Friday, October 16, 2009

Thawte dumps free personal E-mail Certificates

Important Thawte&reg Personal E-mail Certificate Holder Notice

Thawte Personal E-mail Certificates and Web of Trust are being discontinued

Dear (My Complete Full Name - PacketBoy),
Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and theWeb of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

Deciding to conclude these services was a difficult decision for us to bear, specifically because of the community that has been built around these products over the years.

To express our gratitude and sincere appreciation for being a part of our Thawte community, we would like to offer you up to $100.00 off the purchase price of our SSL and/or code signing certificates.

If you would like to take advantage of our offer, please forward this email to our sales department. Their contact details are listed at the foot of this message. Please note that this offer expires on November 16, 2009.

We have also made a special arrangement with VeriSign regarding replacing your personal email certificate. VeriSign's exclusive offer to you is for a FREE 1-year replacement personal email certificate - a $19.95 value. This offer will be open for 2 months after the service is discontinued and will no longer be available after January 16, 2010. Simply follow appropriate link below to request your certificate:

MS Internet Explorer:

For Mozilla, Firefox, Netscape, or Apple Safari:

You may replace each of your active certificates with a VeriSign® Digital ID for Secure Email using the following token(s):


Click here to receive answers to questions you may have with regard to enrolment for and installation of your free VeriSign Digital ID class 1:

For answers to further questions you may have about the discontinuation of this service and the impact to your existing certificates please refer to the following FAQ:
(we will keep this FAQ updated with responses to common questions)

We hope we can keep you in the Thawte family as customers of our SSL and code signing products. Thank you for your support of Thawte Personal E-mail Certificates and Web of Trustover the years.

Kind regards,

Thawte Technical Support
FAQ: Click here for FAQ

If you would like to take advantage of our free SSL and code signing offer, please forward this email to our sales department using the details listed below:
North American Sales
Tel: +1 888 484 2983

Online Chat: Click Here to Chat
International Sales
Tel: +27 21 937 8902

Online Chat: Click Here to Chat

Tuesday, October 13, 2009

October 13, 12 Updates for my Vista box, 1 Goal: Security

I would like to thank Dungeons & Dragons Online MMORPG for giving me a reason to play around with my Lenovo SL300 again and at the same time discover the multiple security updates for Vista released today by Microsoft.

This laptop has been sitting around gathering dust for a while. Simply because I hated the bundled Windows Vista Ultimate Sp2 OS. I would consider it a moderate-gaming laptop, with a dedicated Nvidia 128mb graphics chip. I rarely open this laptop, save for occasions where I need to do cross-Windows OS platform compatibility and User Acceptance Testing (UAT) of our proprietary VoIP application.

Another reason I boot it up is just to make the Avira Free Anti-Virus and Spybot S&D definitions updated, and of course, checking for Windows Updates is critical and has always been a routine for me every time I boot up my Windows systems, and any Windows systems I play around with regardless if I have it set to acquire Automatic Updates.

Today, October 13, after getting tired of completing Rank 2 Quests for my female Monk character (Yes, shame on me, my account in DDO is VIP) I decided to log out of my alternate universe, head back to the real world and work on my Security+ reviewers and SANS Institute Reading Room materials.

Jumping from one security website to another is a good alternative method to review. Sometimes staring and reading a book with 1000 pages will bore you one way or another, and you will want something more interactive.

One of the websites I frequently visit is, a relatively new site which I find very enjoyable to read. Not 2600'ish, but the articles and pictures are very enticing. The white page background and colorful graphics on this website makes the hardcore articles look like easy-reading, hence the enticing factor.

Threatpost also scales well on my Blackberry 8330's screen; as well as this humble blog of yours truly. Please go and try it. I find it very convenient to just pop-out my smartphone and read along every time I ride the BART going to work. Keeps me updated on the current IT security news. It's like Slashdot but only with Security-related topics.

Back to my Vista Ultimate SP2 box and its merry 12 updates from Microsoft on a single day, here's a screen shot of the list (click on thumbnail to enlarge screen shot)

Just by looking at these KB numbers I am already having headaches :-) Head to Microsoft's Security Bulletin website to find out what each Knowledge Base (KB) is all about:

You may want to try and use Microsoft's Baseline Security Analyzer on a couple of your Vista boxes. Just to make sure your Vista boxes, your brother's, your sister's, even your friend's friends Vista boxes are updated and safe.

Vista is beyond SMBv2 exploit (MS0-9050) nowadays, it has been a haven of choice for wannabe hackers and script-kiddies.

I wonder what's going to happen with Vista with Windows 7 coming out in a few days. Will it be the new Windows ME in memory?

Play safe kids.

Wednesday, October 7, 2009

Poor City Planing and your Disaster Recovery Plans

he Philippine Government finally admitted that poor city planning was the root cause of the recent massive flooding claiming the lives of nearly 300 people near and around the City of Manila.

Growing up in the Philippines, it doesn't take a genius to figure this out. We do not need statistics or blueprints of how the city was designed to scale presented to us to understand this.

You see it and you smell it.

I hate to say the "smell" thing because its very unlikely to come out from a patriotic Filipino guy like me, but it is the truth at least in my experience and opinion. Some part of Metro Manila is so congested that you do not need to open your eyes to know that this area is overpopulated.

You can't blame those people. Healthy conditions are the least priority of people who rarely eat at least twice a day and needs a shelter at night. Celebrities and politicians residing in tall buildings were not spared as well by the flood. There was even a story circulating around of a "dashing" rescue, worthy of a movie, wherein a famous actor rescued an actress in distress from her tall residential building using a speedboat. And not helping the less-privileged neighbors.

In the corporate IT world, I can almost imagine the feeling of helplessness of the people in charge of the Disaster Recovery and Business Continuity Plans (DRP & BCP) for their respective organizations.

These guys, mostly the Senior Network Administrators and Chief Security Officers of the corporate world, spent hundreds of man-hours in designing, testing, and implementing plans to
disaster-proof their business, regardless if its a natural or man-made disaster. The basic and ultimate goal is to survive such events and still continue to do business.

The problem is the actual city where your network infrastructure and organization is physically located. If the city was not designed with security, room for growth, and disaster recovery in mind, your plans get tossed out of the window.

Major City planners of the world should take a page out of secure software developers book: Design with security in mind. And spend less time mitigating risks.

If your city gets flooded to the point that major streets and thoroughfares look like a wild, gushing river, your well-laid plans most likely will take a detour. This detour is where your plans will be actually tested because you do not know whats going to happen next.

However, on major events like this, disaster recovery and business continuity plans should be tossed out of the window for the time being and self-preservation and helping other lives should be the number one priority.

After securing the lives of people working for your organization, go out and help out. Events like this happen for a reason and it makes organizations and cities plan and prepare better for the future.

Lessons learned is always the last phase of such events. Take detailed notes, recall how the event escalated, and learn from your mistakes.

A playground for network security enthusiasts, innovators and early adoptors

Welcome to my blog, this is me thinking out loud about Voice over IP security (VoIP), managing and optimizing converged networks, Metasploit Framework, Cloud Computing, general security and privacy concerns, grappling adventures, and tuning my MKIV VW Jetta.

All inputs, feedbacks and violent reactions are welcome.

Packet Boy Perseus
Helping spread a positive image why we hack things.

About Me

I am an InfoSec Innovator, a Blue Ocean Seafarer and a Paul Graham Pupil.