Hacking – Is SSL really secure with Root CA ?

Some days ago, I heard about a Root CA was attacked and some CAs was faked up which leads to a serious security vulnerabilities that internet users lose their sensible data although they used https:// for communicating to web server. This issue made me think about a case study that “What would happen if a Root CA was controlled by a government ? Will I be attacked by Man-In-The-Middle in https:// ? Can I protect myself from being attacked like that ? Is SSL really secure at all ?”. So I try myself to find the answers for these questions and think that it can be interesting for you.

A normal user may be does not know anything about https:// or HTTP Secure, for example my wife says simply there is one more “s” in compare to http:// and that’s all. My friend says it’s address of website. We must enter correctly with the “s” at the end otherwise we’ll be prompted for wrong URL. They are perfect, innocent answers, aren’t they? As advanced users, we all know that there is a term of “Man-In-The-Middle” attack in which an attacker acts as a repeater and sniffs all transferred data between user and web server. So if we send and receive data in clear text, he can read our sensible data (username, password) and what he would do with this data, only God knows. Therefore a requirement as well as a solution for encrypting data before sending out of internet world was born, that is HTTP Secure.

Continue reading Hacking – Is SSL really secure with Root CA ?

How to add subdomain in nginx server?

Follow these following steps to add a subdomain within Nginx server.

1. In the domain panel, add an A-record to point the new subdomain to your server

2. Register the new subdomain with Nginx server

sudo nano /etc/nginx/sites-available/youtube.hintdesk.com

3. Use this simple configuration for the newly created file

server {
        listen 80;

        root /var/www/html/apps/youtube;
        index index.html index.htm index.nginx-debian.html;

        server_name youtube.hintdesk.com www.youtube.hintdesk.com;

        location / {
                try_files $uri $uri/ /index.html?$args;
        }
}

4. To enable the configuration, make a symlink to the enabled sites

ln -s /etc/nginx/sites-available/youtube.hintdesk.com /etc/nginx/sites-enabled/youtube.hintdesk.com

5. The last thing to do is restart Nginx:

service nginx restart

6. If we activate SSL for our domain and receive the error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY on Chrome. Then edit the ssl.conf with following settings

sudo nano /var/www/tetxua.com/conf/nginx/ssl.conf

And add following lines

ssl_ciphers "ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES";

Which is recommended by Cloudflare.