Saturday 28 March 2015

Changelog – Oracle VM VirtualBox v4.26

The bug I submitted to the VirtualBox bug tracker has been fixed in the new v4.26:
Changelog – Oracle VM VirtualBox:

The bug was regarding the difficulties of using Mouse Capture in v4.24:
https://www.virtualbox.org/ticket/13935

'via Blog this'

Friday 20 March 2015

Default security config of IE11 on Windows 8.1 is stronger than Chrome or Firefox

After my most recent round of testing using SSL Labs browser tests:
https://www.ssllabs.com/ssltest/viewMyClient.html

I was surprised to find that IE11 one Windows 8.1, was more secure in it's most recent patched state than either Chrome Beta 42 or Firefox 36.01.

Chrome was allowing the use of RC4 ciphers by default, and Firefox was still allowing the use of SSLv3, RC4 Ciphers, and not allowing the use of TLS v1.2.

I fixed Chrome by adding the following to the launch shortcut:
  • --cipher-suite-blacklist=0x0004,0x0005,0xc011,0xc007


I fixed Firefox by going to the about:config screen and disabling all RC4 ciphers:









I also set the minimum TLS version to 1 (v1.0) and maximum to 3 (v1.2):














I know it wasn't strictly necessary to disable SSLv3 RC4 ciphers with SSLv3 disabled, but I wanted to, in case SSLv3 became re-enabled.

Thanks to king_julian for the help with Chrome.

Thanks to //Crash Mag for the help with Firefox.

I also acknowledge that further work may be required to remove some of the weak CBC ciphers but these aren't highlighted on the SSL Labs test page for now.

Saturday 7 March 2015

#13935 (Mouse capture failing upon guest install after upgrade to v4.3.24) – Oracle VM VirtualBox

Since upgrading Virtualbox from v4.3.22 to v4.3.24, mouse interaction with the guest has gone a bit strange. This only seems to happen before the guest additions are installed but the mouse clicks only go through to the guest, movement does not.

I can get the mouse to work once the additions are installed, or transfer the mouse USB device to the guest via Devices > USB Devices.

Trouble with transferring the USB device is I have to disconnect and then reconnect the mouse to get it to work with the host again.

#13935 (Mouse capture failing upon guest install after upgrade to v4.3.24) – Oracle VM VirtualBox:

'via Blog this'

Friday 6 March 2015

Tracking the FREAK Attack

Are your servers and browsers susceptible to the latest SSL issue?

Tracking the FREAK Attack:

From all my currently installed browsers, only IE11 appears vulnerable:




https://technet.microsoft.com/en-us/library/security/3046015

My other browsers appear fine:
  • Chrome Beta 41
  • Firefox 36.0.1
  • Firefox Nightly 39.0a1 (2015-03-06)
  • Maxthon 4.4.1.5000
  • SeaMonkey 2.32.1


'via Blog this'

Sunday 1 March 2015

Unable to update Chrome Beta on Fedora 21

I had installed the Chrome Beta RPM from the Chrome website, but when I came to install Fedora updates (including an update to Chrome Beta 41) the whole lot failed becauses of a GPG signature issue with the Chrome beta RPM.

I found the answer here:
http://forums.fedoraforum.org/showthread.php?t=251973

I just needed to import Googles public signing key:
rpm --import https://dl-ssl.google.com/linux/linux_signing_key.pub