- 41
- 151 087
bugs-KnowledgeSharing
Malaysia
เข้าร่วมเมื่อ 20 ก.พ. 2020
Welcome to Bugs-KnowledgeSharing
My channel is all about knowledge sharing, info, tips, product reviewing, unboxing and unwrapping.
Please subscribe, it will be interesting!
My channel is all about knowledge sharing, info, tips, product reviewing, unboxing and unwrapping.
Please subscribe, it will be interesting!
How to resolve SSL RC4 Cipher Suites Supported Bar Mitzvah (Linux)
The SSL RC4 Cipher Suites Supported (Bar Mitzvah) issue is about using an outdated and insecure method to protect information when websites talk to your browser (or other software).
Here's a simple way to understand it:
1)RC4 is an old way of scrambling information (encryption) so that only the right people can read it. This was commonly used for keeping data safe on the internet.
2) The problem: Researchers found that RC4 is not as strong as it was thought to be. Over time, hackers figured out patterns in how RC4 scrambles data, making it easier for them to guess the original information, like passwords or private messages.
3) Bar Mitzvah attack: This is a clever name given to the attack on RC4. Basically, after many years of using RC4, it was discovered to be weak, just like how people learn and grow over time.
What this means:
If a website or server is still using RC4 to protect its connections, a hacker could potentially figure out what you're sending or receiving (e.g., your login info), even though it looks secure.
How to fix this:
Disable RC4: Web servers or software need to stop using this old method and switch to newer, more secure methods to keep information safe.
Use modern security: Newer methods like TLS 1.2 and TLS 1.3 are much stronger and more secure.
In short, RC4 is outdated and easy to break, so it needs to be turned off to protect sensitive data.
You can watch this video to learn how to mitigate it
#SSL #RC4 #barmitzvah
==Credit==
🔻
"Neutrin05 - Home" is under a Creative Commons (BY 3.0) license:
creativecommons.org/licenses/...
/ @neutrin05
Music powered by BreakingCopyright: • 🌬️ Chill Piano Electronic Music (For ...
🔺
Here's a simple way to understand it:
1)RC4 is an old way of scrambling information (encryption) so that only the right people can read it. This was commonly used for keeping data safe on the internet.
2) The problem: Researchers found that RC4 is not as strong as it was thought to be. Over time, hackers figured out patterns in how RC4 scrambles data, making it easier for them to guess the original information, like passwords or private messages.
3) Bar Mitzvah attack: This is a clever name given to the attack on RC4. Basically, after many years of using RC4, it was discovered to be weak, just like how people learn and grow over time.
What this means:
If a website or server is still using RC4 to protect its connections, a hacker could potentially figure out what you're sending or receiving (e.g., your login info), even though it looks secure.
How to fix this:
Disable RC4: Web servers or software need to stop using this old method and switch to newer, more secure methods to keep information safe.
Use modern security: Newer methods like TLS 1.2 and TLS 1.3 are much stronger and more secure.
In short, RC4 is outdated and easy to break, so it needs to be turned off to protect sensitive data.
You can watch this video to learn how to mitigate it
#SSL #RC4 #barmitzvah
==Credit==
🔻
"Neutrin05 - Home" is under a Creative Commons (BY 3.0) license:
creativecommons.org/licenses/...
/ @neutrin05
Music powered by BreakingCopyright: • 🌬️ Chill Piano Electronic Music (For ...
🔺
มุมมอง: 10
วีดีโอ
How to Resolve HTTP TRACE / TRACK Methods Allowed in Linux
มุมมอง 39วันที่ผ่านมา
The HTTP TRACE and TRACK methods are used to debug web requests by echoing back the received request so the client can see what data the server is receiving. However, they can pose a security risk. TRACE Method: It allows clients to see exactly what is sent to the server. Attackers could exploit it to steal sensitive information like cookies or authentication tokens. TRACK Method: Similar to TR...
How To Resolve SSL Version 2 and 3 Protocol Detection (Linux)
มุมมอง 9014 วันที่ผ่านมา
I'd like to share my insights on how to identify and resolve 'SSL Version 2 and 3 Protocol Detection' issues on your server. I hope you find the video helpful. SSL Version 2 and 3 Protocol Detection refers to the process of identifying whether a server supports the use of SSL (Secure Sockets Layer) versions 2 and 3 protocols. These are older cryptographic protocols used to secure communications...
