Category Archives: Security

Use a Go Daddy SSL cert with DYNDNS site

How To:

  • Let’s say you like keeping as much money as possible and only spending what is necessary.
  • Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.

What Why Where?

  • Why DYNDNS?  …typically due to the business using a dynamic IP address
  • they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
  • …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
  • The cert offered by DYNDNS is overpriced at $99/yr.  Their other services are extremely price friendly so maybe this isn’t such a big deal.  …but then again it’s money you can keep
  • Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special.  This is the same cert they (Go Daddy) normally charge $45 for.  You can purchase from 1-5 years.

Hypothetical Site

  • your site:  rubberduckies.dyndns.com

your DYNDNS WHOIS information

  • it won’t be able to be seen by Go Daddy in order to send you the verification email
  • Why?  WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
  • The Administrative Contact for that WHOIS query is hostmaster@dyndns.com which BTW isn’t you
  • http://whois.dyndns.com

DYNDNS Custom DNS

  • Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
  • It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
  • you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name

SSL certificate issuance steps

  • First step –generate a CSR (certificate signing request) – at your IIS server
  • Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
  • Manage the Certificate that is listed under your Go Daddy “My Products”
  • Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
  • Cert goes to a state of ‘pending’
  • Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email

When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation

  • adding a DNS record into your domain proves you to be an authoritative person for the domain
  • Go Daddy must be called before they email you this
  • create the TXT record per their instructions
  • you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered

With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”

  • you will see a window with a link to click to have Go Daddy use the TXT validation

Return to the cert portal and see if the cert has cleared all hurdles and is “issued”

If it isn’t you may have to wait for Go Daddy to manually review your site and request

  • I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
  • took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!

Download the certificate

A five year Go Daddy SSL cert just cost you $65.  Of course you could have spent $495 with DYNDNS.  Please send your grateful donation to me at your discretion. ;-D

Why are whole countries banning BlackBerrys when US’ Barry insists on keeping his?

“It’s official: Saudi Arabia bans BlackBerrys

By Nate Anderson | The rumors are true: Saudi Arabia has become the second country inside of a week to block access to Research in Motion’s BlackBerry devices on grounds of national security.”

http://arstechnica.com/gadgets/news/2010/08/its-official-saudi-arabia-bans-blackberries.ars

Barry on Berry – http://fightidentitytheft.com/blog/obamas-blackberry-security-strategy

“When Barack Obama famously refused to relinquish his treasured BlackBerry, he became the first president in American history to use email while in office. He will also be the first to have to worry about personal internet security.”

Oh no! My email address got blasted out by my new friend, a business associate, or maybe Mom. What to say?

The premise here is that email blasts occur regularly and usually it involves a sales deal, an event of some kind, or around a cause.  Chain letters are another notorious source for guilt-tripping the recipient to forward it out to all your friends or else be a real lousy individual; and these actually still work year in year out.

The blast can be done safely if people still feel compelled to send such multi-recipient messages out to people who are otherwise complete strangers of each other.  How?   Use the BCC field of course.  Well that of course assumes you knew about BCC.  If you didn’t this post isn’t for you though; rather, it is about you.

My dilemma as a responsible technology professional is to advocate for safe usage of the internet, for people to maintain privacy, and for their identity to remain secure from SPAM’rs or worse.  Often I am doing this with people I’m often barely acquainted.  The internet and email is not as intimate as a face to face heart to heart chat.  It’s a touchy thing to only have email to have these ‘talks’.  So what has been done is that after a blast offense occurs I’ll send an email back to the originator with a scripted reply message.

This blog is written because, I want to know what other people say. Do you say anything at all?  How does my message stack up against what you are saying?  Please comment away as I’d like to make it effective and brief.  …so here goes:

Thank you for considering my interest and sharing this information with me.

I’ve got a small request that I hope you’ll honor.  As a technology service provider and small business owner, information security and privacy are key issues that I must guard for my own sake and for my clients.  Please understand that by including my name and email address in the ‘To’  or ‘CC’ field populated with many others that some of them may again forward the email much like you have.  If they do then my email address and identity get circulated.  This then exposes my email identity as well as any others in the To and CC fields to future SPAM and other undesirable unintended consequences.

