Do you use TLS or client certificates for authentication? Beware of new MITM vulnerability

As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.

For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:

 Renegotiating_TLS.pdf

Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf

Packet captures: renegotiating_tls_20091104_pub.zip

This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.

Stuck on a blacklist? Sue the big guys! Cisco, Microsoft, Comcast, TRUSTe

A web based tool I frequently use is called Network-Tools.com. I frequently use the site to lookup names associated with IP addresses and whois information and ping to the addresses. A recent notice on the page raised my concern. The notice says:

Network-Tools owner sues Microsoft, Cisco, Comcast and TRUSTe over IP Address Blacklisting
Suit alleges eavdropping, privacy policy fraud, breach of contract and defamation

Interesting stuff, huh? So why would this suit be raised? According to the page tracking the lawsuit:

The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.” Comcast even blocked his communication link with a mail server he operates outside the Comcast network. The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws. The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies. Continued »

Tools I use - Startup Control Panel

One of the tools I frequently use is called Startup Control Panel. This is a free tool from Mike Lin. It is a portable tool so it does not require any client installation and may be run from a USB memory stick. This tool is similar to the excellent Autoruns & Autorunsc tools from Sysinternals. This is a good method to get at and manage those items that startup when your system starts.

The Startup Control panel tool window looks like the window below:

Startup Control Panel window

Using the application:

I have successfully run this utility on both XP and Vista. The dialog contains six to seven tabs, depending on your system configuration. Each tab represents one place where a program can be registered to run at system startup. These include:

• Startup (user) - the current user’s Startup folder in the Start Menu.
• Startup (common) - the common (all users) Startup folder in the Start Menu.
• HKLM / Run - the Run registry key located in HKEY_LOCAL_MACHINE. These apply for all users.
• HKCU / Run - the Run registry key located in HKEY_CURRENT_USER. These apply for the current user only.
• Services - system services that are started before the user logs in. This appears only in Win9x; on NT/2000/XP, use the Services control panel, or the Services item in Computer Management.
• Run Once - started once and once only at the next system startup.
• Deleted - programs go to the Deleted tab when you remove them from another location. They will not run at system startup, but will merely be stored should you ever want to use them again. If you delete an item from the Deleted tab, it is removed permanently.

Each page contains a list of the programs registered at that location. Use the checkbox to enable or disable individual items. Additional operations are available by right-clicking an item. You can select multiple items using the Shift and Control keys. Options include:

• New… - create a new entry. You can also drag & drop files from My Computer or Explorer.
• Edit… - edit an existing entry.
• Delete - delete the currently selected entry.
• Disable / Enable - disable or enable the selected entry. A disabled program will appear in the list with a special icon, and will not run at system startup. You can also use the checkbox next to an item to enable or disable it.
• Run Now - executes the program now.
• Send To - moves the entry from the current location to another.
• Press F5 to refresh the list at any time.

Hope you find this tool as useful as I do. Thanks for reading and let’s continue to be good network citizens.

Microsoft IT professional resource - RunAs Radio

I just came across an excellent resource for IT professionals working with Microsoft products. It is called RunAs Radio. There are weekly podcasts about topics of interest to those of us who support Microsoft products. The podcasts are in multiple formats such as mp3, wma & AAC (iPod). I was particularly interested in the presentations on performance management. There are several presentations on this one topic. Some sample topics include:

Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”

Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.

Steven Choy Measures Server Performance!

Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.

Thanks for reading and let’s continue to be good network citizens!

Free Training - Laura Chappell presents: Wireshark 201 Jumpstart - Filtering on the Good, the Bad, the Ugly

Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.

Some things you will learn in this webinar:

• Using the Default Capture and Display Filters
• Creating a Few Hot Capture Filters
• Filtering Tips and Tricks for Troubleshooting
• Filtering Tips and Tricks for Security

Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.

Thanks for reading and let’s continue to be good network citizens!

Google’s Postini services restored - cascading issues caused message delivery issues

I recently posted about Google’s Postini - cloud email security service - delivery issues. This is a follow-on post about the incident root cause analysis and corrective actions. Maybe there’s some lessons learned here that you can use in your organization’s service delivery.

