Facebook, Twitter and YouTube have become part of many people's daily network life. People hang around these sites to network with known and unknown friends, to know about the latest news and to relax with fancy video clips. But what will you feel if all of a sudden you cannot access them? Want to experience this? Go behind the GFW(Great Firewall) of China. Just a joke, but it's real.Huh, you are out of China? Don't worry. Change your DNS server to those located in China. I just experienced it, although it's not planned and unpleasant one.I am not sure what happens at the beginning, all of a s...

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw.Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.If this vulnerability is exploited by the attackers, the session cookies from ...

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today.There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries or frameworks. The HeartBleed issue happens in OpenSSL and the ShellShcok issue happens in bash shel...

In previous post, we have explained how to create a certificate chain in Java. After generating the chain, we need to store it somewhere so that it can be used later when we are doing the actual SSL communication, either in a key store or trust store. This post will show you how to store the private key and its associated certificate chain in a keystore file.There are different types of keystore in Java, in this post, we will choose the JKS to demonstrate how to store the certificate chain. When storing a private key entry into a keystore, we need to store its associated certificate chain as w...

Paranoia is not necessarily a bad thing - assuming someone is really out there to get you. True or not, the paranoid have had issues they need to control explode as the internet developed, they also got specific tools to make their secrets (or their life, not everybody has a dark secret) more secure and under control. Unfortunately to them, and to the amazement of science and science fiction fans worldwide, a new way of obtaining secrets has appeared and it’s something very few expected. The result of the combined brainpower of Adobe, Microsoft and MIT researchers is the visual microphon...

This is the first post in this series which I will show you how to generate SSL certificate in Java programmatically. Certificates are frequently used in SSL communication which requires the authentication of server to client. This is to make the client to trust that the server is actually the one it claims. Certificates are really important on the Internet. All HTTPS communications on the Internet need the server side to present their certificates signed by trusted CAs.The basic flow of a request generation is that we first use some tool to generate the certificate request, this certificate r...

Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system.Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own code base. So far these changes done on the forked OpenSSL library include:Splitting up libcrypto and li...

To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us.Here comes the technical explanation.You might notice before that a lot of websites use URL starting with "https". For example, https://www.google.com.sg. HTTPS literally means secure HTTP, as the "s" stands for secure. Both HTTP and HTT...