Everything, Everything - March 2012

2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Saturday 31st March, 2012 19:02
I wonder when someone good will be on #thevoice
Sunday 25th March, 2012 12:21
Surprised how good a signal my phone had as I walked along a canal. Girlfriend was less impressed for some reason. Served my drinks though.
Sunday 25th March, 2012 09:44
Wireless died this morning. Only G, could still connect with N, and I have a hidden G access point. Almost had to get out of bed to fix it!
Wednesday 21st March, 2012 17:51
Just tried putting my headphones away in a jacket pocket that doesn't exist in my coat. #fail
Sunday 18th March, 2012 09:43
Looks like #Nmap works fine on Windows 8! :D
Saturday 17th March, 2012 22:24
My wireless bridge is much faster than the Powerline setup it replaced. Is it greedy that I'm now using 3 channels? 2 x 2.4GHz and 1 x 5GHz.
Saturday 17th March, 2012 22:18
Really not a fan of the new interface in Windows 8 so far, but I do like being able to pause and resume SMB file copying.
Nessus False Negative
Friday 16th March, 2012 11:20
I was a little bit surprised to discover that Tenable's Nessus had failed to identify support for SSLv2 on a few servers last week. It was definitely a false negative, as other tools showed that two ciphers were supported (Nmap, THCSSLCheck, Qualys SSL Labs, OpenSSL client). Nessus could accurately identify SSLv2 on a test server of mine, which suggested that there was some subtle quirk that Nessus wasn't expecting.

I contacted Nessus using their support portal. What followed was a quick, polite and professional exchange of messages. I was kept informed that their plugin development team were looking into the issue. They then asked me to send them some packet captures using the various tools, which I provided. Just over 48 hours later they informed me that they've made a change that should fix the issue.

Almost exactly a year ago, I ran into a somewhat similar issue with a rival tool (I won't name names). That tool completely failed to identify SSLv2 support for an SMTPS server running on the standard TCP port 465. Again, the OpenSSL client negotiated an SSLv2 connection using DES-CBC3-MD5, so we knew it was a false negative (plus Nessus had correctly identified it during several test scans in the past, and it was a server I'd setup that I knew was vulnerable). We raised this with them, a colleague of mine even joined a conference call with one of their developers, and it was eventually determined that they basically didn't check for SSLv2 support for that service. They said it'd take a while to fix. In the end, it took over six months before they said they'd fixed it.

So well done and thank you Tenable.
Who's That Girl?
Thursday 15th March, 2012 09:26
Who's that girl?
It's Jess.

Does anyone else sing the "It's Jess" part of the title sequence to New Girl? Oh, it's just me then.
Tuesday 13th March, 2012 10:16
Back when I was at university (many years ago) I heard people talk about Mocha, a Java decompiler. I never used it, as it wasn't much help when you're supposed to write code from scratch, but it seemed to have a good reputation. This morning Joe called me asking if I knew of any good tools for decompiling Java as he's testing an application that appears to be Java based. I thought of Mocha, but decided to look it up as I hadn't heard people talk about it recently, and there are probably better tools around by now. This took me here, where I sadly discovered that the author - Hanpeter van Vliet - died from cancer at the ridiculously young age of 34. I shall now dedicate the mocha I'm coincidentally drinking this morning to his memory.
Saturday 3rd March, 2012 19:45
Looking forward to @mrchrisaddison being funny on stage tonight.
© Robert Nicholls 2002-2018
The views and opinions expressed on this site do not represent the views of my employer.