Current Stories
PermaLink Badkey migration to Google Apps10/01/2014 11:43 PM

During 16 February 2014 Badkey started Domino 9, now Badkey is running IBM Notes and Domino 9 64 bit.

Image:Badkey Corner - Badkey migration to Google Apps

We have to move to the next stage "Go to Google Apps".
Image:Badkey Corner - Badkey migration to Google Apps

I still have 2 mailboxes that I have to move to Google.

Yep 2 NSF files ,
Image:Badkey Corner - Badkey migration to Google AppsandImage:Badkey Corner - Badkey migration to Google Apps

What migration can I use ?  Please e-mail me for a solution at: willemsej@gmail.com

The Badkey Team
http://nl.linkedin.com/in/willemsej

Technorati:
PermaLink Sophos UTM 9.206-35 Up2Date 9.206035 package09/12/2014 10:16 PM
 
Firmware version: 9.206-35

We just did the upgrade in the OTAP.

Image:Badkey Corner - Sophos UTM 9.206-35 Up2Date 9.206035 package

UTM Up2Date 9.206 Released. 10-09-2014 / Eric Bégoc        
http://blogs.sophos.com/tag/up2date/

Up2Date 9.206035 package description:

Remarks:
 System will be rebooted
 Configuration will be upgraded
 Connected RED devices will perform firmware upgrade
 Connected Wifi APs will perform firmware upgrade

News:
 Bugfix Release
 Enhancement: Web filter allows to define exceptions based on User Agent
 Enhancement: SMC Wifi synchronisation also syncs PSK

Bugfixes:
 Fix [21170]: Exchange 2010 OWA notifications don't work
 Fix [24360]: improve handling of rpmdb corruptions
 Fix [24556]: SAVI engine scan failed: Unknown SAVI error [0x80040237]
 Fix [26721]: WiFi: Sometimes syslogd on AP is not running after AP booted up
 Fix [27774]: Remote access reporting shows incorrect information about duration of vpn user
 Fix [27861]: 3G USB modem intermittently not assigned after reboot
 Fix [29030]: Prevent ulogd coredumps in case of database issues
 Fix [29141]: Input username is not updated to directory notation in case of custom user name attribute
 Fix [30695]: Hostnames with utf-8 characters are not shown in PDF executive report
 Fix [30863]: PIM SM does not work between two networks
 Fix [30883]: Graphs in Executive Report are only shown if "Daily executive report" option is enabled
 Fix [31252]: UMTS failover doesn't work after HA takeover
 Fix [31309]: Make httpproxy more tolerant to invalid Content-Length value from Server
 Fix [31320]: httpproxy coredumps during shutdown time
 Fix [31392]: [SR] Saving blacklist/whitelist fails in User Portal
 Fix [31530]: ulogd coredump caused by an error message from postgreSQL "integer out of range"
 Fix [31582]: Mails stuck in work queue due to duplicate key value violates unique constraint "primary_m"
 Fix [31644]: Segmentation fault in serve_local_file from /usr/lib/libglib-2.0.so.0
 Fix [31671]: changing time steps of individual OTP tokens results in authentication failure
 Fix [31784]: smtpd is restarting and creates coredumps in 9.201
 Fix [31806]: dhcpd not started after up2date
 Fix [31812]: Extended information from web security reporting results table shows nothing
 Fix [31835]: It's not possible to send automatic backups if INFO-011 is disabled
 Fix [31895]: smtpd causes high disk I/O after update to 9.2
 Fix [31907]: mails with attachments are causing scanner timeout or deadlock
 Fix [32008]: Using lag interfaces in a bridge setup is not reboot save
 Fix [32019]: Japanese double byte text in "Device Specific Text" of notification mail broken
 Fix [32027]: Packetfilter rules numbering in webadmin and livelog doesn't match
 Fix [32043]: IPsec Auto-Packetfilter rules depolyed by SUM (4.2) again and again
 Fix [32108]: Country blocking exceptions with empty country doesn't work if destination is local to UTM
 Fix [32126]: The SMC connection test didn't work before applying the configuration
 Fix [32127]: smtpd dieing without Coredump
 Fix [32129]: RED: rewrite cert files after cert change
 Fix [32150]: confd sync daemon runnnig on slave node
 Fix [32165]: Don't allow usage of disabled interface in user portal
 Fix [32180]: smtp connection is lost during unnecessary config reload
 Fix [32183]: RED10: potentially no reboot after firmware update
 Fix [32214]: System freeze using uplink balancing and IPsec bind to interface
 Fix [32236]: bounced spx encrypted mail is shown as delivered
 Fix [32252]: Installer breaks formatting in 70-persistent-net.rules
 Fix [32254]: Master shows slave device name as "unknown"
 Fix [32376]: Problems with form reverse authentication in reverseproxy for OWA / ActiveSync
 Fix [32378]: Reset Adapter and Hardware unit hang after update to v9.204 for intel ethernet controller 82579LM Gigabit Network Connection
 Fix [32387]: Change snort links to vendor homepage [9.2]
 Fix [32393]: Denial of service in mod_deflate's request body decompression (CVE-2014-0118)
 Fix [32401]: dhcp option 43 , scope server is not working on one system
 Fix [32412]: Sync WiFi preshared keys to SMC
 Fix [32519]: vpn-reporter.pl segfault in libc-2.11.3.so
 Fix [32539]: The default "nf_conntrack_max" value is too low for new SG550/SG650 series.