The good news is this is an unnecessary risk; so I have an easy fix and request.  In the future when and if you send an email to me along with an audience of others (a blast message) please add me to the ‘BCC’ (blind carbon copy) field and not to not to the “To” or “Cc” fields; in practice it would be a good neighborly thing to do this for everyone who’s a recipient.  This on the net is called good “netiquette” and an overall appreciated best practice by anyone who’s ever received SPAM or who has had their identity stolen (I have).  As for what address to put in the “To” field just insert your own email or any secondary email address.  It is important though that the address be valid or else this is a criteria which SPAM filters will trigger and the email may not reach some of your BCC recipients.

Q&A from the Windows 7 Springboard Roundtable

A roundtable discussion was broadcast live on 2/12/2009 regarding the development and new features of Windows 7.  Here is the Q&A from that roundtable discussion

https://ms.istreamplanet.com/springboard

Is your next beta milestone going to be `feature complete?
The next milestone for Windows 7 will be the RC build. For more information, check out the Engineering Windows 7 blog post here: http://blogs.msdn.com/e7/archive/2009/01/30/our-next-engineering-milestone.aspx

is windows 7 a desktop only platform, or are there desktop and server flavors?
The next version of the Windows client is Windows 7. The next version of the Server is Windows Server 2008 R2.

Will there be an update to IE8 before RC?
No, the next update to Windows 7 will be the RC build, there won`t be any component updates in the interim.

How many versions of Windows will read “BitLocker To Go” encrypted media?
All versions of Windows 7 will be able to read “BitLocker To Go” encrypted removable storage devices.

Will our Beta`s be turned off on August 2? 31?
On 8/1/2009 the Windows Beta will no longer be functional.

Where can we find step-by-step guide for applocker,direct access, branch cache and the rest of new features?
For DirectAccess EarlyAdopter`s Guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=2fdc531d-9138-454f-a820-78211755b52aanddisplaylang=en For BranchCache Early Adopter`s Guide: http://www.microsoft.com/downloads/details.aspx?FamilyID=a9a1ed8a-71ab-468e-a7e0-470fd46e46b3andDisplayLang=en Applocker step-by-step guide is still in the works…

Is there an estimated date at this point for Windows 7 to be RTM?
The goal for Windows 7 RTM is to be 3 years after Windows Vista RTM date.

what is branch cache?
BranchCache is a new feature in Windows 7 and Windows Server 2008 R2 that will increase user productivity in branch offices and reduce the WAN link utilization. For more information please visit: http://www.microsoft.com/downloads/details.aspx?FamilyID=a9a1ed8a-71ab-468e-a7e0-470fd46e46b3andDisplayLang=en

What versions of Windows 7 will be available?
There will be a number of diferent versions of Windows 7 available.See the following blog for more information: http://windowsteamblog.com/blogs/windows7/archive/2009/02/04/a-closer-look-at-the-windows-7-skus.aspx

will branch cache features in Windows 7 be back ported to earlier versions of the os?
There are no plans to back port BranchCache into earlier versions of OS.

Will there be a recording of the video and the q and a available?
Yes the video recording and the QandA will be available within a week.

The DirectAccess Early Adoptor`s Guide link does not work.
You could get to the Early adopter`s guide from DirectAccess Technet Page also. Please visit: http://technet.microsoft.com/en-us/network/dd420463.aspx

Will there be 32-bit and 64-bit versions of Windows 7?
Yes.

What is the expected RTM date for Win 7?
The goal for Windows 7 RTM is 3 years after Windows Vista RTM date.

Is it correct that there will not be a Beta 2 this time arround?
That is correct, the next public release will be the RC build of Windows 7.

will applocker only work with win7
Yes, it will work with Windows 7 Enterprise and Ultimate editions.

Can you upgrade Windows 7 Beta 1 to Windows 7 RC or it has to be clean install?
Upgrades from Beta, to RC, to RTM will be supported.

RWW Exclusions SBS 2003 – Leaving Desktops With Local Access Only

If you have a desktop you do not want accessed through the RWW portal there is a simple way to do this.  You add the computer name to the “ExcludeList”.

This applies to SBS 2003 not SBS 2008 (see Andy’s comment).

It is a subkey in the Windows Registry found here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal

Under this you will see a String Value ‘ExcludeList’

You should add desktops with no spaces and separating multiple names with a comma:

image