Re: New SSL vulnerability #FREAK

2015-03-09 Thread ilya musayev
t from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: "Erik Weber" To: "dev" Sent: Monday, 9 March, 2015 09:34:08 Subject: Re: New SSL vulnerability #FREAK On Mon, Mar 9, 2015 at 9:59 AM, Nux! wrote: BTW, the command I

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Rohit Yadav
rom: "Erik Weber" To: "dev" Sent: Monday, 9 March, 2015 09:34:08 Subject: Re: New SSL vulnerability #FREAK On Mon, Mar 9, 2015 at 9:59 AM, Nux! wrote: BTW, the command I used is: nmap --script ssl-enum-ciphers $HOST I'm not entirely sure which cipher is good or not.

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Nux!
ginal Message - > From: "Erik Weber" > To: "dev" > Sent: Monday, 9 March, 2015 09:34:08 > Subject: Re: New SSL vulnerability #FREAK > On Mon, Mar 9, 2015 at 9:59 AM, Nux! wrote: > >> BTW, the command I used is: >> >> nmap --script ssl-e

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Erik Weber
On Mon, Mar 9, 2015 at 9:59 AM, Nux! wrote: > BTW, the command I used is: > > nmap --script ssl-enum-ciphers $HOST > > I'm not entirely sure which cipher is good or not. > Anyone with EXPORT in it is bad (in the FREAK case). This is a scan of my 4.3.2 systemvm with nmap: | ssl-enum-ciphers: |

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Nux!
t: Monday, 9 March, 2015 08:58:05 > Subject: Re: New SSL vulnerability #FREAK > For further info, the tool that Erik used does not seem to give correct > results > and they recommend using nmap instead. > > Scanning my own CPVM returns this (4.4.1). I'll try to have a

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Nux!
Nux! www.nux.ro - Original Message - > From: "Rohit Yadav" > To: dev@cloudstack.apache.org > Sent: Monday, 9 March, 2015 07:35:22 > Subject: Re: New SSL vulnerability #FREAK > Hi, > > Anyone wants to share how we should fix it for CPVM? > > On Wednesda

Re: New SSL vulnerability #FREAK

2015-03-09 Thread Rohit Yadav
Hi, Anyone wants to share how we should fix it for CPVM? On Wednesday 04 March 2015 05:34 PM, Erik Weber wrote: You are right Rohit. I tested our CPVM running the same system vm template, and it exposes the following ciphers: Testing EXP-EDH-RSA-DES-CBC-SHA...YES Testing EXP-EDH-DSS-DES-CBC-S

Re: New SSL vulnerability #FREAK

2015-03-04 Thread Rohit Yadav
Thanks for checking Erik, I'll check it again tomorrow and put in a fix if necessary. On Wednesday 04 March 2015 05:34 PM, Erik Weber wrote: You are right Rohit. I tested our CPVM running the same system vm template, and it exposes the following ciphers: Testing EXP-EDH-RSA-DES-CBC-SHA...YES T

Re: New SSL vulnerability #FREAK

2015-03-04 Thread Erik Weber
You are right Rohit. I tested our CPVM running the same system vm template, and it exposes the following ciphers: Testing EXP-EDH-RSA-DES-CBC-SHA...YES Testing EXP-EDH-DSS-DES-CBC-SHA...NO (ssl handshake failure) Testing EXP-ADH-DES-CBC-SHA...NO (ssl handshake failure) Testing EXP-DES-CBC-SHA...Y

Re: New SSL vulnerability #FREAK

2015-03-04 Thread Rohit Yadav
Thanks for checking Erik, I think we should also check console proxy as it serves on HTTP/S as well. On Wednesday 04 March 2015 12:27 PM, Erik Weber wrote: On Wed, Mar 4, 2015 at 2:21 AM, Nux! wrote: https://freakattack.com/ That time of the month again. Secure your stuff, folks. Tried ag

Re: New SSL vulnerability #FREAK

2015-03-03 Thread John Kinsella
Thanks for confirmation, Eric Pardon any typos - sent from mobile device Stratosec o: 415.315.9385 @johnlkinsella On Mar 3, 2015, at 10:59 PM, Erik Weber mailto:terbol...@gmail.com>> wrote: On Wed, Mar 4, 2015 at 2:21 AM, Nux! mailto:n...@

Re: New SSL vulnerability #FREAK

2015-03-03 Thread John Kinsella
Pardon any typos - sent from mobile device Stratosec - Compliance as a Service o: 415.315.9385 @johnlkinsella On Mar 3, 2015, at 10:59 PM, Erik Weber mailto:terbol...@gmail.com>> wrote: On Wed, Mar 4, 2015 at 2:21 AM, Nux! mailto:n...@li.

Re: New SSL vulnerability #FREAK

2015-03-03 Thread Erik Weber
On Wed, Mar 4, 2015 at 2:21 AM, Nux! wrote: > https://freakattack.com/ > > That time of the month again. Secure your stuff, folks. > > Tried against the SSVM on a CCP 4.3.2 installation, with updated system vm template (think it was Beast or shellshock). Does not export the mentioned ciphers. --

Re: New SSL vulnerability #FREAK

2015-03-03 Thread John Kinsella
I don't *think* ACS is vulnerable, but haven't gotten a chance to confirm that yet. Excuse any typos - sent from mobile device > On Mar 3, 2015, at 17:23, Nux! wrote: > > https://freakattack.com/ > > That time of the month again. Secure your stuff, folks. > > -- > Sent from the Delta quadra

New SSL vulnerability #FREAK

2015-03-03 Thread Nux!
https://freakattack.com/ That time of the month again. Secure your stuff, folks. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro