Jan 13, 2020

Cisco Finesse Cannot Authenticate With The Notification Service

I love waking up in the morning extra early, and hearing the lovely sound of my IM client at my computer (I work from home). It usually means that something is broken for someone. Well, this morning was no different. I got a message from one of my company's client support folks saying that she couldn't get into the Cisco Finesse phone queue, and that she was getting an error saying that it failed to load workflows.

When I tried logging in myself, I was greeted with a much different message. I got a message saying:

Cisco Finesse
Cannot authenticate with the notification service. There may be a configuration mismatch. Please contact your administrator.


Well shit... That's no good...

Anyway, I decided to try logging into Cisco Unified CCX Administration. When I logged in there I was greeted with a different message. This one said:

The Cisco JTAPI Client versions are inconsistent. Please go to Cisco JTAPI Resync in the Unified CM Telephony Subsystem to install the Cisco JTAPI Client.


Well shit... That's no good...

So I decided to follow instructions. From within Cisco Unified CCX Administration I went to Subsystem > Cisco Unified CM Telephony > Cisco JTAPI Resync. Then clicked OK when prompted.


After that I got another message saying:

For changes to take effect, please restart the Cisco Unified CCX Engine.

In order to do that, I had to go into Cisco Unified CCX Serviceability. Once in there I had to browse to Tools > Control Center - Network Services.


Once in there I had to find Cisco Unified CCX Engine service and restart it. Once that was done, I restarted the Cisco Finesse Tomcat service as well. After that users were able to login to the call queues again!

These last two services have to be restarted from an SSH terminal using the following commands:
  • utils service stop Cisco Unified CCX Engine
  • utils service stop Cisco Finesse Tomcat
  • utils service start Cisco Unified CCX Engine
  • utils service start Cisco Finesse Tomcat
Did this post help you out? Let us know in the comments!

Dec 16, 2019

How To Disable Weak CBC SSL Ciphers in Nginx

I'm always looking for ways to improve my encryption settings on my personal email server. I'm constantly checking SSL Labs to see how my configuration stacks up. For a little while now they have been complaining that I use weak CBC ciphers still in TLS 1.2. However, since they have continued to give me an A+ rating I didn't really care until today.

I decided to fix it by disabling those ciphers, and it's actually pretty easy. The answer on how to do it comes from user imgx64 on Stack Exchange in this thread where he says all you have to do is add a couple of extra items near the end of your ssl_ciphers portion of your ssl.tmpl config file in Nginx:
You can use !SHA1:!SHA256:!SHA384 to disable all CBC mode ciphers. There are some non-CBC false positives that will also be disabled (RC4, NULL), but you probably also want to disable them anyway. 
Note that while GCM and CHACHA20 ciphers have SHA* in their name, they're not disabled because they use their own MAC algorithm. The SHA* in their name is for the PRF, not the MAC
I changed my ssl_ciphers string from:

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!DSS:!aNULL;


To:

ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!SHA1:!SHA256:!SHA384:!DSS:!aNULL;

After I made that change and restarted the Nginx service my SSL Labs report went from this:



To:


Simple right? Did this help you out? Let us know in the comments!

Dec 4, 2019

SSL Labs Error: Chain Issues Incorrect order, Contains anchor

An issue came up the other day that frankly really isn't an issue. We had a client at my day job (that shall not be named) that ran an SSL Labs test against one of our sites and it came back with this message regarding the chain certificates:

Chain Issues Incorrect order, Contains anchor
I say this really isn't an issue because according to this forum thread from Qualsis, it really is just informational. Ivan Ristic said:
...It's not an issue in the sense that the anchor is not allowed, but that the extra certificate (which serves no purpose) is increasing the handshake latency. Some people care about that, which is why provide the information in the test.
The solution is relatively easy if you are running an Nginx or Apache server, just don't include the root (aka anchor) certificate in your web configs, and only include the intermediate cert.

My problem was a little more complex because we use Imperva's Incapsula CDN/WAF service, so in order to upload a custom certificate you need to import a PFX file. If you export the PFX file from a Windows server, it typically includes all certificates in the chain.

If you opt to not include all certificates in the chain when exporting, then import that to Incapsula, then SSL Labs will cap your grade to a B because you are missing the chain certs... Kind of no win theater situation.

The solution? First you need to have OpenSSL installed in Windows, or you can do this on a Linux box. Do the following:
  • Export your certificate to PFX format and don't include the chain certificates. 
  • Export your intermediate certificate in x509 format separately. Name the file intermediate.cer
  • Put both files in a folder then run the following from a command prompt or Linux terminal in the directory containing your files:
openssl pkcs12 -in <domainname>.pfx -clcerts -nokeys -out <domainname>.crt
openssl pkcs12 -in <domainname>.pfx -nocerts -nodes -out <domainname>.key
openssl pkcs12 -export -out <domainname>_new.pfx -inkey <domainname>.key -in <domainname>.crt -certfile intermediate.cer

Be sure to replace <domainname> with whatever your original PFX file's name. You will be prompted for your export password after each command.

