• Content count

  • Joined

  • Last visited

  • Days Won


Mathwiz last won the day on January 10

Mathwiz had the most liked content!

Community Reputation

10 Good

About Mathwiz

  • Birthday

Profile Information

  • OS
  • Country
  1. Make sure you don't have any of these keys either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded (you said you removed this one already) HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES And make sure you've installed version 4.5 of the Windows Installer.
  2. I thought this thread was dead, but today, 2/14, I saw our old friend KB2952664 reappear in my update list. I guess it's been reissued? I hid it again, but it makes me wonder if M$ is going to make another push to get Win 7/8.1 users to upgrade to Win 10.
  3. I don't see any Win 7 updates today either, so it might be for all - or at least for more than just the POSReady systems.
  4. While you're there, scroll down a little further and make sure you have TLS 1.0 enabled (and preferably, SSL 2.0 and 3.0 disabled).
  5. That error dialog does not look like a root certificate issue to me. If it were, I'd expect the warning flag on the first line, not the third. To me it looks like a problem with the server configuration. That said, it could be that XP isn't handling new certificate extensions, so it thinks the certificate is invalid for the site even though it actually isn't. Have you downloaded the latest IE 6 updates? (You may need the POSReady '09 hack for this.) BTW, if at some point you want to upgrade from OE 6, I'd recommend Windows Live Mail. It's much more like OE 6 than the Outlook from MS Office, and it will import all your OE 6 mail and contacts. The 2009 version runs on XP, but you'll need the offline installer.
  6. Cryptography 1.7.2 is new. A check with my hex editor shows that it has been updated to OpenSSL 1.0.2k. So it looks like your package is up-to-date after all!
  7. OpenSSL version 1.0.2k has been released, which means there should be a new version of the Python cryptography package soon. The issues fixed in 1.0.2k are listed here. Luckily, nothing looks too serious to me, so folks using Heinoganda's packages (which include OpenSSL version 1.0.2j) probably don't need to worry about upgrading immediately.
  8. From the "Bulletproof TLS Newsletter #24:" IOW, for a Web form to be truly secure, both the transmission of the form to your browser and the transmission of the response back to the server must be done via HTTPS. Chrome 56 doesn't run on XP, but Firefox 51 does. The article doesn't specifically say if Firefox ESR 45 includes the new warning, although security fixes are normally included in the ESR updates. New security warnings like this are one reason to stay up-to-date with your browser if/when feasible.
  9. I'm all for blocking known bad Web sites, and you can find a simple tool for doing so here: But bad sites aren't the only risk to your security online. These days, you could be compromised quite easily by a MITM attack from someone at your ISP. Blocking bad sites will do nothing to prevent that. And no one is trusting that "all" vulnerabilities have been found, by M$, OpenSSL, or anyone else. But "known" vulnerabilities should still be taken care of, especially when it can be done quickly and easily. If you're still using IE 8, I'd put installing the POSReady '09 fixes for it, followed by disabling known-to-be-weak cryptography via the registry, in that category. These are not mutually exclusive ideas. Of course you shouldn't tempt fate by driving through bad neighborhoods, but if your key-less entry system has a known weakness, you shouldn't use your superior discretion in route choice as an excuse to ignore the manufacturer's recall notice. Criminals have been known to work in "nice" neighborhoods too.
  10. The main security weaknesses of (unpatched) IE8 and earlier on XP come from its use of older algorithms that now have known weaknesses. If you wish to use IE8 on XP, I strongly recommend installing POSReady '09 updates, then disabling the older, weaker encryption and hash algorithms: You should also disable SSL 2.0 and SSL 3.0 in Internet Options / Advanced / Security. Enable only TLS 1.0. To use the newer, more secure TLS 1.1 or 1.2 protocols with IE 8, you'll need to install a TLS proxy like ProxHTTPSProxy.
  11. Make sure IE isn't set to use the Proxomitron (localhost / 8080) for http connections. It has to get through on http in order to receive the redirect to https. Also, try Heinoganda's ProxHTTPSProxy version (with the updated Python cryptography package); otherwise you'll probably get a 417 error when redirects you to https (unless you have in your SSL Pass-Thru section).
  12. Well, I tried to deinstall the previous version, but naturally, that didn't work either. I got some error message about the installer patch package being invalid! I've had that sort of thing happen before, so I resorted to the "Windows Install Clean Up" tool and did a rogue deinstall. Then installing the current version worked! I hate "installer hell," but at least it seems to be correctly installed now.
  13. That version of Silverlight fails to install on mine:
  14. 1. I should point out it's rather easy to use ProxHTTPSProxy without the Proxomitron: just change the line ProxAddr = http://localhost:8080 to ProxAddr = http://localhost:8081 ... so its front server connects directly to its rear server without trying to go through the Proxomitron. 2. I finally figured out which OpenSSL version is included in the standalone (.exe) version of ProxHTTPSProxy. It's OpenSSL 1.02a. As luck would have it, the Logjam vulnerability was fixed in the very next release (1.02b), so the .exe version is indeed vulnerable to that attack (the message from isn't a false alarm). 3. If you install Python along with all the packages needed to run the Python version of ProxHTTPSProxy, the "cryptography" package will come along for the ride at some point. Turns out it includes OpenSSL 1.02j, so you don't actually need to install OpenSSL for either the .exe or the Python version! The developers of the cryptography package have promised to update it whenever OpenSSL updates their product, so you should upgrade the cryptography package whenever that happens to stay on the most current OpenSSL version. I believe the command to do that is pip install -U cryptography from an XP command prompt. (This assumes Python is in your path.)
  15. Heinoganda's certificate update tool downloads the latest root certificates into the Windows XP certificate store (used by IE and Chrome). It's a good idea to run it every month or so, since these don't get updated by the POSReady '09 hack. Other browsers such as FF have their own root certificate stores that won't be updated by his tool. Note that the XP certificate store doesn't support certificates signed by the ECDSA algorithm - one of the reasons we needed a workaround for web sites using these. ProxHTTPSProxy stores its root certificates in a file called cacerts.pem (for folks using it as a workaround for outdated security in their browsers).