Current Stories
PermaLink SABnzbd 0.7.1808/20/2014 07:43 PM
Upgrade in de OTAP gedaan naar versie  0.7.18

Latest Version: 0.7.18 — Released: 06-JUL-2014

The Badkey Team

PermaLink CESA-2014:0981 Important CentOS 6 kernel Update08/20/2014 07:30 PM
We just upgraded OTAP to Centos 6.5 Kernel 2.6.32-431.23.3.el6
Thu Jul 31 19:57:06 UTC 2014

[CentOS-announce] CESA-2014:0981 Important CentOS 6 kernel Update

Image:Badkey Corner - CESA-2014:0981 Important CentOS 6 kernel Update

The Badkey Team

PermaLink Sophos UTM Up2Date 9.204020 package08/01/2014 04:39 PM
Image:Badkey Corner - Sophos UTM Up2Date 9.204020 package

We just did the upgrade. System Version:  Sophos UTM 9.204020

Sophos UTM Home Edition
Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached.
It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
The Sophos UTM Free Home Use firewall contains its own operating system and will overwrite all data on the computer during the installation process.
More @

· Bugfix Release
· Enhancement: WAF: Allow to configure connection timeout per backend
· Enhancement: WAF: Add "id" field to log lines
· Enhancement: SSL VPN: Log traffic volume on connection close

· System will be rebooted
· Configuration will be upgraded
· Connected Wifi APs will perform firmware upgrade
· Connected RED devices will perform firmware upgrade

22468 HTML5 iptables rule doesn't match for IPSec-routed hosts
24091 RED [RED10, RED50]: prevent RED50 from being deployed as RED10 and vice versa
24679 Rescan for Virus when releasing Quarantine Message
28973 [ALPHA] SPX: Attachment names character encoding error during PDF generation
29252 [BETA] Improve logging of SPX encryption
29446 [BETA] DLP: inconsistent dlp action identifier
30320 WiFi: Client list lacks some data for clients not seen for a long time
30640 Messages with reason "sender_blacklist" cannot be written to quarantine
31131 UTM525r5 declared as software after copper module replacement [9.2]
31174 Google Play store downloads should bypass the download patience page
31357 [SR] IPS Rule Age not available for Subnodes
31518 [9.2] Regression from V8: Recipient Verification against AD not working with LDAP-SSL
31536 If a Endpoint client with WebControl is behind a UTM it doesnt belong to or is no UTM managed Endpoint at all surfing gets slow
31560 NTP for offline provisioned REDs
31568 Winbind failed to accept socket - Too many open files [9.2]
31578 Avira Scanner can not scan pop3 mail, Error index out of bound [9.2]
31599 coredump of vpn-reporter due to not parsing the username correctly
31608 Websec reporting didn't work correctly after update to v9.201
31671 changing time steps of individual OTP tokens results in authentication failure
31691 Support IP address for SMC-Server
31696 Kernel panic after adding new Access Point
31750 Upload of exe files via waf results in segmentation fault of reverseproxy
31785 netselector does not write server sorted correctly
31792 selfmon too agressive about ctasd_inbound_mem_usage counter and ctasd_inbound_mem_usage counter
31837 kernel NULL pointer deref at nf_nat_setup_info+0x299/0x61f [nf_nat]
31878 Default exception for chrome updater/installer [9.2]
31889 Reduce exceptions for Firefox Update [9.2]
32010 Packetfilter rules are not visible in webadmin when IE is used and version 9.202 is installed
32067 Workaround for software updates/ downloads via download manager

More @

The Badkey Team

PermaLink FRITZ!OS: New Firmware 6.0505/29/2014 09:24 PM

A new FRITZ!OS 06.05 is available for your FRITZ!Box Fon WLAN 7360.
You are currently using FRITZ!OS version 06.04.

