windows – Dumping certificates from Trusted Root Certification Authorities

When certificates are installed into a local machine’s certificate store via group policy, and the key indicates it has a private key included.

enter image description here

I am concerned that the private key has been unintentionally distributed, and an malicious user could obtain the key, start a webserver using the key, and conduct an attack.

The export process does not allow export. Is it possible to export that key using an api or command line tool?

A certificate with private

MySQL SSL Gives Warnings about big name Certificate Authorities

I have been able to setup my MySQL to use LetsEncrypt certificates with the steps below, unfortunately it is issuing warnings about official certs being self-signed (like from DigiCert, Comodo, etc…), so I wonder if there’s something missing from the configuration. anyways, here’s my ssl configuration:

(mysqld)
require_secure_transport = on
mysqlx = 0
ssl_capath  = /etc/ssl/certs
ssl_ca      = /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
ssl_cert    = /etc/mysql/cert.pem
ssl_key     = /etc/mysql/privkey.pem
ssl_cipher  = DHE-RSA-AES256-GCM-SHA384
tls_version = TLSv1.2

the problem

Everything in the ssl_capath comes up as a warning in the startup log (im doing tail -f /var/log/mysql/error.log):

YYYY-MM-DDTHH:mm:ss.SSSSSZ 0 (Warning) (MY-010068) (Server) CA certificate /etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem is self signed.
YYYY-MM-DDTHH:mm:ss.SSSSSZ 0 (Warning) (MY-010068) (Server) CA certificate /etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem is self signed.
...

background

the ssl_ca file is from doing wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem

the ssl_cert is from getting my LE live subfolder cert.pem file, same with the ssl_key (from LE’s privkey.pem). I’ve also restricted cipher and TLS version, but that’s probably not it.

To verify that everything is indeed working correctly, I have added the following to my client configuration (locally, not on that server):

(mysql)
ssl_capath = /etc/ssl/certs

and this session output:

user@localhost:~$ mysql --ssl-mode=VERIFY_IDENTITY -h mydomain.mytld -u remote -p -e "show variables like '%ssl%'; show session status like '%cipher%';"
+-------------------------------------+-------------------------------------------------+
| Variable_name                       | Value                                           |
+-------------------------------------+-------------------------------------------------+
| admin_ssl_ca                        |                                                 |
| admin_ssl_capath                    |                                                 |
| admin_ssl_cert                      |                                                 |
| admin_ssl_cipher                    |                                                 |
| admin_ssl_crl                       |                                                 |
| admin_ssl_crlpath                   |                                                 |
| admin_ssl_key                       |                                                 |
| have_openssl                        | YES                                             |
| have_ssl                            | YES                                             |
| performance_schema_show_processlist | OFF                                             |
| ssl_ca                              | /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem |
| ssl_capath                          | /etc/ssl/certs                                  |
| ssl_cert                            | /etc/mysql/cert.pem                             |
| ssl_cipher                          | DHE-RSA-AES256-GCM-SHA384                       |
| ssl_crl                             |                                                 |
| ssl_crlpath                         |                                                 |
| ssl_fips_mode                       | OFF                                             |
| ssl_key                             | /etc/mysql/privkey.pem                          |
+-------------------------------------+-------------------------------------------------+
+--------------------------+------------------------------------------------------------------------------------------------------+
| Variable_name            | Value                                                                                                |
+--------------------------+------------------------------------------------------------------------------------------------------+
| Current_tls_cipher       | DHE-RSA-AES256-GCM-SHA384                                                                            |
| Current_tls_ciphersuites |                                                                                                      |
| Ssl_cipher               | DHE-RSA-AES256-GCM-SHA384                                                                            |
| Ssl_cipher_list          | TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384 |
+--------------------------+------------------------------------------------------------------------------------------------------+

usa – Do US or Mexican authorities impose any sanction if a US LPR comes back from Mexico to the US after traveling to Mexico for non-essential reason?

I am not sure what exactly that article means by “crackdown” either. It is clearly talking about US authorities and not Mexican authorities. Some other news articles (such as this LA Times article) have said that non-essential travelers are sent to secondary inspection, so perhaps the “sanction” is the inconvenience of going to secondary:

Nonessential travelers, such as those going to visit family or the
beach or to shop, are now being referred to secondary inspection areas
for additional questions, Customs officials said. Border officers will
also “provide such travelers with educational material in the form of
the Centers for Disease Control and Prevention Travelers Health
Advisory Notice to ensure effective understanding of travel
restrictions.”

