Tuesday, April 15, 2014

Solving Heartbleed Bug

Earlier this week, security researchers announced a vulnerability (known as “Heartbleed Bug”) in OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which could include usernames and passwords of users or other data stored in server memory.

To be clear, this is a vulnerability of the OpenSSL library, and not a flaw with SSL/TLS, nor certificates issued by Symantec or GeoTrust.
Here are steps to fix this bug:
  1. Identify if your web servers are vulnerable (running OpenSSL versions 1.0.1 through 1.0.1f with heartbeat extension enabled). If you’re running a version of OpenSSL prior to 1.0.1, no further action is required.
  2. If your server is impacted, update to the latest patched version of OpenSSL (1.0.1g).
  3. Generate a new Certificate Signing Request (CSR).
  4. Reissue any SSL certificates for affected web servers using the new CSR (do this after moving to a patched version of OpenSSL).
  5. Install the new SSL certificate.
  6. Website administrators should also consider resetting end-user passwords that may have been visible in a compromised server memory.
Hope you will save in this storm.

Thursday, April 10, 2014

MySQL: manage (disable, purge/clean) binary log files (mysql-bin.xxx)

MySQL binary log files contain all statements that update data or potentially could have updated it.
These files have 2 important purposes:
  • Data Recovery : after a backup file has been restored, the events in the binary log that were recorded after the backup was made are re-executed. These events bring databases up to date from the point of the backup.
  • High availability / replication : used on master replication servers as a record of the statements to be sent to slave servers. The master server sends the events contained in its binary log to its slaves, which execute those events to make the same data changes that were made on the master.
The problem is these files can cause your hard disk full. So you need to manage them to save your hard disk space and match your replication and backup policy. Please note that you shouldn't delete them manually. Instead of, you should configure MySQL for them.

I suggest 2 ways for handling them.

1. Disable these binary logs if you don't use replication function.
Open my.ini (Windows) or my.cnf (Linux), then find the line (starting with log-bin or log_bin) and comment to disable it:
#log-bin = mysql-bin
You should create a backup (dump data) daily if disable this.

2. Purge / clean them frequently if you use replication function.
Login to mysql then use the following command:
mysql> PURGE BINARY LOGS BEFORE DATE(NOW() - INTERVAL 3 DAY) + INTERVAL 0 SECOND;
It will clean all binary logs before midnight 3 days ago.

You may also need to set expire_logs_days value:
mysql> SET GLOBAL expire_logs_days = 3;

And add or modify this variable in my.ini (Windows) or my.cnf (Linux).
[mysqld]
expire-logs-days=3

To avoid to interrupt your replication, run SHOW SLAVE STATUS\G to check, you will see 2 binary logs from the Master: Master_Log_File and Relay_Master_Log_File. Then run this command:
PURGE BINARY LOGS TO 'Whatever Relay_Master_Log_File Is';

Finally you should restart your MySQL. That's all.

Monday, April 7, 2014

Setup free emails with your own domain on Outlook.com

MS Outlook.com offers free email service, in which you can create emails (50 & can more) with your own domain. Further its email is unlimited storage. So what are you waiting for? :)

1. Register your own domain with domains.live.com

Go to domains.live.com, sign in then click Add domain button. Fill your domain to the box then click Continue button. See below image for quick reference:

2. Review and accept agreement

Microsoft will ask you review & accept the agreement. Let accept it.

3. Verify your domain and config MX record

After finishing step 2 above, it will display setting info for you to config your domain. You must verify the domain before using. There are some ways there. I recommend you use MX record way to verify and config your domain to send emails just in 1 step. Let pay attention on Mail setup (required) section as the following:
Go to DNS of the domain and add a MX record with value same as MX server which you see on Mail setup (required) the area. You can add your domain registrar for supporting to add this MX record.
When this is finished, it needs time (few minutes to 48 hours) to verify  your domain. After click Refresh in above picture, if you see Your service is Active like the following picture, that's time you can add emails for the domain:
Or after few hours, you can sign-in domains.live.com again, then select your domain with status Pending DNS configuration to hit Refresh button again, until it is active.

4. Create accounts (emails)

After your domain is active, you can create emails. Or you can add them by clicking Member accounts menu then click Add button. You also can Edit or Delete emails here.

5. Check and send emails via an apps

If you have time, you can read detail instruction here. In this article, I'll brief in major steps:

5.1 Enable POP

Go to Outlook.com, log-in to your email account, then click Options:

Then click Connect devices and apps with POP:
Click Enable option, select Don't let... to keep your emails on the server. Click Save button.

5.2 Config client email app

After enabling POP, now you can receive & send emails via an apps. Below is setting info:
  • Incoming (POP3) Server
    • Server address: pop-mail.outlook.com
    • Port: 995
    • Encrypted Connection: SSL
  • Outgoing (SMTP) Server
    • Server address: smtp-mail.outlook.com
    • Port: 25 (or 587 if 25 is blocked)
    • Authentication: Yes
    • Encrypted Connection: TLS
  • User name: Your email address
  • Password: Your password
  • If you don’t want email to be deleted from your Outlook.com inbox after it’s downloaded to your email app, select the Leave a copy of messages on the server option.

That's all. Bye! See you in next geek!
Subscribe to RSS Feed Follow me on Twitter!