How to resolve SSL Medium Strength Cipher Suites Supported SWEET32 vulnerability (Windows)
มุมมอง 37Kปีที่แล้ว
This tutorial is how to how to solve SSL Medium Strength Cipher Suites Supported SWEET32 vulnerability (Windows) #ssl #cipher #tenable
Basic clickjacking with CSRF token protection
มุมมอง 1.3K2 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
CSRF vulnerability with no defenses
มุมมอง 652 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
Reflected XSS into a JavaScript string with angle brackets HTML encoded
มุมมอง 402 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
Stored XSS into anchor href attribute with double quotes HTML encoded
มุมมอง 412 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
Reflected XSS into attribute with angle brackets HTML-encoded
มุมมอง 532 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
DOM XSS in jQuery selector sink using a hashchange event
มุมมอง 4172 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
DOM XSS in jQuery anchor href attribute sink using location.search source
มุมมอง 582 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
DOM XSS in innerHTML sink using source location.search
มุมมอง 302 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
DOM XSS in document.write sink using source location.search
มุมมอง 232 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
Stored XSS into HTML context with nothing encoded
มุมมอง 102 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
Reflected XSS into HTML context with nothing encoded
มุมมอง 122 ปีที่แล้ว
Web Security Academy Level: Apprentice Category: Cross-site Scripting portswigger.net/web-security #burpsuite #PortSwigger #XXS
SQL injection vulnerability allowing login bypass
มุมมอง 332 ปีที่แล้ว
SQL injection vulnerability allowing login bypass
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
มุมมอง 1372 ปีที่แล้ว
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
How to view saved passwords in Firefox, Safari and Chrome | OSX
มุมมอง 212 ปีที่แล้ว
How to view saved passwords in Firefox, Safari and Chrome | OSX
Macbook Pro M1 Pro and M1 Max Highlights
มุมมอง 2582 ปีที่แล้ว
Macbook Pro M1 Pro and M1 Max Highlights
How to install rosetta 2, homebrew, nmap, curl, nikto, sqlmap and metasploit on Apple silicon M1
มุมมอง 2.1K2 ปีที่แล้ว
How to install rosetta 2, homebrew, nmap, curl, nikto, sqlmap and metasploit on Apple silicon M1
How To Boot Apple M1 Mac to DFU Mode & Reinstall macOS with 2nd Mac MacBook Pro & Air
มุมมอง 26K2 ปีที่แล้ว
How To Boot Apple M1 Mac to DFU Mode & Reinstall macOS with 2nd Mac MacBook Pro & Air
How to fix Create a computer account failed
มุมมอง 14K2 ปีที่แล้ว
How to fix Create a computer account failed
Cara mudah untuk format dan factory restore Apple M1 MacBook - Monterey (Malay Version)
มุมมอง 1.8K3 ปีที่แล้ว
Cara mudah untuk format dan factory restore Apple M1 MacBook - Monterey (Malay Version)
mengatasi masalah electric shock pada macbook dalam masa 2 minit
มุมมอง 1673 ปีที่แล้ว
mengatasi masalah electric shock pada macbook dalam masa 2 minit
Berbaloi ke beli iphone 11 pro max silicone case di website apple
มุมมอง 363 ปีที่แล้ว
Berbaloi ke beli iphone 11 pro max silicone case di website apple
Thanks for the video, i have a question about your previous video, sweet32 vulnerability. is it considered safe if the state of the port is FILTERED when i run the Nmap -sV --script ssl-enum-ciphers -p 3389 IP command? Hoping for your answer, thanks
Yes, it is generally considered safe if the port is reported as FILTERED when you run the command: bash What "FILTERED" Means in Nmap: - A FILTERED state means that Nmap cannot determine whether the port is open or closed because a firewall or some other filtering mechanism is blocking the port. - This typically indicates that a firewall is in place, which is good from a security perspective because it means that the port is not exposed directly to the internet or unauthorized users. Is it Safe? - Yes, it is safer than having the port in an OPEN state, which would indicate that the service (in this case, likely Remote Desktop Protocol or RDP on port 3389) is accessible over the internet. - A filtered port suggests that the firewall or security rules are properly configured to restrict access to port 3389, potentially allowing only authorized traffic. However: Just because a port is filtered doesn't guarantee full security. You should ensure that: - The firewall rules are properly configured. - Access is only allowed from trusted IP addresses or networks. - The service itself (if accessible to internal users) is properly secured and patched. In summary, a FILTERED port indicates a layer of protection, which is a positive sign, but ongoing monitoring and proper firewall configurations are still important.
@@bugs-knowledgesharing7833 hey, thanks for your explanation! One more question, what about the weak ciphers? Are the ports being filtered is consider safe enough even weak ciphers existing?
Yes, its safe
@@bugs-knowledgesharing7833 thank you so much!
I need to do this same thing in Windows. How would it be?
Sorry, currently I have no Windows server with the same issue to demonstrate. I will create a video once I found the same issue in Windows. Anyway, hopefully, this link might help --> help.defense.com/en/articles/6302795-ssl-version-2-and-3-protocol-detection-windows-vulnerability
After hitting revive I got an error the system cannot be restored in this device no space left on device (nsposixerrordomain-0*1c (28)…please help
Excellent contribution. Thank you.
Работает! Спасибо!
awak ada kedai ke ?
hi , thanks for the video it is very helpful ,if the TLS1.1 is disable still we need to do this ?
