Archive for the ‘ Security ’ Category

如何解决 TLS/SSL 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点: TLS Service Supports Weak Cipher Suite

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.

  • Severity: Medium
  • Risk: A TLS service was observed supporting weak cipher suites.
  • Recommendation: Disable the cipher suites listed in the evidence column of the measurement.

Read more

如何解决 SSH Server 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160

弱点扫瞄

弱点 1: SSH Supports Weak Cipher

The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.

  • Severity: Medium
  • Risk: A weak cipher has been detected.
  • Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.

弱点 2: SSH Supports Weak MAC

The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.

  • Severity: Medium
  • Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
  • Recommendation: Configure the SSH server to disable the use of MD5.

Read more

如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定

弱点扫瞄

弱点: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

  • Severity: High
  • Risk: A TLS service was observed supporting weak protocols.
  • Recommendation: Disable the protocols listed in the evidence column of the measurement.

Read more

如何自动将网站的 http:// 网址转址为 https://

弱点扫瞄

弱点: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

Read more

WannaCry 勒索病毒与 Windows 安全性更新档下载网址

这两天 WannaCry (WanaCrypt0r 2.0) 勒索病毒肆虐,台湾成为全球第二重灾区!!

这个病毒是针对 Windows 的 SMB 漏洞进行攻击,大部分其他病毒均是透过执行病毒所感染的档案来传播,与其他病毒不同的是,WannaCry 勒索病毒具有自行在“局域网路”扩散的能力

目前确定会遭受感染的作业系统为 Windows XP/Vista/7/8/8.1/10、Windows Server 2003/2008/2012,意思就是所有的 Windows 版本都会遭受感染

Read more

解决 Chrome 遗失 chrome_elf.dll 的问题

最近我的 Google Chrome 浏览器常出问题,不知道从哪一版开始,当要从外部的程式开启网页时,就会出现遗失“chrome_elf.dll”的问题:

除了出现这个错误之外,经常还会有网页打不开,或是网页停止回应的状况!!

一开始以为是装了哪个扩充套件造成,但问题一直解决不了!!

Read more

[JavaScript]如何防止自己的网站被别人以 iframe 盖台嵌入 (与反制办法)

“iframe (内置框架)”是用来在网页中的特定位置嵌入另一个网页。目前 Facebook、Google+、Twitter...等用来在网页上显示社群内容的社群元件,几乎都是以 iframe 实作出来的。

原本框架是一种很好的应用,但如果是自己辛苦制作的网页被别人的网站以 iframe 嵌入,因而出现在别人的网站里,成为别人网站的一部份!!这种感觉就像是自己的心血被别人整碗捧走一样!!

导回自已网站的方法

方法 1

于网页的原始码加入以下 Script:

<script type="text/javascript">
if( top.location != document.location ){
	top.location.href = document.location.href;
}
</script>

以上的 Script 会检查浏览器最上层视窗的网址是否与目前网页的网址一致,如果不一致,则把最上层视窗的网址改为目前网页的网址,就酱。

方法 2 (反制办法)

于网页的原始码加入以下 Script:

<script type="text/javascript">
if( top.location != document.location ){
	document.write("<h1 style='color:#FF0000'>未经授权嵌入别人的网页是可耻的行为!!</h1>(<a href='"+document.location+"' target='_blank'>原站网址</a>)");
}
</script>

以上的 Script 会检查浏览器最上层视窗的网址是否与目前网页的网址一致,如果不一致,就显示:

未经授权嵌入别人的网页是可耻的行为!!
(原站网址)

我比较不喜欢与人家互呛,所以我通常是用“方法 1”啦!

勒索病毒 (RansomWare) - 一种全新的商业模式

勒索病毒 (RansomWare)

近两年来出现一种新型态的电脑病毒:“勒索病毒”。(关键字: RansomWare、Crypt0L0ocker、CryptoLocker、CryptWall)

这种病毒会将受害人电脑里的文件类型的档案加密 (包含连结到 NAS 的档案),而受害人必须交付赎款才能取得解密程式。

由于病毒是使用很高阶的加密技术,受害人即使能删除病毒也救不回被加密的档案。防毒软件顶多能移除病毒,但仍无法解密档案! 因此只能选择交付赎款或放弃所有档案。

而台湾的受害人甚至必须到“全家便利商店”购买 BitCoin 来付赎款,就算请店员打 165 也没用!

唯有异地的档案备份才能解除危机。

这种“勒索病毒”严然成为了一种新的“商业模式”,并且已经做出了口碑,未来只会衍生出更多的变种病毒。

Read more

谈电脑防毒、网络安全与帐户安全

本文是综合我的经验,以及身为一个 MIS 的血泪所交织出来的资安重点,写的不算专业,但还是希望对于看到的人能有一点帮助。

防毒观念

  1. 病毒也是一种“软件”,必须有人去执行。散播病毒的人会设法引诱你去执行它。
  2. 防毒软件只能防“已知病毒”,新的病毒必需在有人中毒并且回报病毒样本之后才能研发出病毒码。直到防毒软件能全面防止新病毒通常是病毒已经肆虐了好几天之后的事情了。
  3. 写病毒的人如果觉得有利可图,病毒会更新的比防毒软件还勤快!!
  4. 个人的安全意识比防毒软件更为重要,人的因素,永远是资安最大的漏洞。

Read more

Linux 电子邮件防毒: ClamAV + Sendmail

本文要介绍的 Linux 的 E-Mail 防毒主要由两个套件组成: clamav 与 clamav-milter。

其中“clamav”是防毒软件、“clamav-milter”是 clamav 用来与 sendmail 整合的扫毒程式。

Read more

return top