It’s kind of weird that they are talking about US citizens or LPRs returning to the US after non-essential travel, since the regulation on entry restrictions on the US-Mexico land border specifically defines US citizens or LPRs returning to the US as essential travel:

“essential travel,” which includes, but is not limited to—

  • U.S. citizens and lawful permanent residents returning to the United States;

which your article also alludes to, by saying that US citizens and LPRs cannot be denied entry under the ban. But if it’s not the ban, then I don’t know what other US law or regulation a US citizen or LPR going to Mexico for tourism and then returning to the US would be running afoul of. By talking about a “crackdown”, the articles seem to imply that CBP views such travel to be somehow “wrong”, but I can’t find anything official that says it is wrong (with respect to US law).

$25 Million Crypto Coin Ponzi Scheme Exposed by US Authorities – Forex News & Analysis

 

The US Securities and Exchange Commission frozen the assets of one Jose Arman, founder of Argyle Coin, and has charged him with fraud. According to the agency, the company, which is based in Florida, has been running a Ponzi scheme. It has allegedly misappropriated 10 million USD that the abovementioned individual has used for his personal expenses, as well as paying investors in other companies owned by him. He would ensure future investors in Argyle Coin that their money would remain available and would promise them an increase of revenue if they invested more.

The company behind the scam was founded with the supposed purpose of developing a Blockchain platform for trading diamonds and precious metals and the value of the coin would be guaranteed by diamonds worth over 25 million USD, rather unheard of in the industry.

Investigation against the company started back in May 2019 .

Source

This was a typical Ponzi scheme but sadly people don’t seem how to recognize the red flags indicating such a scam.

eu – How can I convince the authorities that I am eligible for a permanent residency in Czech Republic?

I came in Czech Republic in October 2016 as a PhD student/researcher. I have signed a contract with the university, and my insurance is fully covered since the day I started working. My visa was of type 23V.

Last year, in 2019, I have signed a full-time contract with the same conditions, and now my visa is of type 25V.

By law, I can obtain a permanent residence (10-year multi-entry visa) if I live in Czech Republic for five straight years. Only thing is, if I stay here as a student, the period is halved. So, the firts three years I’ve been here counts as 1.5 years, and this year makes it only 2.5. Next year, although I will be completed my fifth year here, it counts only as three and a half years.

I am fully aware that there is no way for me to obtain a permanent residence considering my types of visas so far.

However

  1. My insurance was covered by the state (or indirectly, by a state university).
  2. I actively paid my taxes and was employed legally during the time.
  3. Only thing that separated me from a full-time employee was the weekly hours stated in my contract.

All these considered, I believe that somehow, even though the law states otherwise, I can convince the authorities that I am eligible to obtain a permanent residency by walking them through the reasons which make me practically a person who worked here.

Is there any way that a lawyer can help me to build my case and claim the residence, or is this a hopeless situation?

international travel – Are temporary accommodations where non-resident foreigners carry out their Obligatory Preventive Isolation designated by the Ecuador authorities?

I read on https://www.aviacioncivil.gob.ec/que-debemos-saber-antes-durante-y-despues-de-un-viaje-en-tiempos-de-covid-19/ (mirror) (translated to English by Google):

Travelers will be asked for a negative result of a PCR test, performed up to 7 days before the trip. In the event that the PCR test cannot be performed in the country of origin, the passenger, upon arrival in Ecuador, will undergo the test to detect SARS-CoV-2.

Non-resident foreigners will carry out their APO (Obligatory Preventive Isolation) in temporary accommodation.

Are temporary accommodations where non-resident foreigners carry out their APO (Obligatory Preventive Isolation) designated by the Ecuadorian authorities, or can the non-resident foreigners choose them themselves (e.g., renting Airbnb)?

united kingdom – Want to state to the authorities there is no intention to make UK a de facto home

I have tried but am unable to find out the rules for visitors to a foreign country.

If I study for a 6 year MBBS (medical) course at a University in the United Kingdom, and consider my parents wish to visit me every 6 months till I finish my degree.

Now, as you might be knowing, the UK allows visitors up to a maximum of 6 months at a time/every 12 months. There is also a point they mention that visitors should have a genuine intention to return to their home country after their trip to the UK. Also, there are 2, 5 and 10 year multiple entry visas as well (the long-term Standard Visitor visa), but again, 6 months at a time/every 12 months.

If visitors stay every 6 months of a year to visit the UK and apparently make UK their de facto “home”, they could potentially be taken very seriously. Visitors must not intend to use this to make UK their de facto home.

My question is whether the UK permits parents of students studying in the UK to accompany them for 6 months a year (that is the maximum limit allowed for visitors) till they finish their degree (in this case, a 6 year long Bachelor of Medicine, Bachelor of Surgery (MBBS) degree)? The parents do not intend to game the system and make UK their de facto home (though it might seem so for the duration of those 6 years). Instead, they just plan 6 month trips to the UK every year till their child finishes the degree. Their intention isn’t to make UK their home.

