Archive for November, 2014

Important: PayPal Users Must Discontinue Using SSL 3.0 By December 3, 2014

Friday, November 21st, 2014

This message has recently been coming up with web sites that talk to PayPal for processing of funds. But what is it from and how to fix it ?

There has been a recent flaw found in the SSLv3 protocol, which is how some SSL (secure) certificates talk to each other across the net, esentially allowing third parties to capture the traffic and read it (thus making the encryption useless). This fault has been called POODLE (Padding Oracle On Downgraded Legacy Encryption). And it spells the end to SSLv3 as an option. TLS is now the preferred way to have SSL talk to across the net.

Looking at some of our Apache web servers, SSLv2 is off by default. So how do we make SSLv3 not be an option as well ? Its just a matter of editing the ssl.conf file (normally in /etc/httpd/conf.d folder). Look for the following line (the - removes the option, + enables the option):

SSLProtocol -SSLv2

and simply add in SSLv3

SSLProtocol -SSLv2 -SSLv3

or an even more secure way is to block all methods, and just select the ones you DO want:

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Then just do a restart of the httpd service and it should be job done. To test your website for being safe from POODLE/SSLv3 use this page

https://www.tinfoilsecurity.com/poodle

You want the green tick !

James

Microsoft Phone Scam – the saga continues

Wednesday, November 12th, 2014

On our facebook page (facebook.com/ezylinkit) I recently posted on the Telstra and Microsoft scam that continues unabated – where people get a random call from someone pretending to be from Microsoft (or Telstra as has also been the case here in AU) and they get the user to give them remote access into their PC, at which point they open up some logs and prove that there is an issue (with bogus claims over what is in the logs). From there they install a pile of junk software, including often remote access and keylogging software, charge the customer AND also take money from their accounts. All very insidious.
We had a recent customer repair that had a new item they had thrown in. The dodgy brothers had setup a Windows Startup Password on the PC, so when it was rebooted it came up asking for a boot password to get into windows – which comes up BEFORE the normal windows login.
startup passwordSo I did some hunting on the net, and there was many comments about doing a restore of your registry, or going back to a last good system state, or recovering the last backed up registry. Yes these would all work – but we are dealing with morons here! So how about try some stupidly simple passwords first. password, admin, loser (ok thats one is not likely), abc, 12345, 1234, 123… BINGO it was 123. Yes they are that sad. I found some other reports on the web about some people who guessed numbers and so it seems that this is what they do. And since they have to change shifts between morons for the 24/7 scam Im sure they need to keep it simple.
So what is the “Startup Password” ? In simple terms it is a way to protect your registry account file so that it cant be hacked. It is a not often used feature so I thought Id list how it is used (and how to remove the password – since now that I was in to windows the customer of course doesn’t want to see that every boot !)
From within windows you access the Startup Password feature via “syskey”. Just run that from any command prompt or run box. Its actually called the SAM Lock Tool. When you run it you can encrypt your SAM (part of the registry), and set a password to it. So lets get in and reverse the damage ! Note you cant unencrypt the SAM, but you can remove the password requirement on boot.

Step1.
Click Update within syskey

syskey2
Step2.
Click OK. This will then ask you for the old password (123 in my case) and a new one (leave it blank)
syskey3
Step3
. Reboot the computer. At the Windows Startup Password screen, just hit enter to get past it. Then back in windows run syskey again, go to Update, then click on the bottom option for System Generated Password
syskey4
Choose Store “Startup Key Locally” then choose OK. This will then save the (blank) password to the system, and no longer show up a password box on boot. Tick one for the good guys. Now to just meet one of these scammers in a dark alley with a baseball bat…

James Joyce CCIE MCSE