Mac OS X – WARNING: UNPROTECTED PRIVATE KEY FILE!: “Permissions 0755 for ‘id_rsa.pub’ are too open.”

When i transfer my private key file to my new Mac OS X, i got an error message below:-

If you are getting this error then you probably reset the permissions on your hidden .ssh directory in your user folder.

So, the solution for this is, make that file(id_rsa) readable or writable only for the owner with private key. Below is the command

sudo chmod 600 ~/.ssh/id_rsa

After change the permission, my problem is solved.

 

Security Vulnerability – Meltdown & Spectre

The most recently critical vulnerabilities that called Meltdown and Spectre which will disclose information from operating system that caused by a fundamental design flaw in Intel’s processors.

Google Project Zero has disclosed this the Vulnerability Note (VU#584653). Click HERE to read it.

Question: Are we affected by this Vulnerability?

Answer: Mostly likely yes:

  • The chip vendors Intel, AMD and ARM are affected.
  • Windows, Linux (Android included) and macOS are affected
  • Cloud service vendors such as AWS and AliCloud are affected

To make sure yourself safe from this vulnerability, please keep updated on the newly released patches and apply them when available.

Patching this vulnerability is more difficult than usual: It happens on hardware level, affects multiple platforms, including varies version of mobile and IoT devices.

Some of the big vendors are already giving feedback about their patching status:

  • VMware: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
  • AMD: https://www.amd.com/en/corporate/speculative-execution
  • Red Hat: https://access.redhat.com/security/vulnerabilities/speculativeexecution
  • Nvidia: https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/
  • Xen: https://xenbits.xen.org/xsa/advisory-254.html
  • ARM: https://developer.arm.com/support/security-update
  • Amazon: https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
  • Mozilla: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

If you wish to learn more about this vulnerability, please refer to the following link:

https://meltdownattack.com/

https://social.technet.microsoft.com/wiki/contents/articles/51021.mitgations-for-speculative-execution-side-channel-vulnerabilities-meltdown-spectre.aspx

https://support.microsoft.com/en-gb/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

 

Thunderbird Incoming email issue : mail server not responsed: Message corrupted

 

I facing issue that my Thunderbird failed sync exchange email to my Thunderbird mail client.I’m getting the following error:-

The RETR command did not succeed. Error retrieving a message. Mail server mailserver.com.my responded: Message corrupted

From the above error already indicates an error on the server and not in Thunderbird. There is a corrupted email in email inbox.

To solve this issue, first you have to logon to webmail and check all the email to find out any abnormal email and remove it. If you not sure which email is corrupted email, you just empty you webmail inbox. Once done, you try to re-sync or re-download email from your Thunderbird. Latest email should be able to come in without any issue.