Monthly Archives: May 2015

SSL Test Report

2016 Third Party Presidential Candidates’ Website SSL Reports

Leave a comment

Declared Candidates

Candidate (alphabetical by last name) Party Website SSL Labs Server Test Link Grade (5/27/15)
Paul Chehade Independent paulchehade.org Link Certificate name mismatch
Scott Copeland Constitution www.scottcopelandusa.com Link Certificate name mismatch
Ken Cross Reform www.kencross.com Link Certificate not valid for domain name / Unable to connect to server
Mark Dutter Independent www.dutterforpresident.com Link Certificate name mismatch
Marc Feldman Libertarian www.votesnotforsale.com Link No secure protocols supported / Certificate not valid for domain name
Martin Hahn Independent  martinhahn-2016.vote Link Certificate name mismatch
David Hendrix Independent hendrixforpresident2016.com Link Unable to connect to server
David Holcomb Independent No campaign website listed
Cecil Ince Libertarian https://rally.org/f/2c0Bs2lcNFD
Lynn Sandra Kahn Independent www.vote4lynn2016.com Link No secure protocols supported / Certificate not valid for domain name
Steve Kerbel Libertarian stevekerbel2016.com Link Unable to connect to server
Chad Koppie Constitution chadkoppieforillinois.com Link Certificate name mismatch
Bishop Julian Lewis, Jr. Independent www.julianlewis53.com Link Certificate name mismatch
Mark Pendleton Independent pendleton4prez2016.webs.com
Darryl Perry Libertarian darrylwperry.com Link Certificate name mismatch
Scott Smith Independent www.scottsmith2016.com Link Certificate name mismatch
Tami Stainfield  Independent tamistainfield.com Link No secure protocols supported
Samm Tittle Independent www.samm2016.com Link A

2016 Democratic Presidential Candidates’ Website SSL Reports

2016 Republican Presidential Candidates’ Website SSL Reports

Current as of 5/27/15

Source: http://2016.presidential-candidates.org/?other=other

SSL Labs SSL report version 1.18.1

SSL Test Report

2016 Democratic Presidential Candidates’ Website SSL Reports

Leave a comment
Candidate (alphabetical by last name) Status Website SSL Labs Server Test Link Grade (5/27/15)
Hillary Clinton Declared www.hillaryclinton.com Link A / B (Inconsistent server configuration)
Martin O’Malley Declared martinomalley.com Link B
(5/31/15)
Bernie Sanders Declared berniesanders.com Link A

2016 Republican Presidential Candidates’ Website SSL Reports

2016 Third Party Presidential Candidates’ Website SSL Reports

Last updated 5/31/15

Sources:

SSL Labs SSL report version 1.18.1

SSL Test Report

2016 Republican Presidential Candidates’ Website SSL Reports

Leave a comment
Candidate (alphabetical by last name) Status Website SSL Labs Server Test Link Grade (5/27/15)
Skip Andrews Declared www.skipandrews2016.com Link B
Michael Bickelmeyer Declared www.michaelbickelmeyer.com Link Certificate name mismatch
Kerry Bowers Declared www.kerrybowers.com Link Certificate name mismatch
Dr. Ben Carson Declared www.bencarson.com Link A
Dale Christensen Declared www.dale2016.com Link B
Ted Cruz Declared www.tedcruz.org Link A+
John Dummett, Jr. Declared www.dummett2016.com Link Certificate name mismatch
Mark Everson Declared markforamerica.com Link Certificate name mismatch
Carly Fiorina Declared carlyforamerica.com Link C
Chris Hill Withdrawn www.chrishillforpresident.com
Mike Huckabee Declared mikehuckabee.com Link B
Michael Kinlaw Declared* www.michaelkinlaw.com
George Pataki Declared www.georgepataki.com Link Unable to connect to server
(6/1/15)
Rand Paul Declared www.randpaul.com Link A
Michael Petyo Declared www.petyoforpresident.com Link Certificate name mismatch
Marco Rubio Declared marcorubio.com Link
Brian Russell Declared www.russell2016.com Link Certificate name mismatch
Rick Santorum Declared www.ricksantorum.com Link No secure protocols supported / Certificate not valid for domain name