For information about the new features included in the new FRITZ!OS, go to:

New Features
  • Security: removes possibility for unauthorized access to FRITZ!Box. Please check for important information here:
  • added Dialplan for New Zealand
  • New with FRITZ!OS 6:
  • Wireless LAN Guest Access new as "private hotspot"
  • Ready for vectoring
  • Parental control with shared budget for multiple devices
  • Improved and expanded push services with automatic email notifications
  • New MyFRITZ! access to answering machine, Smart Home and FRITZ!NAS for mobile devices
  • Smart Home functionality now even more convenient and with more information
  • FRITZ!Fon with media player and much more
  • Easier VPN setup, optimized for iOS tablets and smartphones

Image:Badkey Corner - FRITZ!OS: New Firmware 6.05

Download FRITZ!OS 6.04 at:

PermaLink IBM Notes and the Heartbleed Bug.05/22/2014
IBM Notes & Domino are not vulnerable to OpenSSL "Heartbleed" bug (CVE-2014-0160)

The Heartbleed Bug
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."


Information is circulating describing a method called "Heartbleed," which exploits a vulnerability caused by a design error in OpenSSL. This technote provides confirmation that IBM Notes and Domino are not susceptible to the Heartbleed attack.

IBM Notes and Domino are not vulnerable to the Heartbleed bug because they do not use OpenSSL as the basis of the SSL stack in the products. Note that this includes both the Domino SSL stack as well as the TLS implementation supported by the IBM HTTP Server in 9.0. Notes Traveler is also not affected.

For more information on the Heartbleed bug, including a Q&A, go to

Related information
OpenSSL vulnerabilities do not apply to IHS
A simplified Chinese translation is available


The Badkey Team
PermaLink Update CentOS (Linux) Important SSL Security Vulnerability. Fix OpenSSL version 1.0.1g04/20/2014 11:54 PM

On Monday, April 7th 2014, an OpenSSL vulnerability was disclosed which has been called one of the worst security holes in recent internet history. The bug, called the Heartbleed bug, was introduced in OpenSSL version 1.0.1. It has been in the wild since March of 2012 and is patched with OpenSSL version 1.0.1g released on April 7th 2014. OpenSSL Severe Vulnerability in TLS Heartbeat Extension (CVE-2014-0160)

The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised. Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions. Important: openssl security update. RHSA-2014:0376-1

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

Read more on the Social Networks.

We'll show you how to update your systems with a secure version of OpenSSL, revoke any insecure SSL certificates, and test whether you are vulnerable or not.

Checking your Version Numbers. You should check your version of OpenSSL after you have updated your system.

While OpenSSL version 1.0.1g is the official fix of this problem, the version that fixes this for different distributions and releases may vary. Some releases and distributions patched their older versions to fix the problem, rather than releasing an entirely new version into an older, stable ecosystem. Because of this reason, it is best to check through your distribution's packaging system, since the openssl version command might not reflect the information we need.

CentOS and Fedora Releases and Fix Versions:
For CentOS and Fedora systems, you can query the version of the OpenSSL package installed on your system by typing:
rpm -q -a | grep "openssl"

You should receive output that looks like this:

For CentOS, here are the releases and the minimum versions of OpenSSL that must be applied to protect future SSL interactions. We will take the architecture off the end in our list:
CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
CentOS 6: openssl-1.0.1e-16.el6.5.7

CESA-2014:0376 Important CentOS 6 openssl Update

CentOS Errata and Security Advisory 2014:0376 Important
Upstream details at :

YUM Update:
openssl         x86_64  1.0.1e-16.el6_5.7            
kernel-firmware noarch  2.6.32-431.11.2.el6      


The Badkey Team
PermaLink Heartbleed Security Bug fixes for VMware04/20/2014 12:58 PM
19 April, 2014.

It seems to be patch Saturday as today a whole bunch of updates of products were released. All of these updates relate to the heartbleed security bug fix. There is no point in listing every single product as I assume you all know the VMware download page by now, but I do want to link the most commonly used for your convenience: Time to update, but before you do… if you are using NFS based storage make sure to read this first before jumping straight to vSphere 5.5 U1a!


The Badkey Team
PermaLink Sophos UTM Up2Date 9.201023 package04/11/2014 12:14 AM
We just did the upgrade.

