When a certificate is "untrusted" by IE (such as a self-signed certificate), it displays a "Certificate error" icon next to the address bar. It used to be that you can click on that icon, "View certificates", then install it. On Windows 7, because of UAC , the "Install Certificate..." button is no longer displayed. In order to see the button, you have to start IE9 with administrator privileges: right click on the IE9 shortcut icon and select " Run as administrator... ". To save the certificate to a file, click the Details tab on the Certificate dialog, then click " Copy to File... ".

Screenshot: Details: W:Failed to fetch copy:/var/lib/apt/lists/partial/... Solution: Become root: $ sudo bash Goto the apt folder: # cd /var/lib/apt Remove (or move) lists: # rm -r lists Create new lists folders: # mkdir -p lists/partial Retrieve new lists of packages: # apt-get update

The SELinux security context for files is stored in the form of an extended file attribute. To remove security context in a file: setfattr -x security.selinux file_name But you have to boot with SELinux disabled before you can do that. To restore security context in a file: restorecon -v file_name

From Fedora Project wiki : A security context , or security label , is the mechanism used by SELinux to classify resources, such as processes and files, on a SELinux-enabled system. This context allows SELinux to enforce rules for how and by whom a given resource should be accessed. A security context is typically shown as a string consisting of three or four words. Each word specifies a different component of the security context, namely, the user , role , type , and level of that file or process . Each word is separated by a colon. Use the -Z switch to display security context info. Display security context for Apache files: $ ls -Z /var/www/ drwxr-xr-x. root root system_... Display security for files under...

By default SELinux blocks execstack permission. According to Ulrich Drepper : "As the name suggests, this error is raised if a program tries to make its stack (or parts thereof) executable with an mprotect call. This should never, ever be necessary. Stack memory is not executable on most OSes these days and this won't change. Executable stack memory is one of the biggest security problems. An execstack error might in fact be most likely raised by malicious code." You can check if a library/application requires execstack by using the execstack utility: execstack -q PATHTOPROGRAM You can try to clean the flag and see if the application still runs: execstack -c PATHTOPROGRAM To allow execstack for cc1 : # grep cc1 /var/log/audit/audit.log | audit2allow ...

cURL is a command line tool for transferring files with URL syntax. The main purpose and use for cURL is to automate unattended file transfers or sequences of operations. It's really easy to see HTTP headers with curl: C:\>curl --head http://www.google.com HTTP/1.0 ... or, headers and page together (dump headers to stdout): $ curl --dump-header - http://www.google.com HTTP/... Download openssl from openssl.org: curl http://www.openssl.org/source/openssl-0.9.6m.... C:\>curl --help Usage: curl [options...] <url> ...

If you have X server on the client side, you can run remote desktop with XDMCP . But XDMCP is not secure, and it's somewhat tricky to tunnel XDMCP through ssh. So if you are concerned about security, VNC is a much better choice. Plus vncviewer is a lot easier to set up than X server. There are two options to set up VNC server: VNC vino-server Many Linux distros come with remote desktop server installed. On Fedora Core, you can simply set the configuration from the Desktop menu (Desktop -> Preferences -> Remote Desktop), and use vncviewer from the client machine to access the desktop remotely. Install RealVNC or TightVNC and configure it yourself You need to change ~/.vnc/xstartup in order to see the...

If you don't want to open an extra port for VNC or want extra security with SSH, you can setup an SSH tunnel for VNC. On Windows, you can do this with Putty or openssh . Open a command window, and enter (using Putty as example): C:\local\bin\plink.exe -ssh -2 -L localhost:5901:r... When connecting with vncviewer , use localhost:5901 as server instead of remote_host:5901 . If you use the setup frequently, it is more convenient to setup the tunnel as a Windows service . Assuming the name of the service is vnc_tunnel , the registry entry would look like: Windows Registry Editor Version 5.00 [HKEY_...

This is a workaround for a Windows security bug which existed since Windows NT 3.1. The problem is caused by flaws in the Virtual DOS Machine (VDM). Create a file with the follwoing contents and double click on the file to import into the registry. This disables the MS-DOS subsystem. Windows Registry Editor Version 5.00 [HKEY_...