Author Topic: HFS including SSl tools  (Read 103992 times)

0 Members and 1 Guest are viewing this topic.

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 880
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS including SSl tools)
« Reply #165 on: March 07, 2015, 06:05:55 PM »
US-cert:

NCCIC / US-CERT
National Cyber Awareness System:

FREAK SSL/TLS Vulnerability
03/06/2015 06:19 PM EST

Original release date: March 06, 2015
FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems.

Users and administrators are encouraged to review Vulnerability Note VU#243585 for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com to help determine whether their browsers are vulnerable. (Note: DHS does not endorse any private sector product or service. The last link is provided for informational purposes only.)
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Follow members gave a thank to your post:


Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS including SSl tools)
« Reply #166 on: March 10, 2015, 01:21:05 PM »
Thank you for the information.

OpenSSL versions before 1.0.1k are vulnerable:

http://www.kb.cert.org/vuls/id/BLUU-9UC2D8

The latest versions I posted online (292) are healthy ; The included versions of OpenSSL are more recent.

Apart from that , it is always recommended that users use a browser updated.
« Last Edit: March 10, 2015, 01:23:02 PM by SilentPliz »

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS including SSl tools)
« Reply #167 on: March 12, 2015, 05:08:51 PM »
12-03-2015     HFS 2.3d SSL 292f is online.

News:
Stunnel 5.11 final Compiled/running with OpenSSL 1.0.2
.
For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292f  :
http://silentpliz.perso.sfr.fr/hfs/hfs.292f.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292f-src.zip

« Last Edit: March 20, 2015, 01:27:02 PM by SilentPliz »

Follow members gave a thank to your post:


Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 586
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: For testing purpose (HFS including SSl tools)
« Reply #168 on: March 14, 2015, 07:14:12 AM »
Talking about security and vulnerabilities, how about this?:

POODLE - An SSL 3.0 Vulnerability (CVE-2014-3566)

Code: [Select]
http://en.wikipedia.org/wiki/POODLE
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/
https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

I'm not on technical details about this (I'm not an expert at all about this!), but I was wondering if "HFS 2.3d SSL 292f" is using SSL v3.0 (which is vulnerable) or TLS (which is not vulnerable) by default?...

According to this vulnerability, we should disable (not necessarily remove) SSL, and use TLS by default. Is that possible?...
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 880
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS including SSl tools)
« Reply #169 on: March 14, 2015, 04:41:15 PM »
Talking about security and vulnerabilities, how about this?:

POODLE - An SSL 3.0 Vulnerability (CVE-2014-3566)

According to this vulnerability, we should disable (not necessarily remove) SSL, and use TLS by default. Is that possible?...

Under the stunel config - Manualy edit the stunnel config, under options....
Thatis where you alow/change what protocal...

HFS PAth..\stunnel\stunnel.conf

edit with notepad ++ or notepad

look for disabled... Silent Plz has already done this...:
; Disable support for insecure SSLv2 protocol.
options = NO_SSLv2
; Disable support for insecure SSLv3 protocol.
options = NO_SSLv3
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Follow members gave a thank to your post:


Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 586
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: For testing purpose (HFS including SSl tools)
« Reply #170 on: March 16, 2015, 08:12:16 AM »
look for disabled... Silent Plz has already done this...:
; Disable support for insecure SSLv2 protocol.
options = NO_SSLv2
; Disable support for insecure SSLv3 protocol.
options = NO_SSLv3
Nice find!, I didn't notice it. ;)
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 880
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: HFS including SSl tools
« Reply #171 on: March 19, 2015, 08:27:44 PM »
Info only!

new open ssl..version "m"?... unknown what version you are using... probably already patched.. but:
---------------
National Cyber Awareness System:

OpenSSL Patches Multiple Vulnerabilities
03/19/2015 12:50 PM EDT

Original release date: March 19, 2015
OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

Updates available include:

OpenSSL 1.0.2a for 1.0.2 users
OpenSSL 1.0.1m for 1.0.1 users
OpenSSL 1.0.0r for 1.0.0 users
OpenSSL 0.9.8zf for 0.9.8 users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Security Advisory: http://openssl.org/news/secadv_20150319.txt
updates: http://www.openssl.org/news/
« Last Edit: March 19, 2015, 08:29:52 PM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Follow members gave a thank to your post:


Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #172 on: March 20, 2015, 01:28:27 PM »
20-03-2015     HFS 2.3d SSL 292g is online.

News:
-  Stable release
Stunnel 5.13 Compiled/running with OpenSSL 1.0.2a

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3d SSL #292g  :
http://silentpliz.perso.sfr.fr/hfs/hfs.292g.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3d_SSL_292g-src.zip
« Last Edit: March 25, 2015, 03:14:20 PM by SilentPliz »

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #173 on: March 25, 2015, 03:15:25 PM »
26-03-2015     HFS 2.3e SSL 293a is online.

News:
-  Stable release
+ upload: multiple file selection
+ search accounts by typing the first letter
* using jquery's CDN instead of google's
- delete not working after archive http://www.rejetto.com/forum/bug-reports/2-3d-(292)-delete-after-archive-repeats-the-archive-download-again/
- getUri problem http://www.rejetto.com/forum/programmers-corner/last-beta-sources/msg1059938/#msg1059938
- a big MD5 file can hang http://www.rejetto.com/forum/bug-reports/hfs-hangs-on-access/

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip
« Last Edit: March 26, 2015, 04:07:17 PM by SilentPliz »

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #174 on: March 26, 2015, 04:07:57 PM »
26-03-2015     HFS 2.3e SSL 293a is online.

News:
-  Stable release
+ upload: multiple file selection
+ search accounts by typing the first letter
* using jquery's CDN instead of google's
- delete not working after archive http://www.rejetto.com/forum/bug-reports/2-3d-(292)-delete-after-archive-repeats-the-archive-download-again/
- getUri problem http://www.rejetto.com/forum/programmers-corner/last-beta-sources/msg1059938/#msg1059938
- a big MD5 file can hang http://www.rejetto.com/forum/bug-reports/hfs-hangs-on-access/

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip

Follow members gave a thank to your post:


Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #175 on: March 30, 2015, 04:04:54 PM »
30-03-2015     HFS 2.3e SSL 293a is online.

News:
-  Stable release
Stunnel 5.14 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293a  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293a.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293a-src.zip

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #176 on: April 09, 2015, 01:27:11 PM »
09-04-2015     HFS 2.3e SSL 293b is online.

News:
-  Stable release
Stunnel 5.14 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293b  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293b.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293b-src.zip

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #177 on: April 11, 2015, 03:04:29 PM »
11-04-2015     HFS 2.3e SSL 293c is online.

News:
-  Stable release
-  button on "vfs tab" : explorer.exe

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293c  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293c.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293c-src.zip

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #178 on: April 17, 2015, 04:48:17 PM »
17-04-2015     HFS 2.3e SSL 293d is online.

News:
-  Stable release
Stunnel 5.15 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293d  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293d.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293d-src.zip

Online SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1244
  • ....... chut ! shh!
    • View Profile
Re: HFS including SSl tools
« Reply #179 on: April 20, 2015, 12:03:30 PM »
20-04-2015     HFS 2.3e SSL 293e is online.

News:
-  Stable release
Stunnel 5.16 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293e  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293e.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293e-src.zip

Follow members gave a thank to your post: