Skip to content. | Skip to navigation

Personal tools
Log in Register
Sections
You are here: Home

Welcome

Slides from MacIT Session 833 Certificate Basics

I've posted my slides from the session that I presented at the MacIT conference. 

Switch to Plone 4

I've done a major update to the website, switching from Plone 3 to Plone 4. This has been long overdue, but it'll allow me to move forward with quite a bit of functionality. The visual style is lighter, with more emphasis on the content and less on the navigation and framing. 

Another CA Given the Death Penalty

DigiCert Malaysia has distributed 22 certificates with weak (512-bit) keys and no usage restrictions. Apple, Mozilla, Google, and Microsoft have all decided to revoke trust in this CA. 
 
Note that DigiCert Sdn. Bhd is NOT the same as the US corporation DigiCert. The Malaysian CA is a downstream CA from Entrust and Verizon (GTE CyberTrust). 
 
According to reports, only some Malaysian government and internal servers are affected. 
 

Protecting Your Mac From the DigiNotar.nl Certificate Compromise

On July 10, 2011, DigiNotar.nl (a Netherlands CA) issued a fraudulent SSL certificate for the domain *.google.com, which would be valid for all google.com domains. Microsoft, Mozilla, and Google have made all DigiNotar-issued certificates invalid. Apple has yet to make any statements about its response, but here's how you can protect your Mac

Update: the GlobalSign CA has not been compromised. We're OK on this one. 

OD Binding Package Wrapper

The OD Binding Package Wrapper is a simple Cocoa-Applescript application that generates a package the will bind a Mac to an Open Directory master. It wraps up the OD master, and optionally the Directory Administrator username and password, into a postflight script inside an installer package. Once the binding information is in a package, the binding can be pushed out easily via Apple Remote Desktop, or be done in one simple step by an first-tier support tech who doesn't need to know details about how to do the binding. 

MacTech Boot Camp Dallas Slides

These are copies of the slides from my session on Mobility at the MacTech Boot Camp in Dallas, April 2011. 

Policy Banner for Snow Leopard

This is a Policy Banner for Snow Leopard that uses a pre-login application, a cleaner approach than the security agent plug-in that was used in the past. It is not compatible with Leopard, but adds significant new functionality with respect to management via MCX, including a preference manifest. 

Macworld Expo 2011

Here is a copy of the Keynote presentation that I used at the session. 

I'll be presenting the Raiders of the Lost Certificate session in San Francisco on Friday, January 28. 

What does the magic lock icon in your browser mean? How does a certificate work? How can I get one for myself, how do I store it, and how do I use it? Explore the deep mysteries of the SSL certificate and see how it can affect you and your organization. We'll look at: 

    • The underlying mathematical theory behind certificates 
    • The role of certificate authorities 
    • What happens when your browser interacts with an https web site 
    • How you get a certificate 
    • Certificate usages 
    • Certificates and Keychains 
    • Mac OS X Server and Certificates

Don your fedora, coil up your bullwhip, and let's go stalk the wily certificate!

Credit for Finding a Security Bug! 

I found a security bug in Mail.app, which was rolled into the Snow Leopard 10.6.3 update and Leopard Security Update 2010-002. 

Tech Topics Newsletter

New! Sign up for the tech topics newsletter, sent out on a bi-weekly basis. Back issues are archived here.

Press Coverage

Paul Suh, the president of ps Enable, was recently quoted in Network World magazine about Mac OS X in the enterprise.

About the Company

ps Enable, Inc., provides computer consulting services centering on Mac OS X and Mac OS X Server, with real-world experience in systems integration, security, and web presence. It emphasizes integrating computer systems into an organization's business workflow rather than just having them as an adjunct.

ps Enable, Inc., has the knowledge to facilitate every phase of an organization's information technology project, from business needs analysis, to design and implementation, to end-user training and maintenance. In each phase, ps Enable, Inc., can provide both in-depth technical knowledge as well as project management skills that result in the maximum capability for the customer.

ps Enable, Inc., offers in-depth expertise in a variety of fields:

  • Mac OS X and Mac OS X Server, including Active Directory integration, Mac-based directory services network design and deployment, and XServe RAID/Xsan storage area networks.
  • Network security, including firewall and network security design and integration, e-mail filtering and analysis, and intrusion detection systems.
  • Development of custom applications based on WebObjects, AJAX, Cocoa, and Filemaker Pro.
  • Website infrastructure development based on the Plone content management system.
Document Actions