[lug] Colorado Bureau of Investigation
Jeffrey S. Haemer
jeffrey.haemer at gmail.com
Tue Jan 27 13:55:00 MST 2015
Robert,
Try it now. Should work.
On Fri, Jan 23, 2015 at 8:48 AM, Robert Racansky <robert.racansky at gmail.com>
wrote:
> Not Linux related, but it is security related (especially for those of
> you running web servers)...
>
>
>
> A friend of mine owns a gun shop.
>
> To conduct background checks, he uses the Colorado Bureau of
> Investigation's (C.B.I.) web site at
>
> https://ccic.state.co.us/InstaCheck/
>
> Yesterday, he called me because he could not access the C.B.I.
> website. Since I was already on my way to his part of town for other
> reasons, I was able to make a detour by his shop and check it out.
>
>
> He normally uses the Google Chrome web browser on Mac OS X. Sure
> enough, when I arrived, Google Chrome was giving the following error
> message:
>
> "This webpage is not available"
> "A secure connection cannot be established because this site uses an
> unsupported protocol."
> "Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH"
>
> I was able to access the site using Firefox and Safari on his Macbook,
> plus Internet Explorer on my Windows tablet, and whatever the web
> browser on my ancient Android phone is.
>
> Researching this, I found out that "Chrome 40 is removing SSLv3
> support since it's been shown to be broken. Please contact the site's
> administrators and ask them to update their SSL stack."
>
> Sure enough, the C.B.I. web site is using SSL v3, according to Firefox
> on my Linux machine at home.
>
> "Firefox cannot guarantee the safety of your data on ccic.state.co.us
> because it uses SSLv3, a broken security protocol."
> "Advanced info: ssl_error_no_cypher_overlap"
>
>
> So Google Chrome version 40 and newer, and Firefox version 34 and
> newer, will not display web pages using SSLv3
>
>
> When he called the C.B.I. earlier that day, they told him there was no
> problem. Of course, the person he talked to was a background-check
> operator, and not a technical support person.
>
>
>
>
> The experience was also a perfect example of why it's so frustrating
> supporting small offices and home users. In a corporate environment,
> there are other computers (and users) to test with, making it easier
> to isolate the problem. Also, if the problem is with the company's
> web site, the end-user support technicians can just go and talk to the
> server-support admins.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
--
Jeffrey Haemer <jeffrey.haemer at gmail.com>
720-837-8908 [cell], http://seejeffrun.blogspot.com [blog],
http://www.youtube.com/user/goyishekop [vlog]
*פרייהייט? דאס איז יאַנג דינען וואָרט.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150127/857fb904/attachment.html>
More information about the LUG
mailing list