System Version:  Sophos UTM 9.200-11

Official 9.2 GA Release - update from 9.200.  Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)

 Fix [28439]: vpn site2site overwiev is missing ipsec respondOnly connections
 Fix [28953]: Object Changelog PopUp can not be closed in IE9
 Fix [29356]: [BETA] RED50 reconnects all the time
 Fix [29419]: [BETA] Web Policy tester and http.log do not display modifications by local site list
 Fix [29501]: Transparent AD SSO conflicts with WAF (port 80)
 Fix [29748]: [BETA] changing OTP has no effect on WAF
 Fix [29843]: [BETA] Changing AV Scanners cause memory spikes in http proxy
 Fix [30389]: [BETA] http cache fills up partition
 Fix [30441]: [BETA] SPX encryption has higher priority than SMIME or PGP encryption
 Fix [30446]: [BETA] SPX: some characters in mail subject lead to broken subject in pdf
 Fix [30561]: [BETA] Username with \ is seen in sAMAccountName with \\
 Fix [30571]: Add option to disable OTP for Webadmin/SSH from front panel LCD of UTM appliance
 Fix [30637]: [BETA] Handling Filter actions used in multiple policies
 Fix [30701]: [BETA] SPX: labels of original message are not correctly encoded in spx reply
 Fix [30723]: RED 10 stops working while handling large packets
 Fix [30869]: [BETA] DLP: Region selector of "Sophos CCL Rules" doesn't show the first element
 Fix [30898]: OTP: Token may be created for wrong user if remote/local user differ in case
 Fix [30925]: SPX: character sets other than UTF-8 break PDF and portal
 Fix [30934]: Incorrect Certificate used during Transparent HTTPS
 Fix [30940]: Wireless: Some SSIDs are shown as HASH(...) in WebAdmin
 Fix [30945]: ATP Dashboard Link & Reporting Issue (72h not visible)
 Fix [30949]: smtp scanner dies in combination with SPX and regular email encryption
 Fix [30951]: Outgoing mails get quarantined as "UNSCANNABLE" although "Quarantine unscannable and encrypted content" is disabled
 Fix [31368]: CVE-2014-0160: TLS heartbeat read overrun [9.2]

RPM packages contained:

The Badkey Team
PermaLink Sophos UTM Firewall Release 9.204/04/2014
We just did an upgrade to Firmware version: 9.200-11 on VMware ESX.
Release notes: UTM 9.200 Soft-Released (02-26-2014) @

Update to 9.200:

Major Features:
• Web: New UI policy model
• Mail: SPX encryption support
• Mail: DLP support
• Network: Botnet/C&C traffic detection and blocking
• Network: Major IPS performance improvements
• Authentication: Dual-factor authentication with OATH TOTP
• WAF: Authentication support

Smaller Features:
• Web: AD SSO in transparent mode
• Web: Warn action
• Web: Transparent HTTPS filtering w/o full SSL scanning
• Web: URL categorization override
• Web: PUA blocking
• Web: Enhanced log search
• Web: Policy tester
• Web/Endpoint: Web Control for SEC-managed endpoints
• Endpoint: Proxy support for LiveConnect
• Wifi: Hotspot: Fully customizable login page
• Wifi: Hotspot: Fully customizable vouchers
• Wifi: Hotspot: New hotspot type with authentication against UTM/Backends
• RED: optional tunnel compression
• RED: RED50: improve LCD output
• RED: RED50: VLAN configuration for switch ports
• WAF: Extended threat filtering
• WAF: Fallback hosts
• WAF: HTTP to HTTPS redirection
• Network: Support more DynDNS providers

From  (2014-Mar-04 )

Dear customer, thank you in your interest in the Sophos virtual UTM appliance.

We have decided to discontinue to provide a dedicated pre-compiled virtual UTM machine for VMware due to the limitations and restrictions this had for our customers which used this virtual machine. No matter how we configure and pre-install that virtual UTM machine, there are always customers which need a kind of customization, and it's difficult to change some of these parameters on a already existing virtual machine belated. So we think that it makes more sense for all of the customers to install the UTM software with their personal configuration on their own instead of using a pre-compiled  virtual machine which is difficult to parametrize.

To be clear: the support of Sophos UTM for virtual platforms like VMware ESX, Microsoft HyperV or Citrix XEN has NOT been discontinued. Itīs just the fact that we donīt provide any more pre-installed pre-parametrized VMware machines. You are much more flexible in using our UTM solution by considering the following.