RPM packages contained:
 libconan-2.0.1-0.174663526.gd57887d.i686.rpm      
 libsaviglue-9.20-11.g8616c8a.i686.rpm            
 ImageMagick-6.8.9.4-1.5.gda7f96d.i686.rpm        
 client-iphone-9.20-3.g06e86a1.noarch.rpm          
 cm-nextgen-agent-9.20-39.gae70983.i686.rpm        
 modauthnzaua-9.20-147.gdc35ed6.i686.rpm          
 modsecurity2-2.7.4-18.g63c379a.i686.rpm          
 modwafexceptions-9.20-138.g8f290a2.i686.rpm      
 perf-tools-3.8.13.27-0.173454012.g3d22934.i686.rpm
 red-firmware2-3056-0.g3321e26.noarch.rpm          
 ulogd-2.1.0-97.g6d0b0d0.i686.rpm                  
 usb-modeswitch-1.2.5-16.gfac1549.i686.rpm        
 ep-reporting-9.20-61.g0c480b7.i686.rpm            
 ep-reporting-c-9.20-40.g8980b03.i686.rpm          
 ep-reporting-resources-9.20-61.g0c480b7.i686.rpm  
 ep-aua-9.20-62.g28f223c.i686.rpm                  
 ep-branding-ASG-afg-9.20-17.g30e663e.noarch.rpm  
 ep-branding-ASG-ang-9.20-17.g30e663e.noarch.rpm  
 ep-branding-ASG-asg-9.20-17.g30e663e.noarch.rpm  
 ep-branding-ASG-atg-9.20-17.g30e663e.noarch.rpm  
 ep-branding-ASG-aug-9.20-17.g30e663e.noarch.rpm  
 ep-confd-9.20-544.gdc7c8e8.i686.rpm              
 ep-confd-tools-9.20-487.g2f3d767.i686.rpm        
 ep-ha-confd-9.20-8.ga1a73b6.i686.rpm              
 ep-ha-daemon-9.20-21.g87ad643.i686.rpm            
 ep-hardware-9.20-50.g2b687a1.i686.rpm            
 ep-hotspot-web-9.20-20.gc3f19db.i686.rpm          
 ep-init-9.20-17.g82b6e7b.noarch.rpm              
 ep-libs-9.20-67.g75dc535.i686.rpm                
 ep-localization-afg-9.20-17.gee7006b.i686.rpm    
 ep-localization-ang-9.20-17.gee7006b.i686.rpm    
 ep-localization-asg-9.20-17.gee7006b.i686.rpm    
 ep-localization-atg-9.20-17.gee7006b.i686.rpm    
 ep-localization-aug-9.20-17.gee7006b.i686.rpm    
 ep-mdw-9.20-350.g9b098d9.i686.rpm                
 ep-notifier-9.20-5.gdee5936.i686.rpm              
 ep-raidtools-9.20-55.g301eee3.i686.rpm            
 ep-red-9.20-28.gb32c7fe.i686.rpm                  
 ep-screenmgr-9.20-16.gd855eff.rb1.i686.rpm        
 ep-sms-client-9.20-0.170522457.ga5e8c48.i686.rpm  
 ep-tools-9.20-14.g2c6c151.i686.rpm                
 ep-up2date-9.20-4.g8c4ff3e.i686.rpm              
 ep-up2date-downloader-9.20-4.g8c4ff3e.i686.rpm    
 ep-up2date-pattern-install-9.20-4.g8c4ff3e.i686.rpm
 ep-up2date-system-install-9.20-4.g8c4ff3e.i686.rpm
 ep-webadmin-9.20-554.g7f98816.i686.rpm            
 ep-webadmin-contentmanager-9.20-61.gcf1fbcc.i686.rpm
 ep-wireless-firmware-5029-0.gd31ef55.i586.rpm    
 ep-chroot-dhcps-9.20-4.g266d5fe.noarch.rpm        
 ep-chroot-smtp-9.20-187.g0d7e2a9.i686.rpm        
 ep-chroot-xorp-9.20-2.gd893fe9.noarch.rpm        
 chroot-httpd-2.4.4-27.g036ff2e.i686.rpm          
 chroot-ppp-2.4.6-8.g076996f.i686.rpm              
 chroot-pppoe-2.4.6-8.g076996f.i686.rpm            
 chroot-reverseproxy-2.4.4-356.gb4faa92.i686.rpm  
 chroot-xorp-9.20-6.g9dc6921.i686.rpm              
 ep-httpproxy-9.20-176.gfeae029.i686.rpm          
 kernel-smp-3.8.13.27-0.173454012.g3d22934.i686.rpm
 kernel-smp64-3.8.13.27-0.173454012.g3d22934.x86_64.rpm
 ep-release-9.206-35.noarch.rpm                    

