Archive for May, 2009

Excessive Use of Cat!

Wednesday, May 27th, 2009

Excessive Use of Cat

My virus scanner detected something as a virus, so I’m going to disable my virus scanner…

Monday, May 25th, 2009

It appears that McAfee has been detecting Spotify (some music software) as a virus and deleting it.

This happened to some users at work (as to why they have Spotify installed I have no idea; as installing software on their computers is against the acceptable usage policy – I suspect that they need reminding of this).

The attidute of my colleague, and of Henri Cook,  terrifies me; and appears to go along the lines of:

“Why is McAfee deleting my copy of spotify – how can I stop it deleting it”.

There are two ways people seem to go about this:

  1. Repeatedly try reinstalling Spotify.
  2. Disable McAfee.

Neither of these are sensible. Firstly, if McAfee has detected it as a virus once, it will do it again (and again (, and again (,…))). Secondly, if McAfee says something is a virus, it probably does so for good reason.

In this case, the Spotify detection was a false positive, and by the looks of it users have had to wait under 24 hours to get an updated set of virus definitions for their virus scanner before they are able to use Spotify again. Is it really worth exposing your system to potential virusses just so you can get access to Spotify for the short peroid of time before the virus definitions are updated?

Testing SSL Cipher Support

Monday, May 25th, 2009

You may have noticed by now that I’m a little bit of a SSL junkie. One of the manifestations of this obsession is enforcing SSL on this publicly accessible blog resulting in Theo Spears having to patch planetplanet to support HTTPS URLs.

To ensure the utmost security of this public content, I also disable all weak SSL ciphers (SSLCipherSuite HIGH in Apache does a good job of this). However, how can you check that this has taken effect?

Locally Supported Ciphers

Firstly, you will probably want a list of locally supported ciphers you can test with. Run openssl ciphers -v to get:

DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

Testing a remote system

Firstly check that any SSL ciphers are supported by the remote system by running openssl s_client -connect www.andymillar.co.uk:443. This should give you output similar to https://www.andymillar.co.uk/temp/openssl-1.txt. This is a successful connect.

Now try specifying a cipher by running openssl s_client -cipher EXP-RC4-MD5 -connect www.andymillar.co.uk:443. This should give you the following:

CONNECTED(00000003)
3979:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578:

This shows that the (weak, 40 bit RC4) cipher is not supported!. You can test by supplying different ciphers to make sure that only the ones you want are supported.

Guitar Hero RPG

Monday, May 25th, 2009

Guitar Hero RPG