Can the UK ban my parents from coming to the UK if they notice a regular pattern of coming to the UK every year (and utilizing the entire 6 months duration every time they come)? Is there anything out there (like a declaration statement or so) where my parents can state that they do not wish to live in the UK permanently, and this pattern is merely temporary until I finish my 6 year degree? The reasons they will use the full 6 months limit are humanitarian and affectionate. They just want to be with me as much as they can. No intention to game the system or unlawfully invade UK’s spaces. Can they explain this to the relevant authorities beforehand so that they are not banned from coming to the UK in the middle of my degree?

Thank you and kindest regards.

air travel – On what basis do the Greek authorities decide how long a passenger entering Greece will stay in quarantine?

https://gr.usembassy.gov/covid-19-information/ (mirror):

On July 9, the Greek Ministry of Foreign Affairs posted procedures for international arrivals. See the airport website for additional details. If you are tested for COVID-19, you are permitted to travel to your final destination where you must self quarantine for 24 hours. If positive, you will be notified and quarantined for 14 days. If negative, you will not be notified, and there are no additional quarantine restrictions.

The Athens International Airport (ATH)’s website has indeed more information:

Are quarantine restrictions applied for the arriving passengers?

Depending on their QR code/confirmation, visitors will be subject to
test upon arrival. Upon being tested, the visitor is free to move to
the final destination. The test results are expected to become
available within 24 hours. During that time, passengers who are tested
are advised to practice social distancing according to local
guidelines and self-monitoring for symptoms that could indicate
COVID-19.
In case of such symptoms, medical advice and/or contact with
the National Public Health Organization (EODY) Operations Centre
should be immediately sought.

Only in case they test positive, the authorities will contact them and
proceed with the health protocol in place
. The procedure of a 24-hour
stay at a dedicated hotel, under Greek State supervision, is no longer
valid.

For further information or questions regarding the procedure, you may
contact the General Secretariat of Civil Protection at 0030
2103359002-3 or email at kepp@gscp.gr.

In case you need to contact the National Public Health Organization
(EODY) Operations Centre, you may call (0030) 210 5212054 or e-mail at
kepix@eody.gov.gr

One can also contact ATH airport via https://www.aia.gr/traveler/contact/

thailand – How can I report taxi drivers who refuse to use the meter at Bangkok’s Suvarnabhumi airport (BKK) to the Thai airport authorities?

I read on https://www.bangkokairportonline.com/bangkok-airport-public-taxi-service/ (mirror):

Bangkok Airport Public Taxi Service:

  • Public taxi stand is located on Level 1 (Ground Level).
  • Contact Taxi counter, Level 1 – Ground Level, near entrances 3, 4, 7 and 8.
  • Receive a ticket from a taxi queue machine, proceed to the lane number printed on your ticket.
  • Taxi fare: metered taxi fare plus 50 Baht airport surcharge, and expressway fees.
  • Public taxis serving Bangkok’s Suvarnabhumi airport must be less than 5 years old.
  • Public taxi drivers must be certified by Airports of Thailand.
  • Passenger drop off at Departures (level 4 – outer curb).

Therefore I assume one could report taxi drivers who refuse to use the meter to the Bangkok’s airport authorities, since “public taxi drivers must be certified by Airports of Thailand”. But I haven’t found any information on that. E.g., can I find some airport employees directly at the airport to make the report, and show them a video of the taxi driver refusing to use the meter or directly bring them to the taxi to talk to the taxi driver? Or do the airport authorities have a dedicated phone line or online contact medium (form/email/etc.)?

I found https://www.richardbarrow.com/2012/09/how-to-report-a-taxi-in-bangkok/step (mirror):

Since the 1st September 2012, the police have been cracking down on taxi drivers refusing to pick up passengers. In the past they would have just received a warning, but starting this month, refusing to pick up passengers is now 1 of 13 traffic violations that will get a driver an immediate fine (see here). If this happens to you, you can contact the Land Transport Department Hotline on 1584. You need to make a note of the license plate (see above picture) and the time and place of the incident. They also suggest taking a picture but I would advise caution doing this. Taxi drivers have been known to attack passengers for doing this. An alternative number is 1197 which is the hotline for traffic police.

but I’d prefer to contact the airport authorities, so that they can revise which public taxi drivers are certified by Airports of Thailand.

How did U.S. airport authorities allow the Sunny Leone family to reach the U.S. during the COVID-19 lockdown?

How did U.S. airport authorities allow the Sunny Leone family to reach the U.S. during the COVID-19 lockdown?

Source