2017年2月14日星期二

WhatsApp uses port

WhatsApp is not designed to be used with proxy configurations or restricted networks, and we cannot provide support for these network configurations.

If you are a network administrator, you should allow traffic on all subdomains of *.whatsapp.net. WhatsApp uses TCP port numbers 443 and 5222, and UDP port numbers 3478, 53, 40020, 57923.


WhatsApp Support Team

2016年11月21日星期一

Self-Signed, Root CA and Intermediate CA Certificates

In this article I will be discussing about the following:
  • Self-Signed Certificate
  • Root CA Certificate
  • Intermediate CA Certificate
At the end I would like everyone to be able to differentiate between these certificate types.
Self Signed Certificate
Self Signed Certificates are certs where both the Issued To and the Issued By field of the certificates are same. In simple words it is a certificate where one issues a certificate to itself and hence the name Self Signed Certificate. Here is one example:
image
As seen in the above image the Issued to and Issued by are same. You may also observe the warning indicating that the certificate is not trusted. Of course it is not as it is self-signed, none of the Known Public CA’s have issued this, so it wont be trusted.


NOTE: To get past the above error put the cert in the Root CA store.
These certs come in handy as they can be created easily using several tools. Obtaining a certificate from a noted Certification Authority has a cost associated with it and may not be feasible at all times. Developers typically test their applications using a self signed certificates most of the times.
Root CA Certificate
Root CA Certificate is a CA Certificate which is simply a Self-signed Certificate. This certificate represents a entity which issues certificate and is known as Certificate Authority or the CA. The usage of the certificate distinguishes it with other normal certificates. Now a CA can be classified as either Root CA’s or Intermediate CA’s. On a Windows OS, if you are looking at the certificate store, you would see all the Root CA certificates in the Trusted Root Certification Authorities. This by default includes the list of public root CA’s which are installed with Windows and are updated periodically through Windows Updates. The number of the certificates would be lesser.


NOTE: Don’t add Intermediate CA certificates to the Trusted Root Certification Authorities store.

Identification of a Root CA:
Now how do we differentiate the CA certificates as Root CA or Intermediate CA. There is so much fuss around this. Its actually easy, look at the CA cert. If the Issued to and Issued by are same then it is a Root CA or else it is a Intermediate CA. Another identification would be to look at the Certification Path. The Cert which appears at the top of the list is the Root CA. Below is one example of one of the public root CA’s:
image
If you think logically this makes sense. CA’s are supposed to issue certificates. Now if I start the process from the beginning, then someone has to issue a certificate to himself and then start the process of issuing the certs down the line.
I’m not going to discuss the purpose of the CA certificate as that would lead to a whole new discussion altogether.
Intermediate CA Certificate
Intermediate CA Certificate is a CA certificate which is not a Self-signed Certificate. The purpose of this certificate may be same as the Root CA or different. Now one may think why to have a intermediate CA at all. Well here is what I think:
Initially it may not require to have a Intermediate CA, as the Root CA’s will serve the purpose. However as the requirement for PKI increases so would the number of CA’s. Understanding that CA at the end of the day is a Server Machine performing this computational task, it is required to have multiple machines. So they have to be replicated. Now it is again not viable to have many Root CA’s in the case of a Internet Scenario as this could lead to fraud and other management issues. So the concept of Intermediate CA was introduced. The Root CA’s delegated their tasks to the corresponding Intermediate CA’s for this. This way they can have one or more Intermediate CA’s.
On Windows OS, these certificates can be found in the Intermediate Certification Authorities Store. Comparatively the number of certificates in this store would be more compared to Trusted Root Certification Authorities store.
Below is a image of a certificate store of MY or Local Computer account. It contains many certificate stores, but I have only highlighted the ones relevant to this article.

image
ref.: https://blogs.msdn.microsoft.com/kaushal/2013/01/09/self-signed-root-ca-and-intermediate-ca-certificates/