The impact on customer email services lasted more than 24 hours while Postini engineers worked to resolve the issues. So, this was not an insignificant event. During this period, messages were delayed and users were not able to get to their quarantines to release messages trapped by filters. Administrators were also unable to access the administration console. The Postini support portal was unreachable at times due to the high volume of users trying to get updates on the event. The support phone line queues were very long and it took a long time to reach a support agent. Nothing like this has happened before in all of the years we have been a Postini customer.

I just received the incident report about the service disruption and wanted to share some of the information with IT Trenches readers. Continued »

Google’s Postini - cloud email security service - delivery issues

Since very early today, US Eastern Daylight Time, Google’s Postini services have been experiencing some service issues. It is unknown as of this writing as to the cause or full scope of the issue. However, when logging into the Postini support portal, an administrator is given the following status indicators:

Postini system status on October 13, 2009

We have been Postini customers over 4 years now and this is the first time an outage like this has happened. It’s not a full outage as messages are still coming in although at a trickling rate rather than normal expected volumes. This outage is so bad that my ability to login to the support portal is impacted. I receive either an internal 500 server error or “Too many connectionsCould Not Select DB”. A recent update notification said that a secondary Postini secondary data center has been enabled.

The recent GMAIL outage raised some concerns about cloud computing. I wonder if today’s Google Postini outage is a symptom of some deeper Google service delivery problem.

Thanks for reading & let’s continue to be good network citizens! Hopefully you are not trying to send me any messages, who knows how long it might take for the message to reach me today. Otherwise, let me know what you think here in the comments.

IT services and The Three Chinese Curses

In America, October is the time when haunting, evil spirits and curses come to mind. Earlier today I posted a blog entry titled Can IT education bring an end to the recession? I used a quote that is attributed to a series of Chinese curses that go in ascending order of severity. After I used it, I pondered on the other two curses and their applicability to IT services.

According to Wikipedia, the three curses are:

• May you live in interesting times.
• May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
• May you find what you are looking for

Continued »

Can IT education bring an end to the recession?

Well, by my title I don’t mean entirely end the recession, and especially not just through IT education alone. I was listening to the radio the other day and heard a snippet about an upcoming story. Unfortunately, I was unable to hear the entire story. However, the topic of the upcoming story raised an interesting question about the link between economic stimulus and education. I tried finding the story online but have been unable to find it to cite here. Maybe I just imagined it, but the story topic was about the GI Bill and how it helped a nation recover economically after the Great Depression and a costly war. The story preview continued to say that the nation grew economically and scientifically in the years following the war. It is as a result of those who were educated under the GI Bill that a new world of technology was shaped:

• Man in space and man landing on the moon
• Satellites
• Lasers
• Solar cells
• Transistors

Just think about all the marvels that have appeared in our world since the mid-1940’s. The relationship between those educated under the GI Bill and these technological advances is easy to see. Now, fast forward to today and the current economic conditions. What will happen in the next few years in the world of technology as a result of those who have lost jobs, being retrained in new skills and starting new careers? Maybe technological advances won’t be as rapid as those in the post WW2 era, but I expect some life-changing advances due to the education and skill changes resulting from the current education stimulus packages.

Electronic medical records, for example, will change both the patient’s and health care professional’s lives. The technology advance may not be sexy like lasers, but it may have a greater impact on the country we live in as a whole. Maybe we are living under the Chinese curse that goes “May you live in interesting times!“

Thanks for reading and let’s continue to be good network citizens!

I resemble that award winning case study - wait, it IS me!

Have you ever wondered if vendor case studies are actually solutions to real life issues or if they are stories about compensated organizations using a particular vendor solution? Well, I am here to tell you that I know of at least one case study that is about an organization addressing real-life issues that was featured in an award winning vendor case study. The organization is the company I work for and the case study is about the challenges we faced with replacing an under-performing legacy Frame Relay network with a more efficient and flexible global solution that delivers high availability, remote access, and integrated security. For the record, no compensation was given for being the subject of this vendor case study.

The case study won the 2009 Best Deployment Scenario - VPN/IPSec/SSL and was featured in the Info Security Products Guide. The winning case study and announcement can be found at Manufacturing Company Achieves Security and Performance Goals with Virtela’s Remote Access Services from the Cloud.

See all 2009 Best Deployment Scenarios and Case Studies. This would be a good time to look at these and see if any of the solutions may meet some of the information security needs of your organization. Consider putting the solutions in your 2010 budgets.

Feel free to leave comments here or contact me through ITKE if you would like more information. Thanks for reading & let’s continue to be good network citizens.