After this is done, you can import your <domainname>_new.pfx file to Imperva's Incapsula service (Or whatever load balancer/SSL offload device your using) and re-run your SSL Labs scan. Boom! The issue will be gone!


Like I said above, all of this is kind of unnecessary. Your website will work fine and not be any less secure if you have the root/anchor certificate in your chain. Still, if you are a stickler for details, or you have clients that want it done, now you know how to do it.

Did you have to do something different to fix your issue? Did this help? Let us know in the comments!

Nov 18, 2019

Blockchain In Mobile Application Market (Infographic)

When someone mentions Blockchain, the first that that comes to mind for most people is cryptocurrency. Did you know that there are plenty of other use cases for Blockchain technology though?

Blockchain offers immense speed and highly-secured features, which is idea for banking, real estate and mobile applications!

Speaking of the latter, here is an interesting infographic we found for Blockchain in the Mobile Application Market!



Nov 11, 2019

How To Setup A L2TP/SSTP Client Access RRaS Server In Azure

Some of us still haven't outgrown the use of Microsoft RRaS as a VPN server. Why should we? It is simple to setup, easy to configure and just plain works!

The other day I decided to setup a RRaS server in Azure to replace an old one we had on premise. It turns out that RRaS isn't officially supported in Azure, but that isn't going to stop us is it?

The reason it apparently isn't supported is because of how routing is configured in Azure. At least, that's the Cliffs Notes version I gathered. I read an article from Richard Hicks that says that you can make it work by enabling IP forwarding on your RRaS VM, then adding a routing table to your vnet to make it work. He's half right, you should enable IP forwarding on your VM's NIC like this:




You'll also want to allow ports 443, 1701, 500 and 4500 to your VPN server in your Network Security Group:



That being said, the rest is easy!

  • Install the Remote Access role, and select Direct Access and VPN (RAS) and Routing.




  • After the install, run the getting started wizard and select the Deploy VPN only option (Unless you need direct access, but that is outside the scope of this post)
  • When you open the RRaS console, right click your server name and select Configure and Enable Routing and Remote Access.
  • Click Next, then select Custom Configuration (Since we're setting this up with a single NIC host)


  • Next select all options, then click Next again and follow the rest of the prompts to install RRaS. 


Now you're ready to configure everything. The only two things you need to know about setting up RRaS in Azure:

  1. You can't point RRaS to an internal DHCP server in Azure, and you can't point RRaS to Azure's DHCP services, so you have to assign IP's from a static address pool in the IPv4 tab under your RRaS server properties. This IP range can't be one that exists in Azure, or matches the host that you're using as your RRaS server.

  2. Since we're not using a custom routes, we need to configure NAT by adding both the Ethernet interface and the internal interface under NAT in the RRaS console.


The Ethernet properties should look like this under NAT:


The Internal interface properties should look like this:


After that, configure your SSL certificate, authentication, etc the way you normally would for RRaS. You'll find that this method is pretty easy and works pretty well. With the NAT setup, you are translating your static pool of RRaS addresses to the network interface of the Azure VM, so you don't have to worry about routes!

I originally setup the route table method way without NAT that was suggested in Richard Hick's post, but when I connected with my client, I couldn't access the internet. In order to access the internet through the VPN tunnel, I had to enable NAT. With NAT enabled, you don't need the routes! 

Did this post help you out? Did you did it a different way? Let us know in the comments!

Oct 21, 2019

How To Hack A Local Windows Password Offline With CHNTPW Live CD/USB


Many moons ago I used to make my own custom version of Ubuntu called Bauer-Puntu that had lots of useful tools already built in. One of the tools I would always install was an offline Windows password rest tool called chntpw.

I once made an awful how to video about using Bauer-Puntu and chntpw. You can watch it below:


The other day I was helping this really gorgeous cop I started dating reset the password on her laptop. Her ex-husband is kind of petty and changed her password just to piss her off. I went to use my trusty Bauer-Puntu USB drive, but the video drivers for it were out of date so it didn't work. Kind of a bummer...

Anyway, looking around I found out that someone made a dedicated live version of chntpw and it works like a charm! I tried it on a Windows 10 VM and it worked flawlessly!

From their page:
Chntpw (also known as Offline NT Password & Registry Editor) is a small Windows password removal utility that can run from a CD or USB drive. The latest version is 140201. Please download the Bootable CD image or the USB version for your own purpose:
  • cd140201.zip (~18MB) – Bootable CD image. (md5sum: f274127bf8be9a7ed48b563fd951ae9e)
  • usb140201.zip (~18MB) – Files for USB install (md5sum: a60dbb91016d93ec5f11e64650394afb)
You can also download chntpw for ALT Linux, Arch Linux, CentOS / RHEL, Debian, Fedora, Mageia, ROSA, Slackware, Ubuntu distributions from this link
If you need to download the old version, please visit Offline NT Password & Registry Editor’s official website
After you’ve downloaded it, you then need to burn chntpw to CD/USB drive in order to get it to work.
If you've been looking for a way to easily hack errr... reset a local Windows password, this is it!

