Letsencrypt.org is a new project that offers free TLS certificates to allow people to encrypt their traffic.

The project is in a limited beta so I decided that a good test would be to install one of their certificates on to a Nessus scanner I host in AWS.

The install wasn’t complicated and only took about 15 minutes and 9 commands:
cd ~
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
sudo service nessusd stop
sudo cp -i /etc/letsencrypt/live/scan.jerrygamblin.com/fullchain.pem /opt/nessus/com/nessus/CA/servercert.pem
sudo cp -i /etc/letsencrypt/live/scan.jerrygamblin.com/privkey.pem /opt/nessus/var/nessus/CA/serverkey.pem
sudo cp -i /etc/letsencrypt/live/scan.jerrygamblin.com/chain.pem /opt/nessus/com/nessus/CA/cacert.pem
sudo service nessusd start

Now my padlock is green and my traffic is secure:

I wrote nocommonsssids to quickly remove the top ssids (from wigle.net) from the preferred network list in OSX so that it does not auto connect to them. 

Running this will help stop you from being caught by an EvilAP attack along the line of the Mana Common demo I put together earlier this month.  You should also run a VPN anytime you connect to a public wireless network. 

I had the opportunity to speak at a “micro- conference” yesterday for the Midwest Cyber Security Alliance with the state auditor Nicole Galloway

I wanted to use this opportunity to make a bold statement since I knew there would be influential people in the audience who wanted to listen Nicole talk about her new cyber security auditing initiative. 

I wrote Mana-Common that builds on Dominic White’s amazing Mana project.

My project used in conjunction with a Ralink 5370 Chipset USB Wireless Card broadcasts 7 of the most popular SSID’s according to wigle.net.  Protip: It is easily modified to target smaller audiences who may have saved corporate SSIDs on their devices. 

Here is a demo of the terminal output:

Mana Demo  

Here is a screenshot of my iPhone picking up the networks:


If you have any questions please reach out to me on twitter @jgamblin.