Re: Notepad popups in Internet Explorer and Outlook

From: Marty Godsey (marty.godsey_at_IPAYMYBILLS.COM)
Date: 08/06/03

Next message: Bowden, Zeb: "Windows 2000 Vulnerability when renaming TSInternetUser (and potentially other accounts)"

Previous message: Star IT - M. Sproede: "AW: CA eTrust Antivirus 7.0 - System account lockout"
In reply to: Russ: "Re: Notepad popups in Internet Explorer and Outlook"
Next in thread: kmj1000_at_HERMES.CAM.AC.UK: "Revised NAT-T XP patch (818043)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 6 Aug 2003 11:50:50 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello,

Has anyone ran into issues with disabling weak SSL ciphers in W2K?

Here is my scenario:

I am performing a Qualys scan to see what vulnerabilities need to be
addressed. Two specific ones come up

1.SSL V2 is enabled
2.weak ciphers

Both of these are addressed by Microsoft in articles 187498 and 216482.
I perform what Microsoft says to do in the registry to fix this
vulnerability and reboot the server. However, I do another scan
afterward and the same ones are there. I also disable SSL 3.0 on my web
browser and I can still access my site?? This is telling me SSL 2.0 is
still enabled.

Has anyone see issues with this or now how to correct it? The key we
are using is a 128bit SSL key with enforce SSL enabled on the webserver.

Thanks,

Marty Godsey
Network Administrator
iPay, LLC
866-851-4729 Extension 208

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Next message: Bowden, Zeb: "Windows 2000 Vulnerability when renaming TSInternetUser (and potentially other accounts)"

Previous message: Star IT - M. Sproede: "AW: CA eTrust Antivirus 7.0 - System account lockout"
In reply to: Russ: "Re: Notepad popups in Internet Explorer and Outlook"
Next in thread: kmj1000_at_HERMES.CAM.AC.UK: "Revised NAT-T XP patch (818043)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: OWA issue
... Have you opened port 443 (SSL) for external access? ... What do you mean with 'i find a problem is certification is overdue', ...
(microsoft.public.exchange.admin)
Re: Python and SSL
... I am still a newbie with SSL issues but I found out that: ... a certificate that is signed by OpenSSL's own CA(certification ... authority), that is not recognized in the program's list of root CAs, ...
(comp.lang.python)
RE: Certification
... think you're looking for the mechanisms behind "SSL" and where ... certificates fit in. ... Subject: Certification ...
(Security-Basics)
Liu Die Yu findings verified, details
... NAFjpuInHistory, cross-domain scripting ... The impact of the working cross-domain scripting vulnerabilities is ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
(NT-Bugtraq)
Re: Alert: Microsoft Security Bulletin - MS03-039
... What do you mean by patch now? ... I say immediately because I expect to see a new worm based on either of the 2 new vulnerabilities capable of being turned into a worm. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
(NT-Bugtraq)