Archive for April, 2014
Heartbleed versus nmap
The quickest way to detect if your site, organizations sites or just sites you use are vulnerable to the heartbleed bug you can use one of the following:
mcafee: http://tif.mcafee.com/heartbleedtest
http://www.f-secure.com/en/web/home_us/key?ecid=5856
Another way to check is to used nmap.  .
Requirements:
-nmap -or-zenmap
-authorization to scan*
Step 1.  Install nmap/zenmap
For Windows NT – 2K8
Latest release self-installer: nmap-6.40-setup.exe
Latest command-line zipfile: nmap-6.40-win32.zip
*ridiculously Windows Install instructions: http://nmap.org/book/inst-windows.html
Step 2. Install nmap heartbleed script & tls.lua
Download the file tls.lua (https://svn.nmap.org/nmap/nselib/tls.lua)
Move the tls.lua file to the nmap directory
download the file ssl-heartbleed.nse (http://nmap.org/nsedoc/scripts/ssl-heartbleed.html)
Move the file to nmap scripts folder
Step 3. Run the Command
nmap -sV –script=ssl-heartbleed <target>

 

Other SSL Testers
qualys overall ssl status: https://www.ssllabs.com/ssltest/
Android SSL testers:
Bluebox heartbleed scanner: https://play.google.com/store/apps/details?id=com.bblabs.heartbleedscanner
Heartbleed detector: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector
Am I affected by the heartBleed bug
CVE-2014-0160

CVE-2014-0160

YES. If you use SSL/TLS – which is in https, secure Instant messaging, secure email on other “secure” services online, then there is a better than 60% chance you are affected or have an account that was vulnerable.

 

What can you do about it?

Get informed. Here is a little information on what it is, what it affects and how to protect yourself and/or organization.

 

Why should you be concerned?
This weakness allows attackers to steal information you thought was protected.  So things like bank, hospitals, and other critical resource may have been susceptible to the vulnerability for years.
As mentioned above, SSL/TLS provides security for banking, online shopping, instant messaging, email and other services.  The heartbleed vulnerability allows anyone on the Internet to read the memory of the systems protected by vulnerable versions of OpenSSL.  If someone can read the memory of the system, they can access the secret key used to identify the service providers, and to encrypt the traffic, the names and passwords of users.
More on HeartBleed:
Heartbleed is a major vulnerability in OpenSSL.  This vulnerability has been known since 2012 or 2011 by NSA and others.  The NSA used it as a method of infiltrating systems for spying (rather than notifying the good citizens of Earth).  The NSA is not winning friends lately.
What versions of OpenSSL are affected?
Users and service providers using OpenSSL 1.0.1 through 1.0.1f .
Who is Safe?
According to codenomicon‘s site http://heartbleed.com/
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
more on heartbleed:
In the news: http://abclocal.go.com/kgo/video?id=9498581

CVE-2014-0160
computer starts up slow

I noticed that my computer was starting up slow.. SUPER slow!  I ignored it for a long time… months.  But I noticed each time I added new software, the system started up slower and slower.

Why your computer starts up slow?  These days when you install new software, its default setting is “autorun” which means, it is set up to start when your computer starts.  So if you notice 30 different applications are popping up when you boot up your system, that is why the system is slow.  Its starting each app.

If you computer starts up slow, here is how you can get it much faster.

computer starts up slow msconfig.exe

slow computer start use msconfig.exe

computer starts up slow – MSCONFIG

The first place to check out for slow reboots, is msconfig.

Go to Start | Run | type “msconfig” | Enter

“MSConfig (officially called System Configuration in Windows Vista, Windows 7 and Windows 8 or Microsoft System Configuration Utility in previous operating systems) is a system utility to troubleshoot the Microsoft Windows startup process.”

Once you click Enter you will see the msconfig message box.  Once you are in msconfig, select the “Startup” tab and you will see all the software that is set to startup when the system starts up.

computer startup slow msconfig

computer startup slow msconfig

MSconfig show the root of the problem.  I had scores of proprietary applications starting up by default, not to mentions a dozen other applications that I had installed and left default.  This is why my system was taking anywhere from 3-5 minutes to be of any use.  I would often avoid turning off the system just so I did not have to wait each time for it to boot.. NOW THAT IS LAZY!!

Once in MSconfig, disable the applications you don’t want starting when the computer starts.  Once you are complete, click OK.

And you are done.

Here is another place you can check for application startups:

computer starts up slow Startup

computer starts up slow Startup

BONUS ROUND!! – Search Conduit – backgroundcontainer RunDLL

I had a pesky “RunDLL” file that kept trying to run when my computer was starting.  I did not see it in the Startup folder or in MSConfig.  But I noticed that it was from some adware called SearchConduit (my arch nemesis).  I had removed it months ago, but it is so aggressive, spammy and similar to malware that it leave hooks in the registry keys.

Here is how I removed it.

computer starts up slow RegEdit FIND RunDLL

computer starts up slow RegEdit FIND RunDLL

You will have to go to regedit – Start | Run | regedit

*I don’t recommend regedit unless you are comfortable with doing complex configurations on your PC.. if you don’t know what your doing, you can destroy you OS in regedit*

Once in regedit, click CTRL+F (find) and search for the key.  delete the key.  You will need to delete if from the left side of the regedit panel or you will get the error you see displayed.

If you did all of this, you cleared all irrelevant default starts from legit applications and removed any DLLs that are not supposed to be there and you computer is still slow, you may have a completely different issue:

  • defrag your hard drive
  • Maybe you have malware (i use webroot & spybot search and destroy)
  • You have very agressive (hidden) adware (spybot search and destroy.. it works)
  • Your computer is too old (try newegg, they have good prices)
  • Your computer needs more memory (RAM check Task Manager – check memory usage)
  • Your hard drive is jacked up (may hear a crunching or metal on metal sound)