Archive for May, 2009
It appears that McAfee has been detecting Spotify (some music software) as a virus and deleting it.
This happened to some users at work (as to why they have Spotify installed I have no idea; as installing software on their computers is against the acceptable usage policy – I suspect that they need reminding of this).
The attidute of my colleague, and of Henri Cook, terrifies me; and appears to go along the lines of:
“Why is McAfee deleting my copy of spotify – how can I stop it deleting it”.
There are two ways people seem to go about this:
- Repeatedly try reinstalling Spotify.
- Disable McAfee.
Neither of these are sensible. Firstly, if McAfee has detected it as a virus once, it will do it again (and again (, and again (,…))). Secondly, if McAfee says something is a virus, it probably does so for good reason.
In this case, the Spotify detection was a false positive, and by the looks of it users have had to wait under 24 hours to get an updated set of virus definitions for their virus scanner before they are able to use Spotify again. Is it really worth exposing your system to potential virusses just so you can get access to Spotify for the short peroid of time before the virus definitions are updated?
You may have noticed by now that I’m a little bit of a SSL junkie. One of the manifestations of this obsession is enforcing SSL on this publicly accessible blog resulting in Theo Spears having to patch planetplanet to support HTTPS URLs.
To ensure the utmost security of this public content, I also disable all weak SSL ciphers (SSLCipherSuite HIGH in Apache does a good job of this). However, how can you check that this has taken effect?
Locally Supported Ciphers
Firstly, you will probably want a list of locally supported ciphers you can test with. Run openssl ciphers -v to get:
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Testing a remote system
Firstly check that any SSL ciphers are supported by the remote system by running openssl s_client -connect www.andymillar.co.uk:443. This should give you output similar to https://www.andymillar.co.uk/temp/openssl-1.txt. This is a successful connect.
Now try specifying a cipher by running openssl s_client -cipher EXP-RC4-MD5 -connect www.andymillar.co.uk:443. This should give you the following:
CONNECTED(00000003) 3979:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578:
This shows that the (weak, 40 bit RC4) cipher is not supported!. You can test by supplying different ciphers to make sure that only the ones you want are supported.