CAA DNS Records Provide Additional Domain Protection

In 2013, the CA/Browser Forum passed an intent to allow a DNS domain name (joeblow.com) holder to specify one or more Certification Authorities (CAs) authorization to issue certificates for their domain. No other CAs would be authorized to issue that domain’s certificate.

This is accomplished by the domain holder adding a “CAA” record to their DNS for their domain. This helps mitigate the problem that the public CA trust system is only as strong as its weakest CA.

Organized in 2005, the CA/Browser Forum is a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing.

View the full ballot.

On August 21st, 2017, Amazon Web Services (AWS) announced that their DNS service “Route 53” now supports CAA records.

Advertisements

#aws, #ca, #caa, #certificate, #dns, #domain

Modifying Your Hosts File

Windows 10 and 8

  1. Press the Windows key.
  2. Type “notepad” in the search field.
  3. In the search results, right-click Notepad and select “Run as administrator”.
  4. In Notepad, open the following file: “c:\Windows\System32\Drivers\etc\hosts”
  5. Append your entry such as:
    127.0.0.1[tab]www.mysite.com
  6. Save changes

Linux

  1. Open the “/etc/hosts” file in a text editor such as vi or nano
  2. Make the necessary changes to the file.
  3. Save changes

Mac OS X 10.6 through 10.12

  1. Open Applications > Utilities > Terminal.
  2. Open the hosts file by typing the following line in the terminal window:
    “sudo nano /private/etc/hosts”
  3. Type your domain user password when prompted.
  4. Edit the hosts file.
  5. Save the hosts file by pressing Control+x and answering y.
  6. Make your changes take effect by flushing the DNS cache with the following command:
    “dscacheutil -flushcache”

Global Ransomware Outbreak Prevention

A new ransomware, using the same attack as WannaCry, is hitting the world hard today on Windows PC’s. Here’s some steps to prevent this from happening to you:
1. Don’t click on links inside emails that you aren’t 100% positive you know what they do.
2. Backup your important files so something disconnect from your computer like the cloud or USB drive you remove. crashplan.com is a great service to have.
3. Install Windows updates – this prevents this specific attack from taking hold
6. Have an antivirus program running. A free one is avast.com – been using it for many years.
5. If you’re still on XP/Vista/Windows 7/Windows 8 etc. now’s a good time to get upgraded to Windows 10

#ransomware, #windows

Lucee 5 ColdFusion Scheduled Tasks

Lucee 5.0 – 5.2.1.9 (current version) has a bug in scheduled tasks that seems to affect both Windows and Linux servers.

When scheduling a task, they end up getting marked as “expired” and never run. Not sure how this issue has made it this far into revisions, but as of this post it’s still an issue.

https://luceeserver.atlassian.net/browse/LDEV-897

You can work around this issue using a cron job by way of curl.

On Windows you can use the Windows Task Scheduler and curl. Curl can be downloaded from https://curl.haxx.se/download.html

6/21/2017 – marked for “NextSprint scheduled”

#lucee, #scheduled-tasks

Activating Windows Server 2012R2 Evaluation

CF Webtools is part of the Microsoft Network which gains us access to software for development purposes. But one gotcha is if you try to apply the license key to an already installed evaluation version of Windows Server. In this case Windows Server 2012 R2.

When you try to change the product key in the UI, it says that this product key can not be used on this version of Windows. Not that the key and evaluation type are the same standard 2016 R2 edition.

To get around this use the “DISM” command.

To determine the installed edition, run:

DISM /online /Get-CurrentEdition

To check the possible target editions, run:

DISM /online /Get-TargetEditions

Finally, to initiate an upgrade, run:

DISM /online /Set-Edition: /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXX /AcceptEula

A server restart will be required.

edition upgrade

Note: Legally check your license. This is technical advice only.

Anxiety Reducing Music

According to researchers at Mindlab International in the U.K., the music “Weightless” by Marconi Union promotes a high reduction in anxiety. Check it out…

AWS EBS Live Volume Modification Gotcha

We currently run some magnetic EBS volumes for data storage accessed by EC2 instances. Last month AWS announced the availability of Live Volume Modification with Elastic Volumes on EBS. This would enable a volume to expand while being in-use. Where as before you’d have to schedule downtime.

Live Volume Modification is almost a must-have feature for the web servers we run to be cost efficient and reduce any downtime. I have also noted that EBS Magnetic Volumes are now considered “previous generation” technology. (AKA: silent deprecation, just like reduced redundancy S3)

modify-disabledI attempted to expand a magnetic volume on a m3.large instance but found that the modify link was disabled. After a forum post, and the helpful reply from AWS, I found that previous generation magnetic volumes can not be modified while live.

This feature is too important and we will be moving to a SSD volume type instead to enable this feature. However it remains to be seen what restrictions we may have. Documentation states: “Current generation m3.medium instances fully support volume modification. However, some m3.large, m3.xlarge, and m3.2xlarge instances may not support all volume modification features.”

See more information at “Considerations for Modifying EBS Volumes

Forum reference: https://forums.aws.amazon.com/message.jspa?messageID=771210

#aws, #ebs, #ec2, #elastic-volumes, #live-volume-modification, #magnetic