The Badkey Team
https://www.linkedin.com/in/willemsej
Technorati:
PermaLink SABnzbd 0.7.1808/20/2014 07:43 PM
Upgrade in de OTAP gedaan naar versie  0.7.18

Latest Version: 0.7.18 — Released: 06-JUL-2014
http://sabnzbd.org

The Badkey Team
http://beknown.com/john-willemse

Technorati:
PermaLink CESA-2014:0981 Important CentOS 6 kernel Update08/20/2014 07:30 PM
We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.23.3.el6
Thu Jul 31 19:57:06 UTC 2014

[CentOS-announce] CESA-2014:0981 Important CentOS 6 kernel Update
http://lists.centos.org/pipermail/centos-announce/2014-July/020458.html


Image:Badkey Corner - CESA-2014:0981 Important CentOS 6 kernel Update

The Badkey Team
http://beknown.com/john-willemse

Technorati:
PermaLink Sophos UTM Up2Date 9.204020 package08/01/2014 04:39 PM
 
Image:Badkey Corner - Sophos UTM Up2Date 9.204020 package

We just did the upgrade. System Version:  Sophos UTM 9.204020

Sophos UTM Home Edition
Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached.
It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process.
More @ http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

News
ˇ Bugfix Release
ˇ Enhancement: WAF: Allow to configure connection timeout per backend
ˇ Enhancement: WAF: Add "id" field to log lines
ˇ Enhancement: SSL VPN: Log traffic volume on connection close

Remarks
ˇ System will be rebooted
ˇ Configuration will be upgraded
ˇ Connected Wifi APs will perform firmware upgrade
ˇ Connected RED devices will perform firmware upgrade

Bugfixes
22468 HTML5 iptables rule doesn't match for IPSec-routed hosts
24091 RED [RED10, RED50]: prevent RED50 from being deployed as RED10 and vice versa
24679 Rescan for Virus when releasing Quarantine Message
28973 [ALPHA] SPX: Attachment names character encoding error during PDF generation
29252 [BETA] Improve logging of SPX encryption
29446 [BETA] DLP: inconsistent dlp action identifier
30320 WiFi: Client list lacks some data for clients not seen for a long time
30640 Messages with reason "sender_blacklist" cannot be written to quarantine
31131 UTM525r5 declared as software after copper module replacement [9.2]
31174 Google Play store downloads should bypass the download patience page
31357 [SR] IPS Rule Age not available for Subnodes
31518 [9.2] Regression from V8: Recipient Verification against AD not working with LDAP-SSL
31536 If a Endpoint client with WebControl is behind a UTM it doesnt belong to or is no UTM managed Endpoint at all surfing gets slow
31560 NTP for offline provisioned REDs
31568 Winbind failed to accept socket - Too many open files [9.2]
31578 Avira Scanner can not scan pop3 mail, Error index out of bound [9.2]
31599 coredump of vpn-reporter due to not parsing the username correctly
31608 Websec reporting didn't work correctly after update to v9.201
31671 changing time steps of individual OTP tokens results in authentication failure
31691 Support IP address for SMC-Server
31696 Kernel panic after adding new Access Point
31750 Upload of exe files via waf results in segmentation fault of reverseproxy
31785 netselector does not write server sorted correctly
31792 selfmon too agressive about ctasd_inbound_mem_usage counter and ctasd_inbound_mem_usage counter
31837 kernel NULL pointer deref at nf_nat_setup_info+0x299/0x61f [nf_nat]
31878 Default exception for chrome updater/installer [9.2]
31889 Reduce exceptions for Firefox Update [9.2]
32010 Packetfilter rules are not visible in webadmin when IE is used and version 9.202 is installed
32067 Workaround for software updates/ downloads via download manager

More @https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/52975-utm-9-204-soft-release.html

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse

Technorati:
PermaLink FRITZ!OS: New Firmware 6.0505/29/2014 09:24 PM
 



A new FRITZ!OS 06.05 is available for your FRITZ!Box Fon WLAN 7360.
You are currently using FRITZ!OS version 06.04.

