• Content count

  • Joined

  • Last visited

Community Reputation

3 Neutral

About Sfor

  • Birthday

Profile Information

  • OS
    XP Pro x86
  • Country

Recent Profile Visitors

672 profile views
  1. According to my research the SMB vulnerability is related to remote procedure call over SMB. The Microsoft patch should solve the problem, but I wonder if there is a way to disable RPC over SMB, without losing the whole SMB.
  2. I have an opportunity to play a bit with an application Insert GT. It is capable of checking customer data within online goverment public database. The application developer provides such a service on it's own servers running Microsoft Azure. Yesterday the service connection stopped working in Windows XP. I tested the issue with both ProxHTTPSProxy and Burp Suite Free Edition. The service worked with both of them, but... The Insert GT does not use the system HTTPS proxy setting. I had to use the global proxy for all protocols for the application to use the proxy. As expected ProxHTTPSProxy did the job for https, but the http connections stopped working. In case of the Burp Suite Free Edition both http and https are working correctly.
  3. SMB (NetBios) does work without TCP/IP, as well. The problem is the Windows XP does not install it by default. So it is necesary to install the files by hand. So, it is possible to use SMB without TCP. The plain NetBios will not go trough the internet, as it is not possible to be be routed. That's why, back in the Windows 98 days I used to link the Microsoft Networking with just the NetBios leaving TCP/IP unlinked. Unluckily, Linux systems are unable to use SMB without TCP/IP. So, no connection to Linux SMB shares with just the NetBios. Still, having both NetBios and NetBios over TCP/IP linked to Microsoft Networking is a good thing to have, when DHCP server is down. Also I was not interested in NetBios without TCP/IP on newer than XP systems, so I do not know if Vista and 7 can use plain old NetBios without using TCP/IP. Im working with mixed Linux and Windows networks, so I lost my interest with windows 9x style NetBios years ago.
  4. I'll add my two cents, as well. I'm sticking with SystemRescueCD, Partimage and BackupPC. Advantages of Partimage: - free - can do bare bone recovery - does copy only used parts of partition, so the resulting image is small. The built in commpression makes it yet smaller. - does make a copy of the MBR, and is able to restore it. - copies can be made through network connection and stored on another computer Disadvantages of Partimage - it is not as simple to use as other tools With a bit of tweaking I made a PXE botable image of SystemRescueCD with network support. Now I can remotely power on a computer, boot a SystemRescueCD on it through PXE then make a copy, or restore a partition. So, I can make backups of workstations, while being at home. I know the FOG can do all that, and do it in a simpler and more automated way, but the FOG is not particulary convenient when dealing with FAT32 or multiple partitions. So, my solution is to manualy make copies of system partitions once a few months or less often, while the data are kept safe by BackupPC servers in a complete automated manner.
  5. Well, the IE proxy setting just for https was enough to solve the problem. It was not necesary to add the passtrough entry.
  6. But the IE does not connect to http://www.google.pl/ in such a case. With Proximitron in the middle, the http connection is redirected to https without problems, so there is no "Bad Request" message, then.
  7. It seems the ProxHTTPSProxyMII teamed with The Proximitron can add the TLS 1.2. I was able to confirm it with IE 8. While trying to get the thing working I noticed an interesting option in the The Proximitron version Naoko 4.5. In "config" - "HTTP" section there is "Use SSLeay/OpenSSL to filter secure pages (requires ssleay and libeay23 DLL files)". It seems there is option to filter the HTTPS without ProxHTTPSProxyMII. But, I was unable to provide The Proximitron with the DLL libraries it would be satisfied with. So, perhaps just The Proximitron could do the TLS 1.2 conversion.
  8. Well, I'm unable to install the Chrome 36, as it is always updating itself to 49. So, I can not test how it behaves with TLS. I think the first thing to test is if Chrome is able to work without schannel.dll. There is a chance, the Chrome prior to 37 does have it's own TLS support (without TLS 1.2, however). Without knowing that there is a chance of wrong understanding of what is going on with the Chrome and schannel.dll.
