Re: Notepad popups in Internet Explorer and Outlook

From: Marty Godsey (marty.godsey_at_IPAYMYBILLS.COM)
Date: 08/06/03

  • Next message: Bowden, Zeb: "Windows 2000 Vulnerability when renaming TSInternetUser (and potentially other accounts)"
    Date:         Wed, 6 Aug 2003 11:50:50 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hello,

    Has anyone ran into issues with disabling weak SSL ciphers in W2K?

    Here is my scenario:

    I am performing a Qualys scan to see what vulnerabilities need to be
    addressed. Two specific ones come up

            1.SSL V2 is enabled
            2.weak ciphers

    Both of these are addressed by Microsoft in articles 187498 and 216482.
    I perform what Microsoft says to do in the registry to fix this
    vulnerability and reboot the server. However, I do another scan
    afterward and the same ones are there. I also disable SSL 3.0 on my web
    browser and I can still access my site?? This is telling me SSL 2.0 is
    still enabled.

    Has anyone see issues with this or now how to correct it? The key we
    are using is a 128bit SSL key with enforce SSL enabled on the webserver.

    Thanks,

    Marty Godsey
    Network Administrator
    iPay, LLC
    866-851-4729 Extension 208

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Bowden, Zeb: "Windows 2000 Vulnerability when renaming TSInternetUser (and potentially other accounts)"

    Relevant Pages

    • Re: OWA issue
      ... Have you opened port 443 (SSL) for external access? ... What do you mean with 'i find a problem is certification is overdue', ...
      (microsoft.public.exchange.admin)
    • Re: Python and SSL
      ... I am still a newbie with SSL issues but I found out that: ... a certificate that is signed by OpenSSL's own CA(certification ... authority), that is not recognized in the program's list of root CAs, ...
      (comp.lang.python)
    • RE: Certification
      ... think you're looking for the mechanisms behind "SSL" and where ... certificates fit in. ... Subject: Certification ...
      (Security-Basics)
    • Liu Die Yu findings verified, details
      ... NAFjpuInHistory, cross-domain scripting ... The impact of the working cross-domain scripting vulnerabilities is ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: Alert: Microsoft Security Bulletin - MS03-039
      ... What do you mean by patch now? ... I say immediately because I expect to see a new worm based on either of the 2 new vulnerabilities capable of being turned into a worm. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)