It is just a matter of some minutes to install you fully self-parametrized UTM in your virtual platform.

Please follow these steps:
- go to the same server you found this README.TXT, but from directory /UTM/v9/software_appliance/iso (don't use the files in directory smart_installer)
- download the ISO file you want to install (e.g. "asg-9.107-33.1.iso")
- create a new virtual machine in your virtualization   platform. customize it appropriate to your needs
- if asked for the type of your operating system, select "Linux 64 bit", "SUSE Linux Enterprise 11 64 bit" or similar
- as a rough guideline, we recommend at least: 2 CPUs (cores), 4 GB   RAM, 100 GB of disk space, and 2 NICs, 1 CDROM. For non-productive environments (evaluation/test machines), you can downsize of course
- it is no problem to add afterwards (also if the UTM already was running) CPUs, RAM, or NICs. It's not possible to resize the harddisks afterwards.
- for the NICs we recommend to use VMXNET3 drivers in VMware, or optionally E1000 drivers. DO NOT USE "FLEXIBLE" NICS  - it may lead to severe performance issues.
- mount the downloaded ISO file into the virtual CDROM

Now turn on your virtual machine and boot from the virtual CDROM. The UTM installer will come up. Go through the installer options and
screens and make the appropriate selections. If finished, the installation will begin.


After the installation has finished and the UTM is rebooted, you can access the system by connecting to the Webadmin port 4444 on the NIC and IP you configured during the installation.

Dutch: Sophos UTM 9.2

Virtual Security is trots om Sophos UTM 9.2 te mogen aankondigen.

De ontwikkelaars van Sophos hebben de laatste maanden hard gewerkt aan het maken van UTM 9.2 de grootste Sophos release tot nu toe. UTM 9.2 heeft een verbazingwekend aantal nieuwe mogelijkheden. Op dit moment is UTM 9.2 als Beta beschikbaar voor iedereen die deze nieuwe versie wil testen. Zoals altijd is deze UTM firewall voor thuisgebruikers gratis. Virtual Security heeft ook de mogelijkheid om voor bedrijven een trial licentie te verzorgen.