2016 Democratic Presidential Candidates’ Website SSL Reports

2016 Third Party Presidential Candidates’ Website SSL Reports

Last updated 6/1/15

Sources: http://2016.republican-candidates.org/

http://blogs.cfr.org/lindsay/2015/05/29/campaign-2016-george-pataki-gop-presidential-candidate/

*Republican-Candidates.org lists Michael Kinlaw as a presidential candidate, however his website, Facebook account, and Twitter account reference “Kinlaw 2016 Michael Kinlaw for U.S. Senate Colorado”

SSL Labs SSL report version 1.18.1

Connector

Two-pin SAE connector

Leave a comment

It took me about 10 minutes to find the name of this connector online:
20150525-sae-connector-image

Two-pin SAE connector

However, it goes by many different names and I was unable to locate an official specification.  If anyone can point me to the actual specification it would be much appreciated.

Applications:

Automotive, motorcycle, ATV, battery chargers, trailer wiring, solar panels, electrically heated clothing.

Other names used:

  • SAE quick connect or quick-connect
  • SAE 2 pin flat connector
  • Two-pin SAE connector
  • Two-Way Flat Connector SAE
  • SAE “quick-connect” 12V cable
  • S-S connector? (this last one was only listed on helpful.knobs-dials.com site)

Google Image search wasn’t able to identify the connector first using an image of the connector and cable nor was it able to using just the connector.  (Not that I was expecting it to be able to).  The visually similar images seem to have around 50% overlap.

20150525-sae-connector-cable-google-image-search

 

20150525-just-sae-connector-google-image-search

References:

Motorcycle Superstore – http://www.motorcycle-superstore.com/35207/i/exo2-sae-quick-connect-2-5mm-dc-socket-cable

Solarseller- http://www.solarseller.com/low_voltage_dc_pumps__lvm__teel__accessories__plugs_and_extensions.htm

Wikipedia – https://en.wikipedia.org/wiki/DC_connector#SAE_connector

helpful.knobs-dials.com – http://helpful.knobs-dials.com/index.php/Common_plugs_and_connectors#SAE_connector_.28S-S_connector.3F.29

Powerlet – http://www.powerlet.com/learningCenter/connectorGlossary

Google Patents – https://www.google.com/patents/US7033209?dq=7,033,209&hl=en&sa=X&ei=LlJjVZjvBsLIogT7u4KoDw&ved=0CB4Q6AEwAA

Broken Encryption

Your browser is still vulnerable to Logjam

Leave a comment

Currently, only Internet Explorer is safe from the Logjam vulnerability.

How to: Secure Chrome against Logjam

How to: Secure Firefox against Logjam

Browser/OS Windows OS X iOS Android
IE 11 Safe
(5/20/15 CW)
Safari Vulnerable
(5/20/15 CW)		 Vulnerable
(5/20/15 CW)
Chrome 43 Vulnerable
(5/25/15 SOT)		 Vulnerable
(5/20/15 CW)		 Vulnerable
(5/20/15 CW)		 Vulnerable
(5/20/15 CW)
Firefox 38 Vulnerable
(5/30/15 SOT)		 Vulnerable
(5/20/15 CW)		 Vulnerable
(5/20/15 CW)
Android browser Vulnerable
(5/20/15 CW)

This article builds upon the information in the Computerworld (CW) article published 5/20/15

Test your client (browser):

Patches / Safe Versions

5/12/15 – Microsoft patched IE 11 see MS15-055

5/22/15 – Mozilla released the “Disable DHE” add-on that “disables ephemeral Diffie-Hellman cipher suites that are vulnerable to the logjam attack” for Firefox versions 20.0 – 38.*

 

SOT Testing

5/25/15 – Firefox 38.0.1

20150525-firefox-38-0-1-up-to-date

20150525-ssllabs.com-ssl-client-test-logjam-firefox-38-vulnerable

2015052-ssllabs.com-manual-tetst-firefox-38-vulnerable

5/30/15 – Firefox 38.0.1 no updated release – still vulnerable

Additional information

Schannel – Secure Channel

SSL Test Report

Server TLS/SSL security of U.S. Cabinet Level Agencies’ Websites

Leave a comment

Last updated: December 20, 2015

The United States federal government mandated that all publicly accessible federal websites use a secure connection by December 31, 2016.  This page tracks the progress of U.S. Cabinet Level Agencies’ Websites along with other useful information.

