Microsoft KB 187498 describes the registry values that can be used to disable various security protocols. Disabling SSLv2 is as easy as
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /V Enabled /t REG_DWORD /d 0
This does require a reboot to put into affect.
In my discussion and demo at the IT-Discuss Live – Security event in May, I used a short slide deck to describe—in broad terms—how PGP Whole Disk Encryption works. This laid the foundation for working through some common-ish support scenarios.
Having received several requests for a copy of the slides, here they are, in both PowerPoint (.pptx) and PDF formats.
I’ve received several phishing attempts, recently, this time masquerading as mail from Twitter. I thought I’d share how I recognized this as an attack. Many list members already know this stuff, but I thought I’d share since we still see folks responding to these kinds of attacks.
1. Unexpected
Before I even looked at the content of the message, I was suspicious because I don’t have any twitter stuff associated with my UVM email. I could have deleted the message then and, if I was using twitter, logged into my twitter account directly to see if something was going on.
But I wondered how the message was crafted, so I opened it with awareness.
2. False link
A false link is shows a web address in the message, but the link that is attached to it is different. Below, my mail program shows that the link will actually send me to pachitanglangbarcelona.com.
When the recent SMB 2.0 vulnerability was announced, there was some discussion on the Toasters mailing list about whether Data ONTAP was affected. Val Bercovici from NetApp responded that Data ONTAP was not affected by this issue.
Today, I discovered that to enable the filer snapshots to be visible within the Previous Versions facility within Windows 7 (or Server 2008 R2), I needed to enable SMB 2.0. I spent some time search on NetApp’s support site for some assurance that the SMB issue didn’t affect ONTAP, but didn’t find anything.
So I sent Mr. Bercovici an email asking if there was a more official statement about ONTAP and SMB 2.0, and he very kindly looked sent me a link to the Windows File Services (CIFS) Compatibility Matrix – Microsoft Security Update Test Report. [requires NOW account]
This document rocks. It lists the Microsoft Security updates, by month, and the result of NetApp’s testing. Exactly what I was looking for. Thanks, Val.
Using Process Explorer to view process integrity levels
A friend asked me how to open a Control Panel applet As Administrator. In Windows Vista, when you see a little shield icon as part of a button or shortcut, that would indicate that you would get prompted by the User Account Control (UAC) facility to elevate the process Integrity Level, that is, to run it as an administrator with full rights to muck with the system.
In Windows 7, the frequency of UAC prompts has been reduced. You will still see the shield icon, but sometimes there’s no UAC prompt.
You can use Microsoft SysInternals Process Explorer tool to view the integrity levels of running processes. On campus, you can run the tool from \\files\software\utilities\sysinternals\procexp.exe. Once you’ve started Process Explorer, there are two things you’ll want to do:
Fixed permissions early (6 am) successfully with NetApp fsecurity command. That and the secedit tool made it quick work.
Did a little Russinovich-guided analysis of a minidump file created by EMC Networker.
Did some more work on UVM::AD module.
A number of other accumulated general administration tasks.
Wrote this perl one-liner to find the volume that contains a user’s homedir:
Z:\>perl -e"foreach (1..5) { $dir=qq{uvol_t1_$_\$}; print $dir, qq{\n} if ( -d '\\\\files\\' . $dir . '\\q-home\\g\\gduke'); }
might be worth turning that into a more robust command and turning it into an exe.
Horror! It appears that I forgot my laptop’s power supply at work. A wrinkle in the work-from-home-during-teacher-conference-early-release-days plan. [/sigh]
Home directory permissions issues.
Found: How to display the security permissions of a file from the filer which mentions the fsecurity command. Also found the white paper Bulk Security Quick Start Guide. Information about the Security Descriptor Definition Language SDDL at MSDN. From a comment on that page, I found Mark Minasi’s newsletter describing the SDDL syntax.
After poking at a few things with SubInACL.exe, I used the secedit utility from NetApp to create a security job file.
I created a new file, added a location”/vol/testvol”, then added the BUILTIN\Administrator user with Full Control. This generated a file containing the following:
cb56f6f4
1,0,"/vol/testvol",0,"D:(A;CIOI;0x1200a9;;;Everyone)(A;CIOI;0x1f01ff;;;builtin\administrators)"
The instruction are specific that you can’t remove the “Everyone” ACE, which is exactly what I wanted to do. So I edited the generated text file to remove that ACE, resulting in the following:
cb56f6f4
1,0,"/vol/testvol",0,"D:(A;CIOI;0x1f01ff;;;BUILTIN\Administrators)"
The command fsecurity apply /vol/path/to/file appears to have corrected the permissions just fine. I edited the file’s location to another affect volume and that worked as well.
I finally found some info about getting current verions of WordPress to use SSL for Logins and wp-admin. I have enabled the settings on both my blogs, and it appears to be working OK. I have been using Windows Live Writer to post entries, and it’s been working very well. We’ll see what happens if I change the blog URL to use SSL. :/