  9. Well, using the site https://www.ssllabs.com/ssltest/viewMyClient.html I found the both Firefox and Chrome are supporting TLS 1.2 with the schannel.dll provided with the XP. So, I strongly doubt the Chrome is using schannel.dll. So, replacing the file to the React OS version should not affect both Chrome and Firefox. On the other hand the ChromeSetup.exe does not work with the React OS schannel.dll. So, the Chrome setup does use the schannel.dll, after all.
  10. Unfortunately the applications I wish to test against TLS 1.2 support are not browsers. They are mostly goverment tax declaration form senders and managers. The goverment tax service will not work with just a browser, as the protocol is not user friendly. I did play a bit with schannel.dll. After replacing it with a file taken from Windows 7, the IE 8 stopped working with https, completely. There were no visible error messages, the IE just did not make any connection. ------------------------------------------------------- I did the same experiment with schannel.dll and mbedtls.dll from ReactOS. The result was almost the same as with Windows 7 schannel.dll file. The difference is, with some sites IE 8 crashes, with most of thei it does not connect. It seems the ReactOS is using mbed TLS 2.3.0 and schannel.dll is just a wrapper for mbedtls.dll. mbed TLS 2.3.0 should support the TLS 1.2. Another question is, if Microsoft added TLS 1.2 support with updates for Windows XP Embedded. If so, it would be logical to use them instead. Another task is testing if a particular application is gaining TLS 1.2 support. To do so it would be necesary to redirect connections to some other server. Well, redirecting to a different IP through DNS is a simple task, but I have no experience with HTTPS servers. I would be good to have a server with an ability to switch between TLS 1.0 and 1.2. On the other hand, perhaps it would be a better choice to use a proxy, instead. While using the original server, to switch on and off TLS 1.0 with the proxy. Yet another idea is to leave Windows TLS support as is, and to use a TLS 1.2 capable proxy to make the connection, instead.
  11. Well, since some sites (like Google Maps for an instance) are not giving all options to Windows XP users, I'm using masking agent with Windows XP and Firefox. So, my Internet activity adds to Windows 7 share. Im a bit curious, how many Windows XP users are masking their user agent strings. The Windows XP share could be bigger than expected, because of that. Recently, I encountered a problem which can significantly decease the Windows XP usefulness. The world wide TLS 1.0 to TLS 1.2 migration can affect many Windows XP based activities. The simple web browsing will be ok thanks to Firefox, because it has own system independent TLS implementation. But most of the Internet based utilities use the system support for TLS.
  12. More and more web sites are turning the TLS 1.0 off. There is no big deal with the web browsing, because the Firefox handles the TLS 1.2 just fine. But, some other applications will be affected. A nice example are the utilities made to send XML based electronic goverment declarations. The Polish goverment servers will turn off TLS 1.0 in the middle of 2017. I strongly doubt the utilities used to send the declarations do have own TLS 1.2 support as the Firefox does. The declarations can not be sent through the browser, so Firefox will not do. Is there a way to check if an application has it's own TLS support? Is there a way to add TLS 1.2 support to Windows XP?
  13. On the affected computer the Security center seems to be working correctly. But the "Change the way Security Center alerts me" link is disabled. How to get this link working? --------------------------- Oh, well. ComboFix did the job.
  14. The network connection status icon (the one with two computers and their screens flashing when the connection is active) is a valuable help, when there are problems with network connection. So, I'm always living it as always visible on my clients computers. In case of a problem, when I'm unable to access a particular computer remotely, I can always ask the user if everything is right with the icon. But, there is a downside. Sometimes users are mistaking the network connection icon with some other, shuting down the network connection by mistake. I'm trying to find out a way to keep the icon displayed, while disabling the possibility of shuting down the network connection with it. Perhaps it could be possible to replace the system icon with some other? Or, perhaps, it is possible to restrict the user rights, so it will be not possible for him to shut down the network connection?
  15. Thank you, very much. I was able to turn the "files with unknown extension" search option on. It was a bit difficult to find it, because the Microsoft article is in English, while my Windows is in Polish. After quite a while I was able to overcome the translation related difficulties. They hid this option well, indeed.