Thank you very much, very useful
Great video, Exist a more easy Way to do that in a massive amount of servers? Like script or something?
I tried several times to solve with the same process, but I failed.
Terbaik tuan Sangat jelas dan membantu… Terima kasih sebab sudi berkongsi info 👍👍👍
Hi, after doing this. is it necessary to create a registry for RC4 and 3DES = 0 for disable? [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168] “Enabled”=dword:00000000 If your Windows version is anterior to Windows Vista (i.e. XP, 2003), you will need to set the following registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168] “Enabled”=dword:00000000 thanks
Hi I remove the 3 ciphers as seen in the video and restarted my OS but Tenable says its still exit. Please what other solution can help?
You can cross-check the Nmap results to verify. If the Nmap result shows that the three chippers have already been removed, then you can say the Tenable result is a false positive.
Thanks.
Sekrg berbaloi tk bos kalau nk brli rm 350 jam ini
Tak
Windows only need to update title
After latest update 13.4 Ventura, my MacBook air m1 screen turns black 😢 everything is on ,siri works properly. But the screen is black. Can dfu solve this?
In target Mac, I hold down combine key as you said but it turns on and go to recovery mode. Nothing show DFU in helper Mac. Can you help me why ?
Agak relevant tak jika beli pada tahun 2023
Tak
After remove the weak ciphers, need to restart your os ?
No need
@@bugs-knowledgesharing7833 i think need ya? because after updating the registry it still shows the weak ciphers. please help. thank you.
We can try to restart if the weak chipers still exists.
this guide apply to any port??
Nk tahu original dgn fake mcm mna bang???
whats the impact on this ?
CVSSV3 Impact Score: 3.6
They said to me that The "Thunderbolt inutilisable" and it doesnt work
Setelah masuk ke menu “select your country” MacBook nya boleh di matikan?
Boleh shutdown
Where can I find this PDF? Can you send me the link please?
The PDF is Tenable vulnerability scan result from my server. Im really sorry as i cant share it to public
Thanks you sir
Thanks for the info.
Thanks I also removed 3ds Ciphers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002 - Ran Nessus Scanner no Sweet 32 Vulnerability - Thanks alot for your guide.
@imranrafiq9606 Please can you state the ones you removed, removed the 3 in the video but its still appearing in my scan
Ni assignment ke ape tuan?? Info yg disampaikan bagus2... Tp cara penyampaian membosankan...
bukan assignment. Ada masa terluang untuk suka-suka sharing info. Thanks for the comment tapi cara panyampaian awak pun membosankan
@@bugs-knowledgesharing7833 sya menyampaikan apa tuan???
thanks bro, you saved me
After running revive I'm getting the message "The system cannot be restored on this device. The device is not connected [ConfigurationUtilityKit.error - 0x25B(603)]
Im really sorry, im not sure the meaning of error code. Maybe u can check the connection and try again
Great video. Help me a lot. Thanks.
how to use nmap command in cmd windows?
maybe u can check this link nmap.org/book/inst-windows.html
First of all, the pronounciation is tis - soh.
Tisso
I love youuu you saved my time😭😭
Hello., whats up with the icloud into M1, it will delete?
no, it will not delete
bang..nk tany macbook air 2017 vs macbook pro 2014 (15inch) mana okey dan baloi utk beli tahun 2022 ni? secondhand dan nk guna untuk kerja2 grafik.
based on soalan anda, yg sesuai ialah macbook pro 2014. Macbook air bukan untuk buat kerja2 grafik atau kerja2 yang heavy. Sekiranya budget bukan penghalang, ambik terus macbook pro M1
Thanks for the tutorial video. Save the day & money!
2022 masih releven ke series 3 ni ?
Masih releven kalau dah memang ada tapi kalau baru nak beli, baik beli yg terbaru
@@buckbugs klw secondhand rm400 bebaloi tak ?
@@deraisaku4364 takyah la, baik simpan rm400 tu dan simpan sampai cukup utk beli model yg terbaru sikit
i did this 6 times already and it wont work ffs. help
check both macbook USB-C port, make sure it connected to the right port. Time calculation during pressing the button must accurate
Hi, does this method clear the iCloud account ?
no, it won't.
THANK YOU SOOOOOOOOOOOOOOOOOOOO MUCH IT MADE ME CREAZZZYYY BUT BY YOU IT FIXED
I did all the steps at 3:21 in mine it showed permission denied 😢
aku mau beli minta alamatnya !!!
minit 4:28 ada ditunjukkan alamat butik tissot
Saya jual bang second
@@m_dchanel7050 cuánto es el precio
minta alamatnya
minit 4:28 ada ditunjukkan alamat butik tissot
Berapa harganya aku mau beli kmna aku harus beli ?
Harga pada tahun 2020 adalah RM2,400.00
Bypass icloud macbook air m1 2020
No, it cant bypass icloud
My husband loves, loves & loves 😁