For information about the new features included in the new FRITZ!OS, go to:

ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7360_v2/firmware/english/info.txt


New Features
  • Security: removes possibility for unauthorized access to FRITZ!Box. Please check for important information here: http://www.avm.de/en/Sicherheit
  • added Dialplan for New Zealand
  • New with FRITZ!OS 6:
  • Wireless LAN Guest Access new as "private hotspot"
  • Ready for vectoring
  • Parental control with shared budget for multiple devices
  • Improved and expanded push services with automatic email notifications
  • New MyFRITZ! access to answering machine, Smart Home and FRITZ!NAS for mobile devices
  • Smart Home functionality now even more convenient and with more information
  • FRITZ!Fon with media player and much more
  • Easier VPN setup, optimized for iOS tablets and smartphones



Image:Badkey Corner - FRITZ!OS: New Firmware 6.05

Download FRITZ!OS 6.04 at:
ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7360_v2/firmware/english/


Technorati:
PermaLink IBM Notes and the Heartbleed Bug.05/22/2014
 
 
IBM Notes & Domino are not vulnerable to OpenSSL "Heartbleed" bug (CVE-2014-0160)

The Heartbleed Bug
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

More @heartbleed.com

Abstract
Information is circulating describing a method called "Heartbleed," which exploits a vulnerability caused by a design error in OpenSSL. This technote provides confirmation that IBM Notes and Domino are not susceptible to the Heartbleed attack.

Content
IBM Notes and Domino are not vulnerable to the Heartbleed bug because they do not use OpenSSL as the basis of the SSL stack in the products. Note that this includes both the Domino SSL stack as well as the TLS implementation supported by the IBM HTTP Server in 9.0. Notes Traveler is also not affected.

For more information on the Heartbleed bug, including a Q&A, go to
http://www.heartbleed.com.

Related information
CVE-2014-0160
OpenSSL vulnerabilities do not apply to IHS
A simplified Chinese translation is available

More @ibm.com/support/docview.wss?uid=swg21669782

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g04/20/2014 11:54 PM
 



On Monday, April 7th 2014, an OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild since March of 2012 and is patched with OpenSSL version 1.0.1g released on April 7th 2014. OpenSSL Severe Vulnerability in TLS Heartbeat Extension (CVE-2014-0160)

The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised. Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions. Important: openssl security update. RHSA-2014:0376-1

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

Read more on the Social Networks. http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

We'll show you how to update your systems with a secure version of OpenSSL, revoke any insecure SSL certificates, and test whether you are vulnerable or not.

Checking your Version Numbers. You should check your version of OpenSSL after you have updated your system.

While OpenSSL version 1.0.1g is the official fix of this problem, the version that fixes this for different distributions and releases may vary. Some releases and distributions patched their older versions to fix the problem, rather than releasing an entirely new version into an older, stable ecosystem. Because of this reason, it is best to check through your distribution's packaging system, since the openssl version command might not reflect the information we need.

CentOS and Fedora Releases and Fix Versions:
For CentOS and Fedora systems, you can query the version of the OpenSSL package installed on your system by typing:
rpm -q -a | grep "openssl"

You should receive output that looks like this:
openssl-1.0.1e-16.el6_5.7.x86_64

For CentOS, here are the releases and the minimum versions of OpenSSL that must be applied to protect future SSL interactions. We will take the architecture off the end in our list:
CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
CentOS 6: openssl-1.0.1e-16.el6.5.7

CESA-2014:0376 Important CentOS 6 openssl Update
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

CentOS Errata and Security Advisory 2014:0376 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html

YUM Update:
openssl         x86_64  1.0.1e-16.el6_5.7            
kernel-firmware noarch  2.6.32-431.11.2.el6      

More @digitalocean.com

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
PermaLink Heartbleed Security Bug fixes for VMware04/20/2014 12:58 PM
19 April, 2014.

It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience: Time to update, but before you do… if you are using NFS based storage make sure to read this first before jumping straight to vSphere 5.5 U1a!

More @yellow-bricks.com

The Badkey Team
http://beknown.com/john-willemse
http://planetlotus.org/profiles/john-willemse
Technorati:
ClustrMaps
Locations of visitors to this page
My World Travel (21%)
world66.gif
47 countries World66 Member
Domino Social Edition
StatCounter Statistics

View My Stats
Visitor Activity
Planetlotus.org
StatCounter Came From
Crossware Mail Signature
Twitter