CSAM: SSL Request Logs
Today you may have noticed that the ISC website was down for a few minutes. This was the result of tuning our SSL configuration a bit. Configuring SSL is a bit of a balancing act. First of all, you want to configure SSL as secure as possible, which means limiting yourself to the hardest and most modern ciphers, secondly, you want to make sure that all of your users are still able to connect and that you are not loosing any old browsers that you still need to support. There are hundreds if not thousands of possible combinations (Operating system, browser, ssl library version), which does make it hard to predict what is going to happen.
Luckily, web servers like Apache have a feature to log what cipher is negotiated for a given connection.
In order to enable this feature, you use the "CustomLog" configuration directive. I am using:
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{User-Agent}i
This will log the access time (%t), the client IP address (%h), the SSL protocol ( %{SSL_PROCOL}x ) the SSL cipher ( %{SSL_CIPHER}x ) and the user agent. You could just add this to your normal access log as well, but I prefer to keep it in a separate log.
Here are a couple of lines from the log:
[09/Oct/2013:17:46:21 +0000] x.x.x.x TLSv1 AES-256 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
[09/Oct/2013:17:46:21 +0000] y.y.y.y TLSv1 AES-256 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
09/Oct/2013:17:54:28 +0000] z.z.z.z TLSv1 RC4 Motorola
And you will see failed connection that did not manage to negotiate a connection:
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Other Patch Tuesday Updates (Adobe, Apple)
Adobe released two bulletins today:
APSB13-24: Security update for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html
I don't remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window.
APSB13-25: Security update for Adobe Acrobat and Adobe Reader
http://www.adobe.com/support/security/bulletins/apsb13-25.html
This update fixes a problem that was introduced in a recent update and effects Javascript security controls. As a result, only version 11.0.4 appears affected, no earlier versions. Only the Windows version of these Adobe tools are affected.
Apple released iTunes 11.1.1 today. The respective security page has not yet been updated, but expect a link to the security content of this update within the next day or so. http://support.apple.com/kb/HT1222 . This update only affects Windows. Patches for iTunes on OS X are usually released as part of OS X updates.
Did I miss any?
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago