Run MySQL in the foreground

Well actually it’s not in the foreground but to a log file, but if you tail / follow the logfile you could pretend it was the foreground :-)

mysqld_safe --log-error=/var/log/mysql.err

And perhaps you have imported a database for forensic investigation and you don’t know the database password, you can just skip the authentication:

mysqld_safe --skip-grant-tables --log-error=/var/log/mysql.err

sec_error_ca_cert_invalid - Firefox and SSL certificates

Seems that Firefox v31 and later has decided to remove access to sites encrypted with self signed certificates by default!

Anyway to resume some form of normality modify your “about:config” in the firefox address bar
Search for “security.use_mozillapkix_verification” and set it to “false”

That should do it.

Encrypt data with AES256 in your browser / javascript

I have finished setting up a new tool for in browser AES256 encryption via the javaScrypt library. Included within the page is a tool to produce SHA1 / SHA224 / SHA256 / SHA384 / SHA512 hashes.

The idea was that I has a central place to encrypt and decrypt data any time, any place with no reliance on anything except a web browser. I wanted to use java script so that both mine and your data doesn’t leave the browser and stays confidential.
(Perhaps David Petraeus could have used something like this, the trail might have been even harder to follow had he left the ‘draft’ message encrypted)

I implemented the SHA hashing as a tool to strengthen poor passphrases. The idea being that you use your lame password as input, create the hash and encrypt your data with the 128 character key (SHA512). When you need to decode your data you just do the reverse. Now some valid points to think about are:

  • If you were being targeted and an attacker knew that your password was a SHAx hash then, you would be susceptible to bruteforce attacks against the hash.
  • Using a hash (lower case letters and numbers) will provide less entropy against a fully random password of equal length.
  • I believe (my opinion) that if you can afford to trade the security of someone knowing your password is a hash vs a shorter more complicated password your better off hashing your actual password with SHA512 (128 characters a-z 0-9)
  • Of course your better off with 128 character fully random key but how are you suppose to remember that?

Check it out here:

Delete certain messages from Postfix Queue

Ever had some alerting software spam your production mail queue with 1000’s of alerts?
And you dont want to delete every message individually…

Here is the solution to delete all messages destined for

mailq | tail -n +2 | grep -v '^ *(' | 
gawk 'BEGIN {RS = ""} / {print $1}' | 
tr -d '*!' | postsuper -d - 

Thanks to for that one!

Samhain - POLICY NODIRECTORY explained

This was a tricky one. I kept getting alerts for:

CRIT   :  [2012-07-09T23:40:34+1000] msg=<POLICY NODIRECTORY>, path=</var/log>
-----END MESSAGE-----

And for the life of me wasn’t sure why but after reading the source code the cause is explained:

{ MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE },

And you know what it was correct! /var/log was a softlink to /data/logs!