2016年10月14日星期五

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)

Intel® Hardware Accelerated Execution Manager (Intel® HAXM) is a hardware-assisted virtualization engine (hypervisor) that uses Intel® Virtualization Technology (Intel® VT) to speed up Android* app emulation on a host machine. In combination with Android x86 emulator images provided by Intel and the official Android SDK Manager, Intel HAXM allows for faster Android emulation on Intel VT enabled systems.
The following platforms are supported by Intel HAXM:
Microsoft Windows*
Windows® 10 (32/64-bit), Windows* 8 and 8.1 (32/64-bit), Windows* 7 (32/64-bit)
ref : https://software.intel.com/en-us/android/articles/intel-hardware-accelerated-execution-manager

2016年3月17日星期四

VirusScan Enterprise 8.x Access Protection rule blocks outbound SMTP mail on Port 25


VirusScan Enterprise 8.x Access Protection rule blocks outbound SMTP mail on Port 25
技術文章 ID:  KB50707
上次修改:  1/26/2015
已評分:

環境
McAfee VirusScan Enterprise 8.x

For details of VSE 8.x supported environments, see KB51111.
問題
Outbound SMTP email is blocked by VirusScan Enterprise (VSE) 8.x Access Protection rule for Port 25.

Blocked items include:

    Alert and event notifications from McAfee products such as Vulnerability Manager and Network Security Platform.
    Mail from third-party email applications.

    NOTE: This does not include known email clients such as Microsoft Outlook and Lotus Notes.

原因
The VSE 8.x Access Protection feature allows you to block specific ports. Although standard exclusions are set, you must manually revise these rules according to your environment.
解決方案
Manually exclude the process that is being blocked.

NOTE: Ensure you use the exact process name as found in the Access Protection log.

    Click Start, Programs, McAfee, VirusScan Console.
    Right-click Access Protection and select Properties.
    Click the Access Protection tab.
    Under Categories on the left, select Anti-virus Standard Protection.
    In the right pane, select Prevent mass mailing worms from sending mail, then click Edit.
    In the Processes to exclude section, type the process name, then click OK to close the Rule details window.
    Click Apply then close the Access Protection Properties window.

IMPORTANT: Disabling any protection or excluding processes carries inherent risks. Disabling Prevent mass mailing worms from sending email altogether would pose substantial risks to the security of your system(s). Intel Security strongly recommends that you exclude only the minimum number of known and necessary processes.
相關資訊
See also:

    For a list of default exclusions for Port Blocking in VirusScan 8.x, see KB65718. This article also contains a list of processes that can be safely added to the port 25 blocking rule exclusions.
    For an explanation of registry acronyms for VirusScan Enterprise Access Protection rules, see KB72432.
    To review a Whitepaper explaining Access Protection, see PD20870.

ref: https://kc.mcafee.com/corporate/index?page=content&id=KB50707

Default exclusions for Port Blocking in VirusScan 8.x


Default exclusions for Port Blocking in VirusScan 8.x
技術文章 ID:  KB65718
上次修改:  8/4/2015
已評分:

