A while back I created the SCHANNEL.ADM administrative template to allow SCHANNEL ciphers and protocols to be configured in a GPO and pushed out to all servers in a domain. Basically, in any Windows Server version before 2008, the SSL 2.0 protocol was enabled, and so were a bunch of weak ciphers, like 40-bit RC2 or 56-bit DES.
Well, recently one of the sites I manage began failing a HackerSafe test for ciphers and it seems I missed a few ciphers in my template. Why HackerSafe only discovered this now instead of years ago is anybody's guess. It is run by McAfee now, so I wouldn't bet the farm on their audits… But I digress.
I updated the template on my website for download. In addition to having a few more ciphers, I also put in the description "(Recommend Disabled)" next to all the weak ciphers.
Remember that these values are not fully managed policy entries and if you delete your GPO, the affected server will not automatically revert to default values – you will be left to clean up the registry.
More information on enabling/disabling protocols and cipher in Windows can be found here: http://support.microsoft.com/kb/245030
Download SCHANNEL.ADM here.
My congressional representative is Brad Miller. He’s done some great work and is generally well liked by his district. However, just like many Democrats this year, he’s facing stronger competition than in many previous years. Luckily, his opponent is a crazy conspiracy theorist (BP Truther) and “tea party” candidate.
I went to a house party for Miller’s campaign. This is the first time I’ve done such a thing. I’m always pretty politically motivated, but as far as campaigning goes, I’m usually just a money donator, bumper sticker/yard sign poster, and not much more.
The house party was encouraging. There were quite a few disappointed progressives, but they were largely positive towards Miller and more critical of Obama. This is interesting to me because most of the media reports about Democratic turn-out point to dissatisfied Obama supporters not turning out for their local Democrats. I can’t speak for all Democrats and the house party certainly isn’t a scientific sampling, but it was encouraging to see quite a few people turn out for Miller, despite possibly being disappointed in Obama.
Personally, I think Obama has done a great job considering what he has going against him. Sure, I disagree with him from time to time (such as a lot of the bipartisan wishful thinking), but I’m not sure Obama would have accomplished what he had if he had taken that position, so I give him a pass. I guess I’m just an O-Bot, but I don’t blame him for not getting my ponies and rainbows. I blame the obstructionist Confederate Party of Big Business (aka Republican Party). I think we need to channel our fear and anger away from minor intraparty mistakes and quibbles and channel it against the political party that is holding up all true progress for the American people.
If you are a liberal and are feeling unmotivated to vote, just think about what it would be like to have a tea partier as your representative. That is what is at stake. Do you want government to work for you or against you? There is no other choice.
Despite the overall outlook and common beltway wisdom, I’m feeling encouraged and can’t wait to vote for Brad Miller and Elaine Marshall.