What do you like to use to do offline password resets for Windows? Let us know in the comments!

Sep 30, 2019

Facilitating Your Crypto Trading with Automated Platforms: Superorder Case


Automated trading platforms are growing more popular as investors recognize the benefits that come with their adoption. The process of automated crypto trading is simple yet effective. It allows traders and investors to establish specific rules for trade entries and exits that relate to their trading strategies. The moment they confirm these rules, the algorithms do all the work on the traders’ behalf, meaning they buy and sell assets when the time is right.

For investors that want to reduce their trading efforts and minimize the manual labor in the trading process, automated trading platforms are the best ways to do it.

Automation in trading might sound overly complex for some traders, especially when coding is in the picture. However, what many don't know is that learning how to program your strategies is not necessary for some automated platforms.

Superorder Concept

Superorder is a crypto platform for professional traders that want to explore the benefits of automated trading. What this means is that crypto traders can use this feature to build and run their trading strategies, and avoid manual tracing of the market’s price fluctuations.

The Ukraine-born and USA-grown automated trading terminal was launched in 2018. Perhaps, the best thing about the platform is that traders don’t need to possess coding abilities, nor any programming languages to make their trading strategies. Instead, Superorder provides users with a convenient strategy editor based on blocks – various order types. They’re used to build specific trading chains that are executed automatically later.

That has to be one of the most positive aspects of automated trading, particularly for day traders. Knowing how difficult following a 24/7 market is, this feature comes as a refreshing advantage and a way to control professional trading and keep a balanced personal life.

How Does It Work? 

Automated trading revolves around specific strategies and money management rules that allow the systems to monitor trades with precision, and execute them when the time is right.

All automated platforms are not the same, although the main principles that they apply orbit around the idea of establishing rules for the system to automatically execute. Crypto traders and investors decide on the rules, and let the system know when they want to buy coins, and when it would be ideal to sell them to make a profit and minimize losses. The computer remembers these orders and follows the market changes 24/7. When the selling or buying price reaches the parameter that was entered on the system, it executes it.

There can be many different strategies according to the needs of the investors. What’s positive is that Superorder allows users to make a selection of rules and run simulations to test their strategy before applying it on the market.

After registering an account on Superorder, the trader needs to finish connecting his/her profile from the exchange platform that is being used (in this case it’s either Binance, Bittrex, BitMEX or CEX.IO), and start trading by setting up a strategy. Inside their terminal is where they will be doing this, and the interface makes it easy for traders to get around and start their automated trading.

Main Features 

Superorder offers several features, and we are going to go over some of the most important ones that make this platform stand out in front of its competitors. Although the company is rather new on the market, they still have a lot to offer.

  • Strategy Elements/Building Blocks 


One of the problems with most automated trading platforms is that they are somewhat limited to the elements that professional traders can use in their strategies.

Superorder offers nine elements or strategy building blocks, which can be easily located on their interface. They include: limit buy, limit sell, market buy, market sell, stop loss, sell trailing stop, buy trailing stop, and more. There are also conditional elements like tech indicators and forks.

The trailing stops are an advantage because they can be used even if the exchange does not support them. Additionally, there are also conditions called AND Fork, and OR Forks, which allow traders to split their strategy into two paths to make a more complex chain.

  • Cross-Exchange Orders

Traders can cross their order on multiple crypto exchanges to get the best experience. The process is as simple as using two blocks in the strategy builder. Moreover, the platform can handle more strategies running simultaneously on the same exchange and across different exchanges and coin pairings.

  • User-Friendly Interface 

Professional and even new traders shouldn’t encounter any issues with the platform’s interface, considering that it is manageable and easy to use. Even if they do find something that bothers them, users can easily adjust the terminal according to their unique preferences.

  • Platform Support


Superoder’s platform support is a bit limited. They do, however, introduce four big names in the industry. Currently, the platform supports Binance, Bittrex, BitMEX, and CEX.IO but the developers are planning on adding Bitfinex, Poloniex, and other exchanges soon.

Traders can synchronize to their chosen exchange, a process that will only take a few seconds and is nicely explained on the platform, step by step.

  • Free Trial 

For traders that are switching to automated trading, a trial period is a necessity. It’s also an essential feature to determine scams from real trading platforms that help users achieve growth, instead of tricking them to lose their money.

It’s an advantage that Superorder implemented a 3-day trial period, which should be enough to see whether the terminal is the right fit for you or not.

Final Thoughts

Superorder is a fitting platform for professional traders who want to take the shortcut leading to profits. It’s an advantage not to be dealing with programming languages as it takes a lot of time for traders to master it if they already haven’t. It's also useful that the platform is customizable and user-friendly.

The fact that this automated trading terminal allows easy and simple automated trading, with the opportunity to try it out without paying for two weeks, is certainly a positive aspect and a good sign for traders who want to switch to this type of crypto trading.

Overall, the process of automated trading can be remarkably helpful nowadays, and Superorder is one of the platforms that can successfully provide you with profits, all that while minimizing the manual effort traders would usually put into the process. In other words, professional traders can now enjoy earning profits with less effort.



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam