Friday, 11 April 2014

From Azure to Firebase: Could not establish trust relationship for the SSL/TLS secure channel.

UPDATE (16/Apr/2014):  Following a lead from the Firebase Support it looks like the problem could be inside Azure for all SSL, since "https://www.google.pt".GET(); also doesn't work.

Just had a really weird scenario happen to me in the last couple hours, which could be somebody hacking Azure (but I think there is a more benign explanation)

The new version of TeamMentor (currently in 3.4.1 RC0) has a really cool real-time log/activity log viewer which uses Firebase to push data and pull data (from a 'configured TM server' into 'multiple browser-based viewers').

For a while all was good (both locally and in Azure), but in the last couple hours, I noticed that the 'data push' stopped working (i.e. my test version of TM running on Azure was not pushing Activities, DebugMsg and RequestUrls into the assigned Firebase account).

Here is what the viewer looks like (with new messages not being received):

On the unrealistic expectations on OWASP board members, and the 'myth of the OWASP Board member'

Following Michael's original OWASP.next post to the leaders list (regarding his OWASP.next post on the OWASP blog), Dennis replied with a number of examples of rotten leadership  which I don't really agree with and posted the text bellow as my reply

For a while I have been saying that putting such 'expectations and requirements' on board members was going to cause a lot of friction and this is just another example of it

I don't actually agree with Dennis analysis. But the reason I don't agree is not due to the fact that he is correct (or not) in his analysis. My view is that it is completely unrealistic to put  such a high level of expectation on OWASP board members, specially in terms of their: behaviour, morals, actions and words. My biggest problem with current/past board members is on lack of action, decisions and delegation of duties :)

Thursday, 10 April 2014

RIP 'Belly Cruz', 12 year old Labrador

Today was a sad day :(

We had to put our 12 year 'belly' to 'sleep'

She got hit by a brain tumour a couple weeks ago, which left her without being able to walk and without any quality of life.

But what we have to remember, is that she had a great life, fully of joy and happiness (although she never managed to catch the squirrel, even after hundreds of attempts).

She was able to keep a mental map of every single plate/pot/pan that had not been licked (yet), and was always super excited to find our house (after going our for a walk).

She will be missed ... our silly dog....

Tuesday, 8 April 2014

OpenSSL Heartbleed Bug (read server side memory anonymously)

Wow, this is a pretty nasty vulnerability:

"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). 

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."
(from http://heartbleed.com/)

See if your website is vulnerable using: http://filippo.io/Heartbleed/ 

PoCs:
References



Monday, 7 April 2014

Published Beta version of "Practical O2 Platform Tools" eBook

After releasing the "Practical AngularJS",  Practical Git and GitHub,  Practical Jni4Net and Practical Eclipse books, here is an equivalent book containing the O2 Platform Tools related blog posts.

This new eBook has 113 pages and is made of 23 blog posts published in the last couple years.

The posts are grouped by topic and represent a number of mini-tools created by the O2 Platform

This eBook is available at https://leanpub.com/Practical_O2Platform

Sunday, 6 April 2014