl
# cd /usr/local/ssl/include
# ln -s /usr/local/ssl/include/openssl openssl

Once done, check the version again and restart the web server:

# openssl version
OpenSSL 1.0.1g 7 Apr 2014

Restart any services using SSL.

Installing OpenSSL 1.0.1g on Ubuntu:

# apt-get update
# apt-get install -y openssl libssl1.0.0

Restart any services using SSL.

What’s the TLS Heartbeat mechanism ?

The TLS Heartbeat mechanism is designed to keep connections alive even when no data is being transmitted. Heartbeat messages sent by one peer contain random data and a payload length. The other peer is suppose to respond with a mirror of exactly the same data.

If you want to read more about this, the best written article I’ve found on this topic can be found here: http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Posted on

Top 20 replies by programmers when their programmes don’t work

20. Thats wierd…..

19. It’s never done that before.

18. It worked yesterday.

17. How is that possible?

16. It must be a hardware problem.

15. What did you type in wrong to get it to crash?

14. There has to be something funky in your data

13. I haven’t touched that module in weeks!

12. You must have the wrong version.

11. It’s just some unlucky coincidence.

10. I can’t test everything!

9. THIS can’t be the source of THAT.

8. It works, but it hasn’t been tested.

7. Somebody must have changed my code.

6. Did you check for a virus on your system?

5. Even though it doesn’t work, how does it feel?

4. You can’t use that version on your system.

3. Why do you want to do it that way?

2. What were you doing when the program stopped working?

1. It works on my machine.

 

…..I must confess that we say No. 1 in our office all the time when someone phones up still running Windows Xp and IE 6!