You’ve likely heard of radio frequency identification (RFID) technology. Here’s what it is, where it’s used today, where it’s likely to be used tomorrow, what it means for privacy seekers and how to defeat it.
I’ve just gotten a new email from a very suspicious looking email address claiming they were HMRC and that I’m entitled to a refund.
Email address: “Gateway HMRC” <4YFW1AHTNGVH-KRBZC2H46EQF9-vWwByutFvbxt-HilwPbUkynMNX@twyford.ealing.sch.uk>
Email Subject: DO NOT REPLY | ‘Payment receipt return’ | ‘Review your automatic payment’ | ‘Item No.31468060423885’ gukm3038 8/22/2018 Continue reading “New HMRC Phishing Scam”
If you are looking to remove the server header from your IIS, you will need to install URL Scan to be able to go through the settings.
UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).
Install the URLScan in your machine. Please follow the following link for that
When you are trying to install it on a new server, you might get an error saying:
IIS Metabase is required to install Microsoft UrlScan Filter v3.1
To fix this issue:
- Open Web Platform Installer
- Search for metabase and install “IIS: IIS 6 Metabase Compatibility”
- Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 )
- Click on Install. You are shown a review of components you selected to install. Click on I accept.
- The components are installed and will show you a Finish screen. Click on Finish.
- To check installation, go in IIS and click on your server node.
- Click on ISAPI filters under IIS
After installing URLScan, open the URLScan.ini file typically located in the %WINDIR%\System32\Inetsrv\URLscan folder. After opening it, search for the key RemoveServerHeader . By default it is set to 0, but to remove the Server header, change the value to 1.
Doing so will remove the Server header Server: Microsoft-IIS/7.5 (8) from the User mode response.
When developing integrations with external services (REST, SOAP), there is often the need to use specific SSL protocols, namely:
- TLS 1.1
- TLS 1.2.
While trying to use those API’s in OutSystems applications, such attempts to integrate may not work, and produce errors like:
- The request was aborted: Could not create SSL/TLS secure channel.
- Unsupported procotol. You need to enable TLS X.X to use this API
(other types of errors may occur, related to the required SSL protocols)
TLS 1.0 is no longer secure. Exploits exist to downgrade a connection based on TLS 1.0 to an older version of the protocol. There is no active exploit affecting all of TLS 1.1, but the downgrade attack works on some versions and installations and academically speaking, TLS 1.1’s hash functions are under threat.
If using an older SSL/TLS protocol revision you could have someone sitting on the line and taking in your data while absolutely nothing about the connection indicated it. A compromised secure connection is no different from an insecure connection, but may give a false sense of security.
The revision and deprecation of protocols is an expected, occasional thing, as encryption techniques improve and processing speeds increase over time. This deprecation and notice is for our customers’ security. Anyone keeping up with the latest developments will already be secure, but those who have not kept up to date could end up using an insecure method.
What is TLS?
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third-party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
- TLS 1.1 Spec: http://tools.ietf.org/html/rfc4346
- TLS 1.2 Spec: http://tools.ietf.org/html/rfc5246
- Vulnerabilities prompting moving from TLS 1.0/1.1: https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/
- TLS 1.1 uses a combination of SHA-1 and MD5 by default, whereas TLS 1.2 uses SHA-256. Academically speaking, an attack on TLS 1.1 is sitting somewhere between “will be plausible in a few years” to “actively in-use by nation states.”
Most of you only know that TelNet is a Port ( Port 23 ) or that TelNet is a Remote Control Tool. Remote Control means in this aspect that you as Client can get a Connection to for example a TelNet Server and then you can write Commands in a derivative of a Shell and this commands are executed only on this server not on your machine. But I want to show all you guys how to use this simple Remote Control Tool in several ways, because this simpleness is brilliant. Continue reading “How to use Telnet”
This information is to be used for informational purposes only.
I am asked at least 5 or more times a day by young, beginning “hackers”, “How can I hack?” or “Is there a way to hack a web site?” Well there is. There are, in fact, literally hundreds of ways to do this. I will discuss a few in this text to get you started. Every hacker has to start somehow and hacking web servers and ftp servers is one of the easiest ways.
