Security Updates Skype for Business (Lync) Client – June 2017

Patch Tuesday

During patch Tuesday Microsoft released two security patches for Skype for Business and one for Lync 2013.

Security update for Skype for Business 2016

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow
remote code execution if a user opens a specially crafted Office file.
To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.

Note To apply this security update, you must have the release version of
Skype for Business 2016 installed on the computer.

(download KB3203382)

Security update for Skype for Business 2015 (Lync 2013)

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow
remote code execution if a user opens a specially crafted Office file.
To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.

Note To apply this security update, you must have the release version of
Skype for Business 2015 (Lync 2013) installed on the computer.

QoS troubleshooting with Wireshark

During my work i have a lot of VoIP traffic related queries/questions. I’m using this configuration to check if packets are being tagged with the right DSCP values.

Add DSCP column to your Wireshark Client

1. Right click on one of the existing columns.
2. Click on column preferences
3. Click Add down the bottom
4. Click on the “New Column” Label and change it to “DSCP” then hit enter once.
5. With the new entry highlighted, change the Field Type to Custom (in the dropdown box)
6. In field name, copy and paste in ip.dsfield.dscp
7. Click Apply/Ok

You can drag the column back to the left side of the Info column and you now have a simple view of the tag for any packet.

Filter

You can also set a filter to capture all packets with DSCP value 46

ip.dsfield.dscp == 46

Reference

Here’s a table of DSCP and TOS values in their most common formats just for reference.
TOS (Dec) TOS (Hex) TOS Precedence Name TOS Delay flag TOS Throughput flag TOS Reliability flag DSCP (Hex) DSCP (Dec) DSCP/PHB Class
0 0x00 Routine 0 0 0 0x00 0 none
4 0x04 Routine 0 0 1 0x01 1 none
8 0x08 Routine 0 1 0 0x02 2 none
12 0x0C Routine 0 1 1 0x03 3 none
16 0x10 Routine 1 0 0 0x04 4 none
32 0x20 Priority 0 0 0 0x08 8 cs1
40 0x28 Priority 0 1 0 0x0A 10 af11
48 0x30 Priority 1 0 0 0x0C 12 af12
56 0x38 Priority 1 1 0 0x0E 14 af13
64 0x40 Immediate 0 0 0 0x10 16 cs2
72 0x48 Immediate 0 1 0 0x12 18 af21
80 0x50 Immediate 1 0 0 0x14 20 af22
88 0x58 Immediate 1 1 0 0x16 22 af23
96 0x60 Flash 0 0 0 0x18 24 cs3
104 0x68 Flash 0 1 0 0x1A 26 af31
112 0x70 Flash 1 0 0 0x1C 28 af32
120 0x78 Flash 1 1 0 0x1E 30 af33
128 0x80 FlashOverride 0 0 0 0x20 32 cs4
136 0x88 FlashOverride 0 1 0 0x22 34 af41
144 0x90 FlashOverride 1 0 0 0x24 36 af42
152 0x98 FlashOverride 1 1 0 0x26 38 af43
160 0xA0 Critical 0 0 0 0x28 40 cs5
176 0xB0 Critical 1 0 0 0x2C 44 voice-admit
184 0xB8 Critical 1 1 0 0x2E 46 ef
192 0xC0 InterNetworkControl 0 0 0 0x30 48 cs6
224 0xE0 NetworkControl 0 0 0 0x38 56 cs7

Block the Blue Coat Intermediate CA from Windows

Symantec has gotten in hot water for issuing rogue certificates (source). While Symantec has agreed to certificate transparency, Blue Coat systems is a known operator of MITM services they sell to enterprises, nation-states and governments, and this certificate would allow Blue Coat to issue arbitrary MITM certificates.

OSX instruction can be find over here (By Filippo Valsorda)

Click on Continue Reading for the full instructions

Continue Reading

Privacy and Anonymity

Privacy

Privacy is an increasingly rare commodity these days. To find out what kind of information is there about you do a search for yourself on Pipl.com, you might be surprised at the number of companies that claim to have information about you and your relatives.

That’s because your personal information, including your email address, phone number and daily activities on Social Networks and apps, are worth a lot of money to legitimate businesses, your new employer, government and bad guys (read hackers).

The bad guys just want to steal from you and sell it on the DarkNet. Legitimate Companies want to know as much about you as possible, so they can sell you more products and services or serve you ads that are highly relevant to your preferences. And your possible new employer might get the wrong impression of you.

So i’m going to talk about a few steps that helps you, to protect your information.

There are a couple ways to secure your own privacy without having a lot of tools installed or the need of know how.

  • Information you Share
  • Email address
  • Fake Identity
  • Browsing anonymously
Continue Reading

Force HTTPS On Your WordPress Site

I’m running my wordpress site for quite some time now.. My site is HTTPS enabled and signed with a certificate. HTTP was also possible in the past for reaching my site. In this guide i’m going to point all of the pages (including the administrative) to force HTTPS.

To simplify this, the guide will build into the following 3 parts:

  1. Force SSL for administrator pages (including the login page)
  2. Secure all normal pages with HTTPS
  3. Change .htaccess to redirect all HTTP to HTTPS

When all of this is completed you should have a WordPress site completely running secure with HTTPS.

This guide assumes that you have already bought a valid Certificate

Continue Reading