张贴于Server

如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定

弱点扫瞄

弱点: SSL/TLS Service Supports Weak Protocol

Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.

  • Severity: High
  • Risk: A TLS service was observed supporting weak protocols.
  • Recommendation: Disable the protocols listed in the evidence column of the measurement.

继续阅读

如何自动将网站的 http:// 网址转址为 https://

弱点扫瞄

弱点: Site does not enforce HTTPS

The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:

  1. Open Wi-Fi Hotspots
  2. WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
  3. Malicious Wi-Fi access points
  4. Compromised switches and routers
  5. ARP poisoning on the same wired network

It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.

  • Severity: High
  • Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
  • Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.

继续阅读

修改 Windows 的休眠设定,避免电脑自动休眠

我的电脑在某次更新 Windows 10 之后,原本已设定好不让它自动关机的电脑竟会进入休眠状态! 原因似乎是进入休眠的时间被改动了,而在 Windows 的设定中却不容易找到“休眠”的细部选项!

这 Windows 可真爱找麻烦!

先来看一下 Windows 10 关机选单的 4 个选项做为相关知识:

  1. 睡眠 (Sleep, S3): 会将桌面及应用程式的状态写入至内存,让电脑以极低的耗电方式维持在开机的状态,以便在唤醒电脑时,可以立即回到睡眠前的电脑状态。从 Windows Vista 起,睡眠 (Sleep) 模式已取代了待命 (Standby) 模式。
  2. 休眠 (Hibernate, S4): 会将桌面及应用程式的状态写入至磁盘再关闭电脑的电源,电脑下次开机会恢复到休眠前的电脑状态。从休眠状态下开机的速度会比睡眠还慢。
  3. 关机 (Shut down, S5): 关闭所有应用程式并关闭电脑的电源,不会自动储存任何状态。
  4. 重新开机 (Restart): 关闭所有应用程式并重新启动电脑及作业系统。

继续阅读

CentOS 5/6 改为可用的 yum 套件库来源 (2022)

若执行 yum 出现:

http://mirror.centos.org/centos/6/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
To address this issue please refer to the below knowledge base article

表示系统默认的 yum 套件库可能已经不存在!

我们可以在 vault.centos.org 找到可用的套件库来源:

  • vault.centos.org: http
  • archive.kernel.org: http - rsync (rsync://archive.kernel.org::centos-vault/)
  • linuxsoft.cern.ch: http - rsync (rsync://linuxsoft.cern.ch/centos-vault/)
  • mirror.nsc.liu: http - rsync (rsync://mirror.nsc.liu.se::centos-store/)

继续阅读