I recently transition from using Downcast to Overcast. Unfortunately, I was pretty far behind listening to some of my podcasts, and Overcast was not able to "see" some old episodes of some podcasts (e.g. Security Now!, since TWiT only keeps the latest 10 episodes in the feed). I create a javascript/php Manual Podcast Feed Generator that allows for the quick creation of non-updateable podcast feeds. All of the information is encoded in the URL, so I don’t need to store data.
Category Archives: News
Updated Dreamhost Ciphers
Dreamhost offers free SSL/TLS through SNI for their shared hosting accounts. When this service was first released, it was limited to an RC4 ciphersuite and TLSv1.0. For most applications, RC4 is no longer a preferred cipher within the cryptographic community (Matthew Green’s blog post).
I haven’t seen an announcement, but I’d guess it was in the early November upgrade from Debian to Ubuntu that updated the security.
Dreamhost now supports TLSv1.0, TLSv1.1, and TLSv1.2 with the following cipher suites:
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
Other than Triple-DES being a little on the weak side, this is now a very solid and modern list of ciphers.
Chrome Update Web Forgery
In viewing one of those "…you won’t believe what happens next…" sites, I ran across a pretty well formed fraudulent website attempting to get me to install malware/spyware. I’m used to most of these attempts sounding very alarmist as they try to get me to download and install something.
Other than the Chrome logo and the URL, this is a well formatted and convincing page. It’s even accurate. I was using Chrome 35 on Windows.
Looing at the source:
The "Accept and Install" button would have downloaded "Chrome_Setup.exe". Unfortunately I don’t have a system I want to risk installing this on to see what it actually is.
Unaffected by Heartbleed
tidgubi.com was not affected by the Heartbleed bug. For HTTPS connections, tidgubi.com uses OpenSSL without the vulnerable heartbeat feature enabled.
Google Wallet Fixes Bug
For any iOS users that gave up on Google Wallet due to the inability to login using an Authenticator, Version 2.0.13611 Released February 4, 2014 fixes this bug. Now that I can authenticate, I happy to have another option to Passbook for the sake of having options and to add my rewards programs that don’t work with Passbook.
This bug made it impossible to authenticated to Google Wallet if you had a single device with Google Authenticator and Google Wallet as well as a long & complex password. Backgrounding the Google Wallet App, would cancel the authentication process, so you would have to copy your Authenticator code before entering your password. If it took longer than 30 seconds to switch apps and enter your password, your code would expire…