Security - MFA override

Here it is mentioned, in italian language a way to override MFA when a proper phishing email is sent to user that will redirect him to a similar website page (a.e. web bank)

End user will insert user and password. Immediately crimes will insert user and password on original website (a.e. bank).

User will receive email with temporary code (true), that will be inserted in duplicated page. Crimes will use this latter code on original webpage having full access on user account (a.e. bank)

So attention to phishing emails must be improved.

https://www.hwupgrade.it/news/sicurezza-software/l-autenticazione-a-due-fattori-puo-essere-bucata-dall-italia-arriva-la-scoperta-ma-non-c-e-soluzione_106327.html

[Update 2022.06.27]

https://www.securityinfo.it/2022/06/27/phishing-supera-l2fa-con-app-microsoft-webview2/

Security - Edge VPN built-in feature Microsoft implementation on going and Opera Built in VPN free

Today  I would like to mention that Microsoft is working to release new Edge version with VPN integrated, it should be for free for limited traffic amount, an account creation should be necessary. 

In any case is an interesting information (to improve security) and encrypt traffic, for providers too, and to hide you public IP address

https://www.cnet.com/tech/services-and-software/microsoft-edge-is-getting-a-built-in-vpn/

https://www.hwupgrade.it/news/sistemi-operativi/microsoft-edge-avra-la-sua-vpn-integrata-e-gratuita-arriva-l-annuncio-ufficiale_106800.html

Another browser that already have, built in VPN feature, for free, is Opera, have a look to below link:

https://www.opera.com/features/free-vpn

Server - SMB Protocols some useful information



Consider that on each Win O.S. there are two services (one is necessary to connect to remote shares, other one is necessary to publish shares):
  1. Client (LanmanWorkstation)
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
  2. Server side (LanmanServer
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer

Here they are some useful commands:

Get-Service Lanman*
Get-SmbShare
Get-Service LanmanServer -DependentServices

To log any if SMB 1.0 protocol is enabled on file server you must use below powershell command 

Set-SmbServerConfiguration -AuditSmb1Access $True -Force

On eventviewer logs are here located:

Applications and Services Logs > Microsoft > Windows > SMBServer > Audit

EventID 3000 

to view events using powershell you must use:

Get-WinEvent -LogName Microsoft-Windows-SMBServer/Audit | Out-GridView

to view if SMB 1.0 is enabled 

Get-SmbServerConfiguration | select EnableSMB1Protocol

If you want to see which SMB versions are using your clients

Get-SmbSession | select ClientComputerName, ClientUserName, NumOpens, Dialect

Dialect is correct column indicating SMB version

There are possibilities to encrypt End-to-End encryption, for single share:

Set-SmbShare -Name Projects$ -EncryptData $True -Force

and for entirely file server

Set-SmbServerConfiguration –EncryptData $True -Force

Meanwhile Microsoft is going to not support, SMB 1 on Windows 11 due to well known security problems. (driver and DLL would not be included)


[original article]


IIS - How to enable IIS errors logging

On IIS errors troubleshooting is easier if errors reasons are verbosely indicated in their logs.

This article quickly explain on how to proceed in verbose errors logging procedure

https://4sysops.com/archives/enable-detailed-iis-errors/

Windows 11 - System Requirements

 Microsoft releases below link where system requirements are verbosely indicated:

https://www.microsoft.com/en-us/windows/windows-11-specifications?r=1

Email - Antispam websites #how to verify your email/smtp server or domain is blacklisted

If you have necessity to check if your email/SMTP Server, or domain, is blocked by some antispam here they are some websites that might be useful for this check purposes.

Website Blacklist Checker

https://sitechecker.pro/blacklist-checker/

 

Blacklist Check

https://mxtoolbox.com/blacklists.aspx

 

Email Health

https://mxtoolbox.com/emailhealth

 

SpamHaus

https://check.spamhaus.org/not_listed/?searchterm=ruffino.it

 

IP Blacklist & Email Blacklist Check

https://dnschecker.org/ip-blacklist-checker.php

 

Antiabuse project 

http://www.anti-abuse.org/multi-rbl-check/ 


[update 2022.05.09]

You can send, your email, to a specific address to understand it it has some spam related problems

http://www.isnotspam.com/

https://www.emailchecky.com/en/

[update 2022.05.26]

https://talosintelligence.com/


[update 2022.05.27]

If you need to verify DNS propagation here it is an useful website:

https://dnschecker.org/#TXT/_dmarc.ruffino.it