How can I validate the authenticity of SSL certificates when Blue Coat is used?

I work for a large corporation that uses Blue Coat as the proxy server. This causes the proxy server to intercept all SSL traffic, then reissues a new certificate to browser from the server itself.

The problem I’m facing is that whenever developer tools download resources via SSL, every certificate fails validation. I suspect this is caused by our Blue Coat proxy. The tools in question are pip (Python’s package manager) and npm (Node’s package manager). Lucky for me they both accept a client certificate in PEM format.

My current undesired solution is to disable SSL across the board.

What specifically do I need to ask from my IT department in order to validate third-party certificates in this instance?

PS C:dev> pip install e -v
Collecting e
  Getting page
  Starting new HTTPS connection (1):
  Could not fetch URL connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certific
verify failed (_ssl.c:600) - skipping
  1 location(s) to search for versions of e:
  Getting page
  Starting new HTTPS connection (2):
  Could not fetch URL connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certific
verify failed (_ssl.c:600) - skipping
  Could not find a version that satisfies the requirement e (from versions: )
Cleaning up...
No matching distribution found for e
Exception information:
Traceback (most recent call last):
  File "", line 211, in main
    status =, args)
  File "", line 305, in run
  File "", line 705, in build
  File "", line 334, in prepare_files
    functools.partial(self._prepare_file, finder))
  File "", line 321, in _walk_req_to_install
    more_reqs = handler(req_to_install)
  File "", line 461, in _prepare_file
    req_to_install.populate_link(finder, self.upgrade)
  File "", line 250, in populate_link = finder.find_requirement(self, upgrade)
  File "", line 571, in find_requirement
    'No matching distribution found for %s' % req
pip.exceptions.DistributionNotFound: No matching distribution found for e

Protecting data on server from illegal physical access

I am running Ubuntu (14.04) server and I saw this question:

How do I reset a lost administrative password?

I wondered, because my server virtual machine is on the ESXi server, I don’t know if anybody having access to them can backup my VM and restore it somewhere and try to access the data stored.

I have no choices for moving VM to a safe server, because my agents forced me to this job.

As I do not trust people who have access to this server, I need to create a shell script and put in /etc/init.d/my_script to remove my data if unauthorized physical access is detected.

BRCM-LVG in home network

Shortly after the local cable provider upgraded our cable modem an item named BRCM-LVG appeared in the list of devices (two computers) connected to our Windows 7 homegroup. It contains a folder named “storage” that is apparently empty. Searching for “BRCM-LVG” didn’t yield much insight and the cable provider’s tech support was no help.

Because of the timing, I suspect that it is part of the cable network (whole-house DVR, internet, phone). Anyone know for sure what this is and what, if any, risk is associated with it?


Can handwritten captchas be used?

Suppose a user has just created a new account on some site. You ask him to submit an image of a para of neat handwritten text, along with a typed version of the same text. Then this is kept secret.

If some time in the future, there is a doubt as to whether a computer is accessing his account, you show him the handwritten text (one or two words) that some other user uploaded. Suppose he types correctly. He is now asked to type out one or two words from the text which he himself submitted. Only if both tests are cleared, the user is identified as human. He will have 4-5 attempts to clear test 1, but only 2 attempts to clear test 2, failing which, his account will be locked.

Is this system a fail-safe verification of human users? And does anybody use it? Why/ why not?

Youtube API security

I was playing about with youtube’s API yesterday and did some research about its security. Now.. I have a website which I would like to apply Youtube API for it and I just wonder how NON-secure is to display project’s API key? I would be using js for that and I mean there is no way I can hide it anyways as everyone who really is looking for it would be able to find via inspect element or just a source code..

Is it enought just to specify a domain name you are using this api key with so no one can use it?

If I am completely wrong please give some information regarding this question.

How can I brute force HTTPS with hydra

I’m trying to brute-force my login. Here is the code I have used to far

hydra -v -V -l XXXXXXX x- 6:6:a1 https-form-get "/user/login.php?username=^USER^&password=^PASS^:Invalid username or password"

I think the code is fine, correct me if I’m wrong. But, I continue to get this error. [VERBOSE] Couldn't create SSL session: error 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

How can I fix the errors?

Storing Bank Account information or third party services providing data store and payout service

I am going to launch a website in India which would need users bank account numbers and IFSC for me to pay some money to them. I am concerned with the security and safety in storing such information.

Is there any best way to do this? I have already read so many questions about this which talks about so many options but no one recommends the best.

Some posts talked about using third party payout processors but I couldn’t find any such service.

Can someone please suggest a good option?

When present form of verb is used instead of past or past participle form of verb?

Travis , Tammy , and Shane, from Composition 115, spring semester , were sitting together on a leather bench in the sleekly lit lobby of my apartment building. The three of them had attended the same one-room schoolhouse, and they constituted the majority of their graduating class . Shane was holding a big carton that said ” Xerox Paper ” on the side. From deep within the box came a murmurous grunting and a sharp , rhythmic pulsing, as if it contained an internal organ . Everyone walking through the lobby looked at the box.

Tammy wore her hair in a high, stiffly
sprayed froth of curls . She pushed back some strands and said, ” Miss Diana, we just wanted to thank you for how much you’ve helped us with our thesis statements this year, and correct speech and whatnot, and Travis and Shane thought of this sweet little gift. “

The sentences stated above have been chosen from the following link:

1) I think by ” you’ve helped us with our thesis statements this year, and correct speech and whatnot, and Travis and Shane thought of this
sweet little gift.” it is meant that she (Miss Diana) helped her students (Travis, Tammy and Shane) by correcting the wrong sentences written in their thesis statement. Am I right? If it is, the writer should write “corrected speech” (You have corrected speech) instead of “correct speech”. So please tell me, why it is not written.