If you are reading this I am assuming that you already have a basic knowledge of how web servers work and how to use some form of UNIX. But I am going to explain that stuff anyway for those of you who don’t know. Continue reading “Hacking Servers: A beginner’s guide”
Hiya all, it’s been a while since I had the opportunity to laugh at a scam so nicely done
STOP CONTACTING THEM !!!! MW Mrs. Rozella Wittmeyer. <email@example.com> Thu 18/01/2018, 3:06 PM Attention: I am Mrs. Rozella Wittmeyer, I am a US citizen, 48 years Old. I reside here in Texas USA.My residential address is as follows, 1109 Lake Haven Drive Little Elm Texas 75068 United States,am thinking of relocating since I am now rich. I am one of those that took part in the compensation in United State of American many years ago and they refused to pay me, I had paid over $56,000 while in the US,trying to get my payment all to no avail. So I decided to travel to Washington with all my compensation documents, And I was directed by the Federal Bureau of Investigation Director to contact Barrister Tony Gani, who is a representative of the Federal Bureau of Investigation and a member of the Compensation Award Committee, currently in USA and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake. He took me to the paying bank for the claim of my compensation payment. Right now I am the most happiest woman on earth because I have received my compensation funds of $10.5 Million US Dollars,Moreover,Barrister Tony Gani showed me the full information of those that are yet to receive their payments and I saw your email as one of the beneficiaries on the list he showed me, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Barrister Tony Gani. Kinldy send your personal details to him to prove your identification. Full Name: Home Address: Occupation: Phone Number: Age: Gender: country: Listed below are the name of mafias and banks behind the non release of your funds that I managed to sneak out for your kind perusal. 1) Prof. Charles soludo 2) Senator David Mark 2) Micheal Edward 3) Chief Joseph Sanusi 3) Sanusi Lamido 4) Dr. R. Rasheed 5) Mr. David Koffi 6) Barrister Awele Ugorji 7) Mr. Roland Ngwa 8) Barrister Ucheuzo Williams 9) Mr. Ernest Chukwudi Obi 10) Dr. Patrick Aziza Deputy Governor - Policy / Board Member 11) Mr. Tunde Lemo Deputy Governor - Financial Sector Surveillance/Board Member 12) Mrs. W. D. A. Mshelia Deputy Governor - Corporate Services / Board Members 13) Mrs. Okonjo Iweala 14) Mrs. Rita Ekwesili 15) Barr Jacob Onyema 16) Dr. Godwin Oboh: Director Union Bank Of Nigeria. 17) Mr. John Collins: Global Diplomat Director. 18) Foreign fund diplomatic courier 19) Barr. Becky Owens 20) Rev. Steven Jones 21) Mr. Alfred james 22) Mrs. Sherry Williams 23) Mr. Scott Larry You have to contact Barrister Tony Gani directly on this information below. Compensation Award House Name: Barrister Tony Gani Email: firstname.lastname@example.org You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Barrister Tony Gani was just $450 USD for the paper works, take note of that. Once again stop contacting those people, I will advise you to contact Barrister Tony Gani so that he can help you to deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction. Thank you and be Blessed. Mrs. Rozella Wittmeyer. 1109 Lake Haven Drive, Little Elm Texas 75068 United States.
Now why would a middle aged woman from the “United States of American” having an email address made in IRAN contact me without actually knowing my name? 🙂
It seems the text has been copied from Google translate and what I found, the lady name might differ but the Barrister Tony Gani has been reported before:
The so-called “419” scam is a type of fraud dominated by criminals from Nigeria and other countries in Africa. Victims of the scam are promised a large amount of money, such as a lottery prize, inheritance, money sitting in some bank account, etc.
This is obviously a scam but just a reminder:
- Never disclose personal information in any email
- any amounts that has millions and millions awaiting you are not yours
- the names of people involved in the email might be real but might not actually be used with the people’s permissions
- If the reply-to email is different than the sending email – that’s a spoof marker