security | Jethro Carr

Had a wonderful wake up this morning with a call from my property manager, advising that thieves had attempted to steal my car.

Apparently a tenant called in 111 around 7am in the morning, finding my car with the lights on, engine running and door open.

Once the property manager figured out that it was my car, they called me, but after a 4am coding session, I didn’t end up waking up until around 10am.

After running down and checking it out, I made the decision to try and shutdown the car, considering that the police weren’t appearing any time soon and I didn’t want it to a) burn all my fuel and b) risk the engine overheating.

Unfortunately my car knowledge is about as good as most people’s computer knowledge – I get in, turn it on and drive, which meant I wasn’t totally sure on the correct step – I figured that removing that battery would do the trick, but wasn’t totally sure if that was the right move.

Ended up calling AA, who were pretty pathetic and told me that I can’t get any callout as “it’s a vandalism problem”, making me wonder why I even pay for them at all and offering no other assistance.

My insurance company AMI wasn’t too useful at first, saying if I needed help, they’d send a first-responder service out and charge me. A subsequent call had one of their staff confirming that disconnecting the battery would be the correct step to take.

Once disconnected, the car then stalled and thankfully stopped, although I made sure to drop it into neutral before turning off the engine (automatic).

Left running at the complex entrance, fortunately other cars could just get around it.

Ripped up dash :'(

Bye bye beautiful :-(

The weird thing about the theft, is that after going to the effort to start my car, they then stole nothing but some change and my laptop car charger, ignoring my decent car stereo and of course, the car itself.

After reviewing the camera footage, it turns out that they stole my car simply to have something to open the security gate with, whilst they drove out with a specific car that they were targetting.

I guess they really did decide my Starlet was too uncool to steal… sadly they didn’t think it was uncool enough to leave alone entirely, probably due to it’s simplicity and no alarm making it easy to steal.

Pretty rough job (but not uncommon apparently) as they butchered the drivers lock and then tore apart the dash and ripped off the light control column, leaving it in a right mess.

Took about 7 hours for police to come out, not really my greatest first impression with police involvement, but the officer & forensics person were both friendly and easy to deal with and I now have a case number with them and a case number with my insurance company to have to chase up with them on Monday.

Not sure at this stage whether it’s going to be a repair or a write off – the rest of the car is in excellent condition and it’s a great unit, but it’s only valued at $4k.

Thankfully I do have insurance… although I’m sure AMI don’t love me, seeing as I just moved my car to them only two days ago, and it’s really going to fuck my no claims bonus. :-(

With the number of servers I have internally, I have setup my own Certificate Authority and sign all my internal SSL certificates against this private CA.

This offers the useful advantage of being able to import the one CA certificate into all my devices and then being able to validate all connections to remote systems – if you run more than one or two personal servers, I’d highly recommend this approach – certificate signing takes a little bit of getting used to, but it’s a good skill to have.

As I want to access a number of systems via my Android mobile, I needed to import this CA file – the following instructions were followed with ICS release 4.0.3, however it may apply to earlier/later releases as well.

If you’ve followed most typical instructions for building your CA, you will have an PEM encoded CA certificate file in ASCII format. This is fine for import into most browsers and desktop OSes, however Android is particularly fussy with it’s input and requires a binary format only.

You can convert the CA PEM format file with the following command:

openssl x509 -inform PEM -outform DER -in CA.pem -out CA.crt

Then transfer the generated CA.crt file to the sdcard – easiest is via adb:

adb push CA.crt /sdcard/

Once done, you will be able to tell Android to install the CA file via Settings -> Security -> Credential Storage and selecting “Install from storage” and following prompts.

To verify functionality, easiest test is to access an https website signed with your CA certificate via the browser.