Vulnerability in SSL 3.0 Could Allow Information Disclosure The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue. The vulnerability, which is more formally known as CVE-2014-0160, allows an attacker to read up to 64 kilobytes of memory per attack on any connected client or server. Heartbleed got its name because it is a flaw in OpenSSL’s implementation of the Heartbeat Extension for the TLS and DTLS protocols (RFC 6520). The vulnerability, which is caused by poorly-written code, was discovered on the same day by Google and Codenomicon […]
Have you ever generated your SSL CSR (certificate signing request) request on a Windows box and needed to install it on Linux afterwards?
First, you have to get the certificate and private key out of Windows,preferably in a PFX (PKCS #12) format.
In Outlook 2007 through Outlook 2010 all domain-joined Outlook clients would initially query Active Directory for AutoDiscover information and ultimately find a Service Connection Point (SCP) value that would point them to their nearest Client Access Server’s AutoDiscover virtual directory. If that failed then they would revert to using DNS like any non-domain-joined Outlook client. Non-domain-joined Computer Lookup Order: https://company.com/autodiscover/autodiscover.xml https://autodiscover.company.com/autodiscover/autodiscover.xml Local XML File http://company.com/autodiscover/autodiscover.xml (looking for a redirect website) SCP AutoDiscover Record Domain-joined Computer Lookup Order: SCP lookup HTTPS root domain query HTTPS AutoDiscover domain query HTTP redirect method SRV record query
Today I ran into IIS 7.5 SSL certificate binding error 0x80070520 after running sysprep to create a new bundled EC2 AMI. First I launched a Windows 2008 R2 instance from an official Amazon AMI, installed IIS and imported our wildcard SSL certificate to be used on future websites. Launched the ec2Config service and ran sysprep. Created a new AMI (image) of this instance, then launched a new instance based off this AMI. In IIS Manager, tried to edit the https binding of a site and got the error: A specified logon session does not exist. It may already have been terminated. (Exception […]
This is a tutorial guide on how to setup FTPS (FTP-SSL) on IIS 7.5 using host headers. Host headers allow you to run more than one FTP site on the same server sharing port 21. It should also help you to avoid the pitfalls I ended up in. If you follow the guide, you’ll probably save yourself at least an hour of time googling.
An industry wide change is coming to SSL certificates, which will affect Exchange Server and anything else using intranet names. On October 1, 2016 Certificate Authorities must mandatorily revoke all unexpired certificates with subject alternative names corresponding to internal names. The recommended way of securing Exchange Server with an SSL certificate is coming to an end. In the past, a UCC (SAN) certificate was purchased with a common name pointing to the public DNS address, and subject alternative names pointing to internal fully qualified domain names (usually with a suffix ending in .local or .int) to secure internal users. The good news […]