Certificate issue causing add-ons to be disabled or fail to install - Add-ons / Announcements - Mozilla Discourse
At about 6:10 PST we received a report that a certificate issue for Firefox is causing add-ons to stop working and add-on installs to fail.
Our team is actively working on a fix. We will update as soon as we have more information.
Ce matin toutes mes extensions Firefox désactivées d’un seul coup...
...et impossible d’en installer une que ce soit via le gestionnaire de modules ou directement depuis les fichiers.xpi
=> gros #fail chez Mozilla !
c’est réparé : pour réactiver les extensions malencontreusement désactivées il faut forcer la mise à jour des extensions : menu « Options » > « Modules complémentaires » > onglet « Extensions » > ouvrir le menu de configuration (petit engrenage juste sous le moteur de recherche en sommet de page) > « Rechercher des mises à jour »
Que faire devant l’erreur « SEC_ERROR_UNKNOWN_ISSUER » sur des sites web sécurisés | Résolution de problèmes | Assistance de Mozilla
La bidouille pour débloquer les sites aléatoirement en erreur de sécurité SEC_ERROR_UNKNOWN_ISSUER sous Firefox 61+ pour cause d’antivirus Avast trop zélé (pfff ! encore des problèmes parce qu’on me veut du bien !)
Set-up #ssl in #nodejs and Express using OpenSSL
This a simple, easy-to-follow tutorial on how to serve pages over https in NodeJS using Express Framework.Tools/Frameworks we would be using for this tutorial, are:NodeJS: You should’ve basic knowledge on how to program in NodeJS.OpenSSL: A tool to generate key and certificate.ExpressJS (npm i express): Back-end framework for writing web servers in NodeJS. More about Express.https : Comes with NodeJS.Let’s set-up our project directory. It’s not a directory with lots of files. Instead, it contains only 4 files which are package.json, key.pem, cert.pem and server.js. So, create a new directory node-https, cd node-https and run npm init -y to create package.json file.Now install express using npm i —save express. Create a server.js file and type the following code in it.Our server.js should (...)
This is an open letter to all #crypto writers and community managers.
Please stop advising your readers, investors and community members to look for the padlock in their browser toolbar. This advice is dangerous.A padlock is the browser’s way of telling you that a website has installed an #ssl Certificate. SSL Certificates are used to encrypt the transmission of data between your browser and the website — that’s it. This prevents a third-party from stealing your personal information as you type it into the website.A padlock / SSL Certificate does not indicate that a website owner is who they claim to be — or that they can be trusted. SSL Certificates are FREE and are automatically issued. There is no verification process. You can not trust a website just because it has a padlock.I have witnessed community managers responsible for groups with more than 20k members, (...)
Getting a Free #ssl Certificate on #aws a How-To Guide
AWS gives you a FREE SSL certificate if you use their load balancer (yes you do have to pay for the load balancer but its pretty cheap and in then end is something your site should have anyway) but I found the setup to be confusing. Setting up a load balancer, connecting it to the EC2 instance, configuring the DNS, and putting in all the correct information is not a trivial process. This guide gives you everything you need to get up and running with an SSL cert.What’s CoveredSetting up a Security GroupSetting up an EC2 Instance w/ Elastic IPSetting up SSL with the Amazon Certificate Manager (ACM)Setting up a Load BalancerSetting up Target GroupsI assume you have some app that is ready to deploy. Whether it uses NodeJS, Python, or Java on the backend doesn’t matter. All that does matter is (...)
Easy, Let’s Encrypt Certificates on #aws
Mike Milligan and the Kitchen brothersHere is a quick tutorial on how you can create free #ssl certificates for your AWS deployments.If you’re on AWS and hosting a large workload, you can actually get free certificates from Amazon by using their Certificate Manager. However these certificates can only be attached to an AWS Load Balancer, an API Gateway instance or a CloudFront distribution.For small Laravel staging deployments that don’t require a load balancer because you just need one front-end server, it is then not worth the overhead cost as a Load Balancer comes at around $17 per month, depending on the region.On the other hand, Let’s Encrypt offers a free Certificate Authority service, which means it will sign SSL/TLS certificates for free. The downside is that they expire every 90 (...)
Monitor your #https certificate expiry with this script
Last year’s new years eve, I got a call from my client. They said their website was infected by a virus and no one can access it.Now, my client runs a juice shop, and had no idea about how the web technically works, so I discarded the “virus” issue but he said site can’t be accessed so I fired up Firefox in my phone and I saw the Your connection is not secure page.Ever since Let’s Encrypt came out of beta, I’ve used it to convert all my and my clients’ sites to secure connections via HTTPS. I had set up a cron as instructed by certbot to renew the certificates regularly, but it used to fail every once in a while because I didn’t update the python packages, or something like that. Let’s Encrypt is kind enough to send a mail before expiring, but initial installations were done by an employee.Since (...)