Links to agencies on Pulse HTTPS the government’s public dashboard.  See all domains under the agency and their statuses

Timeline of Progress

  • December 4, 2015 – 34%
  • December 31, 2016 – 100% <- let’s see if that happens

Source: Pulse HTTPS

Previous reports

Report of SSL Labs Grades on May 25, 2015

Agency (alphabetical) Domain SSL Labs Server Test Grade (on 5/25/15)
Agriculture http://www.usda.gov/ Link No secure protocols supported
Commerce http://www.commerce.gov/ Link C
Defense http://www.defense.gov/ Link Certificate name mismatch
Education http://www.ed.gov/ Link C
Energy http://www.energy.gov/ Link No secure protocols supported
Health and Human Services http://www.hhs.gov/ Link  B
Homeland Security http://www.dhs.gov/ Link A- / C (Inconsistent server configuration)
Housing and Urban Development http://www.hud.gov/ Link No secure protocols supported
Interior http://www.doi.gov/ Link Certificate name mismatch
Justice http://www.justice.gov/ Link Certificate not valid for domain name / No secure protocols supported
Labor http://www.dol.gov/ Link B / C (Inconsistent server configuration)
State http://www.state.gov/ Link Certificate not valid for domain name / No secure protocols supported
Transportation http://www.dot.gov/ Link B
Treasury http://www.treasury.gov/ Link B / No secure protocols supported (Inconsistent server configuration)
Veterans Affairs http://www.va.gov/ Link T (C if trust issues are ignored)

Source: SSL Labs server test version: 1.18.1 performed on 5/25/15

 

References

Source: https://www.whitehouse.gov/administration/cabinet

License

Content from Qualys licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/).  No changes were made to the original content.

Original content on this page is available under a Creative Commons Attribution 3.0 Unported License (CC BY 3.0) https://creativecommons.org/licenses/by/3.0/. In other words, share generously but provide attribution.

Broken Encryption

The Logjam Attack

Leave a comment

Last updated: 12/15/15

Official website

https://weakdh.org/

Twitter hashtags

Vulnerability testing tools

Test your browser (client):

Test your server:

 

Vulnerable browser results

If your browser is vulnerable you will see:

weakdh.org Vulnerable web browser example

20150524-weakdh.org-vulnerable-browser
weakdh.org: Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser.

 

Qualys SSL Labs client test Vulnerable user agent example

20150524-ssllabs.com-ssl-client-test-logjam-vulnerability
ssllabs.com: Your user agent is vulnerable. Upgrade as soon as possible.

 

Qualys SSL Labs manual Logjam Vulnerability test Vulnerable example

20150524-ssllabs.com-vulnerable-user-agent
ssllabs.com: Your user agent is vulnerable to the Logjam attack

 

Vulnerable server results

If the server tested is vulnerable you will see:

weakdh.org Vulnerable server – uses a commonly-shared 1024-bit Diffie-Hellman group

20150524-weakdh.org-vulnerable-server
weakdh.org: Warning! This site uses a commonly-shared 1024-bit Diffie-Hellman group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.

 

Safe client results

If your browser is safe you will see:

weakdh.org Safe web browser

20150530-secure-firefox-logjam-step5
Good News! Your browser is safe against the Logjam attack.

 

Safe server results

Two examples of safe server results below:

weakdh.org Safe – uses 2048-bit Diffie-Hellman group

20150524-weakdh.org-safe-server
weakdh.org: Good News! This site uses strong (2048-bit or better) key exchange parameters and is safe from the Logjam attack.

 

weakdh.org Safe – does not use DHE

20150524-weakdh.org-whitehouse.gov-safe-server
weakdh.org: Good News! This site is safe from the Logjam attack. It supports ECDHE and does not use DHE.

 

Secure your browser and server

 

Logjam timeline

Upcoming

Interesting reads

 

Additional information

Terms (in order of appearance):

  • DHE – Ephemeral Diffie-Hellman (also commonly referred to as EDH)
  • ECDHE – Elliptic Curve Ephemeral Diffie-Hellman

Content licensing

Content from Qualys licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/).  No changes were made to the original content.

Creating this post

Jing was used for screenshots and WP Smush was used to remove PNG metadata.