Hierbij een overzicht van de nieuwe mogelijkheden:
  • Advanced Threat Protection (APT)
Een van de nieuwe features voor UTM 9.2 is de toevoeging van Advanced Thread Protection (APT) door Sophos UTM te integreren met Sophos Labs de is de Sophos UTM op de hoogte van wereldwijd actieve botnets en de bijbehorende command & control sites. Een Command en Control Site is de besturingsserver van een botnet. Door verkeer naar deze site te blokkeren wordt de communicatie van het botnet platgelegd en zullen interne servers of clients hier niet actief aan deelnemen. Daarnaast rapporteert de Sophos UTM welke interne PC's of servers geinfecteerd zijn met botnet malware zodat er verdere actie ondernomen kan worden om deze te verwijderen. Bijvoorbeeld door Sophos UTM endpoint te installeren op deze pc's.
Deze feature is beschikbaar in de Network Protection subscriptie en in de Fullguard van de Sophos UTM
  • Intrusion Protection System (IPS) Snelheid.
De IPS functionaliteid van de Sophos UMT is na een grondige optimalisatie sterk verbeterd. Dit is gerealiseerd door algemene verbeteringen in het IPS systeem maar ook door UTM Hardware specifieke optimalisatie te implementeren. Daarnaast is er een "pattern aging systeem" toegevoegd zodat er geen performance verloren gaat aan oude IPS regels. Dit is naar wens te configureren.
  • One-Time Password (OTP) / Two-Factor Authentication (2FA)
Een nieuw systeem is geimplemnteerd om sterke authenticatie te ondersteunen met behulp van de Goolge Authenticatior. Hierdoor kunnen gebruikers onderandere met Sterke authenticatie aanloggen op de Webadmin, Userportal en VPN. Daarnaast is het mogelijk om tokens die gebruikmaken van OATH en TOTP te gebruiken.
  • Nieuwe gebruikers interface voor Web Protection. 
De gebruikers interface voor Web Protection is volledig vernieuwd. Het is nog eenvoudiger om policies te maken en toe te kennen en te veranderen. Het is nu ook mogelijk om op gebruikers niveau policies te gebruiken. Ook is het mogelijk om device authenticatie te gebruiken zodat Sophos webprotection nog krachtiger is toe te passen.
  • Transparente Mode with Active Directory Single Sign On Authenticatie.
Het is nu mogelijk om met Web Protection in transparente modus te gebruiken met Active Directory SSO. Hierdoor zijn er geen proxysettings nodig op de clients en dit geeft dezelfde voordelen als dat je normaal zou hebben als je AD single-sign gebruikt op een explicit proxy.
  • Reverse Authentication (Authentication Offloading) voor Web Server Protection. 
Een compleet nieuw authenticatie mechanisme is toegevoegd aan Web Server Protection welke gebruik kan maken van basic authenticatie en form-based authenticatie. Hierdoor is het mogelijk om gebruikers hier tegen te laten authenticeren en indien geautoriseerd door te sturen naar de desbetreffende server. Bijvoorbeeld een webserver of Microsoft OWA.
  • Live AV Lookups en Sandbox Execution via Sophos Labs (Catchy Name still in the Works!)
Als Web Protection met de Sophos AV engine enabled is is er een nieuwe mogelijkheid om de optie "live cloud checksum lookups from Sophos Labs" te gebruiken. Lookups die falen zullen gescanned worden door de AV Engine. Lookups die "schoon"bevonden zijn zullen lokaal niet worden gescanned waar door de AV scanning sneller is. File checsums die onbekend zijn bij het wereldwijde netwerk van Sophos labs zullen als sample worden aangeboden en zal een verdere analyse plaats vinden door de files in een Sandbox te starten en het gedrag te analyseren.
  • Fully Transparent HTTPS Filtering
De Sophos UTM kan nu URL filtering doen op HTTPS sites zonder gebruik te maken van de huidige man-in-middle “full” HTTPS scanning engine. Door gebruik te maken van SNI ( Server Name Indication ) wordt de URL (of IP als de URL niet beschikbaar is) uit de HTTPS session onttrokken en gecontroleerd tegen de URL database.  
  • SPX One-Way Message Encryption
Sophos UTM 9.2 ondersteund nu een richtings encryptie van email berichten naar ontvangers die niet in het bezit zijn van een vertrouwd encryptie systeem zoals de reeds gesupporte encryptie via PGP of s/Mime. Een nieuwe optie bij Mail Protection is “SPX Encryption”. Dit is een richting mail encryptie gebaseerd op Secure PDF eXchange (SPX). Gebruikers kunnen uitgaande berichten encrypteren welke vervolgens worden verpakt in een encrypted PDF welke kunnen worden gelezen door de ontvanger als ze het wachtwoord weten.
  • Data Leakage Protection (DLP)
Een nieuw systeem voor Data Leakage Protection is toegevoegd aan mail protection welke door e-mails en bijlagen scant naar data die het bedrijf niet mag verlaten. Het is mogelijk om op categorie te filteren per regio met parameters zoals creditcard, bankrekening, adressen, telefoonnummers en meer dan 200 andere parameters.
Naast bovenstaande veranderingen in Sophos UTM 9.2 zijn er ook nog een aantal kleinere wijzigingen. De volgende zaken zijn ook toegevoegd of verbeterd.
  • Google Application Control
  • Background Active Directory Synchronization Option
  • Enhanced Web Log Searching
  • Fully Customizable Wireless Hotspot Pages 
  • RED Tunnel Compression
  • Web Protection Policy Testing Tool.
  • Authentication Method by Device Type
  • Local Site Reclassification Listing
  • More Detailed HTTP Logging
  • Web Control Integration with Sophos Enterprise Console
  • Potentially Unwanted Application (PUA) Blocking
  • HTTPS End-User Block Pages
  • Multi-domain Active Directory user support
Kortom Sophos UTM 9.2 is de oplossing om Microsoft ISA server of Microsoft TMG te vervangen.


Image:Badkey Corner - Sophos UTM Firewall Release 9.2

The Badkey Team

Locations of visitors to this page
My World Travel (21%)
47 countries World66 Member
Domino Social Edition
StatCounter Statistics

View My Stats
Visitor Activity
StatCounter Came From
Crossware Mail Signature