Setting up node app with #ssl on a #digitalocean droplet
credit: ▻https://www.linkedin.com/pulse/five-reasons-why-developers-love-digitalocean-janakiram-msv/You probably Googled it it and are here! Okey, no more time waste (for MYSELF in future)…Let’s see how to setup node app with SSL on a DigitalOcean VPSInstall Heroku for it’s versioning featureGit push the app to HerokuSetup a drop letGenerate SSH keysSetup git bash for SSH-ing to dropletConnect to Droplet using SSH keysInstall nodeConfirm node installation using node -vInstall MongoDB if the app needs to persist dataConfirm if mongodb is running using the command sudo systemctl status mongodbSetup and configure pm2 to orchestrate the node appConfirm pm2 installation using pm2 -vClone to a location in the serverStart the node app for first cut testingStart node app as a processInstall nginxMake sure (...)
Create a private local #docker registry
On your machines inside a VPN, there are use-cases where a private docker registry is handy especially if you want to have a customized image built for your stack.The caveat is that docker automatically assumes that all your connections are encrypted via https . And that means you need to have domain to encrypt your traffic on https protocol. This guide will help you setup a regisry without having a DNS and a valid SSL/TLS Certificate:Question:Ahm.. Ken there is already a Tutorial on docker official docs about creating a private registryDeploy a registry serverAnswer:The docker official docs are a good enough starting point when you want to learn the basics and the theory. However you will need to dig around if you want to make it registry work without a proper SSL Certificate and (...)
#stunnel pour chiffrer la connexion à #VNC
Stunnel est un solution simple et remarquable pour chiffrer les accès à vos machines exécutant VNC !
La collecte des sites #SSL dans #Firefox !
Un peu surpris de voir les sites accédés en https consignés dans un fichier de mon profil Firefox !
These guys at ESIEA wrote a nice little FireFox extension that allows you to see if you are going through an SSL proxy (perhaps installed by your organisation), or being the victim of a MITM attack. (man-in-the-middle). (Or that you have an antivirus installed that does SSL inspection)
Johns Hopkins researchers poke a hole in Apple’s encryption
Researcher Matthew Green from John Hopkins university claims to have found a way through iMessage to intercept messages, photos and encryption key, and this for iOS versions prior to 9.3. This is done by forging TLS certificates and intercepting traffic by pretending to be an Apple server.
The recently released iOS 9.3 is supposed to incorporate the mitigation advise proposed by the researchers and correct this problem.
The paper can be found here:
Our analysis shows that iMessage has significant vulnerabilities that can be exploited by a sophisticated attacker. In particular, we outline a novel chosen ciphertext attack on Huffman compressed data, which allows retrospective decryption of some iMessage payloads in less than 2^18 queries. The practical implication of these attacks is that any party who gains access to iMessage cipher texts may potentially decrypt them remotely and after the fact.
Specifically, we attempt to answer the following question: how secure is Apple iMessage?
To perform our analysis, we derived a specification for iMessage by conducting a partial black-box reverse engineering of the protocol as implemented on multiple iOS and OS X devices.
Also interesting statement in the paper:
Apple stores encrypted, undelivered messages on its servers and retains them for up to 30 days, such messages are vulnerable to any party who can obtain access to this infrastructure, e.g., via court order
Their long-term recommendation to Apple:
Replace the iMessage encryption mechanism. ;-)
The Washington Post wrote about this paper:
Christopher Soghoian, principal technologist at the American Civil Liberties Union, said that Green’s attack highlights the danger of companies building their own encryption without independent review. “The cryptographic history books are filled with examples of cryptoalgorithms designed behind closed doors that failed spectacularly,” he said.
Also funny is this quote from Green:
it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.
Accélérer votre réponse SSL/TLS avec l’OCSP Stapling | Octopuce
Le monde du web regorge de vieilles rengaines, et « HTTPS c’est lent » en est une des plus persistantes … S’il est vrai que la négociation TLS ajoute un aller-retour à la connexion initiale, les navigateurs récents utilisent de nombreuses techniques pour accélérer cela : HTTP/2 permet des flux multiples dans la même connexion, Les tickets de session SSL évitent la renégociation dès la 2e connexion, et l’OCSP Stapling permet de ne pas avoir à vérifier l’état d’un certificat auprès de l’autorité.
#ssl Server Test: aldarone.fr (Powered by Qualys SSL Labs)
Après tools.aldarone.fr c’est au tour de aldarone.fr de passer en full HTTPS.
Celui là était un peu tricky parce que c’est le domaine principal d’un WordPress Multisite et que les autres sites hébergés restent en HTTP pour l’instant.
Merci Let’s Encypt ! (Encore)(Permalink)
Install, configure and automatically renew Let’s Encrypt #ssl certificate (English) - Blog - Vincent Composieux, Développeur PHP Symfony, Golang, Python, NodeJS
Un tuto avec un script pour renouveler les certificats let’s encrypt pour plusieurs domaines avec la méthode webroot et nginx. (Donc la méthode à utiliser pour ne pas couper sa prod lors du renouvellement de certificats)(Permalink)
De guerre lasse, j’ai fait le choix de Open Web Analytics sur Nginx !
Face à des gens qui cherchent à vous pourrir la vie, il y aura toujours des solutions simples à mettre en œuvre !
Check if your ciphered WEB traffic is intercepted
We propose a user-friendly that allow you to check if your encrypted web traffic (SSL/TLS) towards secured Internet servers (HTTPS) is not intercepted (being listened to).
Get the extension - Firefox / Chrome / Internet Explorer