環境
McAfee VirusScan Enterprise 8.x
摘要
The Access Protection feature in McAfee VirusScan 8.x allows specific ports to be blocked. Based on your environment, certain processes might have to be excluded to allow third-party applications to function properly when Port Blocking is enabled. The table below lists the processes that are excluded by default in the various versions of VirusScan Enterprise (VSE) 8.x:
  VSE 8.5i VSE 8.7i VSE 8.8 Comment
agent.exe           * * *
amgrsrvc.exe * * *
apache.exe * * *
ebs.exe * * *
eudora.exe * * *
explorer.exe * * *
firefox.exe * * *
firesvc.exe * * *
iexplore.exe * * *
inetinfo.exe * * *
mailscan.exe * * * Used by WebShield SMTP (EOL).
MAPISP32.exe * * *
mdaemon.exe                 * *
modulewrapper * * *
mozilla.exe * * *
msexcimc.exe * * *
msimn.exe * * *
mskdetct.exe * * *
msksrvr.exe * * *
msn6.exe * * *
msnmsgr.exe * * *
neo20.exe * * *
netscp.exe * * *
nlnotes.exe * * *
nrouter.exe * * *
nsmtp.exe * * *
ntaskldr.exe * * *
opera.exe * * *
outlook.exe * * *
Owstimer.exe   * *
pine.exe * * *
poco.exe * * *
resrcmon.exe * * * Used by Exchange in cluster environments.
rpcserv.exe * * * Used by McAfee products.
SPSNotific   * *
thebat.exe * * *
thunde*.exe * * *
tomcat.exe * * *
tomcat5.exe * * *
tomcat5w.exe * * *
vmimb.exe * * *
webproxy.exe * * *
WinMail.exe   * *
winpm-32.exe * * *
worldclient.exe   * *
wspsrv.exe   * *

In addition to the files listed above, you can manually specify processes to be blocked. Additional processes that can be excluded if applicable are listed in the table below:
Additional Processes to exclude Associated Software
32be.exe Electrasoft 32-bit Email Broadcaster
Foundscan.exe McAfee Foundstone
W3wp.exe Microsoft II6
IMApp.exe Incredimail
Java.exe Allows McAfee IntruShield Manager to send alerts
ActEmail.exe Sage ACT 2005


解決方案

To manually add exclusions to VirusScan Access Protection rules:

    Click Start, Programs, McAfee, VirusScan Console.
    Double-click Access Protection.
    Select Prevent mass mailing worms from sending mail and click Edit.
    Add the appropriate process name to the list of Excluded Processes.
    Click OK and then OK again to close the Access Protection Properties window.

IMPORTANT: Disabling any protection or excluding processes carries inherent risks and disabling Prevent mass mailing worms from sending email altogether poses substantial risks to the security of your system(s). Intel Security strongly recommends that only specific, known and necessary processes be excluded.

ref: https://kc.mcafee.com/corporate/index?page=content&id=KB65718

2016年2月1日星期一

串流影視當前,三種盈利模式

目前的線上影音平台,盈利方法不外乎三種模式:SVOD、AVOD、TVOD。瞭解這三個名詞,就可以明白背後的生意模式。


SVOD = Subscription VOD

SVOD就是如Netflix這一類的服務,依靠訂閱收費來賺錢,這種平台上沒有廣告,依照會員的會費來盈利。而由於是訂閱制,這種模式主要是以包月吃到飽為主。

TVOD = Transactional VOD

TVOD與SVOD是相反的觀念,SVOD是付費吃到飽,但是TVOD則是你依照量來計價,比方說看一片付多少錢,或是看多少流量的內容,支付多少費用。比方說你到Google Play或是iTunes上面租片來看,就算是這種例子。

AVOD = Advertising VOD

AVOD則是你可以免費觀看內容,但是你在觀看之前必須要先點選廣告,或是強制你先看一段廣告。這種例子最常見,像是Youtube就是這樣,幾乎所有免費的影音網站,都會採用AVOD的模式。

除了以上三種模式外,也有的影音網站採用混合式。比方說LiTV就有分免費版以及付費版,免費版的話就是AVOD,你要看廣告才能再看下去。或是你不想看廣告,那就採用付費版。

ref: http://www.techbang.com/posts/41139-yahoo-kimo-television-ecosystem-expansion-opened-spring-festival-will-have-picks-list-eight-tribes-hd-edition-for-free

2014年2月4日星期二

Resize a layer in Photoshop

Article ID: KB101739
  1. Select the layer
  2. Type Ctrl-T to transform
  3. Drag on corner handles (hold Shift button to constrain proportions)
  4. Double-click inside to commit
Watch a short video by clicking the Launch Movie button.