How to Disable TLS 1.0 on Sophos UTM for PCI Compliance

Trying to pass PCI Compliance with your Sophos UTM? Good luck. You can’t as of 12/15/2015. Maybe someday they’ll release an update that allows you to easily “check” a box. Until then, welcome to the Sophos Command Line!

Warning: I’m a Linux beginner. But these steps worked for me. By the way, Sophos said this voids the support warranty. When I pressed the issue, they stated it doesn’t void my support agreement. I still don’t understand what it voids so proceed with caution.

  1. In the Sophos Dashboard, go to Management > System Settings > Shell Access. Create a password for root and loginuser and click the “Set Specified Passwords” box. Then, make sure the network you’re connecting from is in Allowed Networks. Finally, make sure “Allow password authentication” is checked. Hit Apply and again, make sure the green “On/off” switch is ON at the top right corner.
  2. Go download and install Putty and WinSCP.
  3. Start with WinSCP. We’re going to make a backup, first.
    1. Enter the IP and Port (2222) and connect to your Sophos UTM.
    2. Go ‘up’ a few levels until you’re at the Root folder. Then, navigate towards the /var/chroot-httpd/etc/httpd directory.
    3. Download the httpd.conf file by dragging the file from the right side to the left side (like FTP).
    4. Great. We have a backup with the original text inside. Disconnect your session. I have no idea how to restore, btw. That’s how much I suck. But we have a backup!!:)
  4. Start Putty and connect to the same IP and port. We’re going to edit that same httpd.conf file in the command line.
    1. First, login with loginuser and press enter.
    2. Type su then press enter.
    3. Enter your root password and press enter.
    4. Type CD / and press enter. You’re at root now.
    5. Now type CD var/chroot-httpd/etc/httpd and press enter.
    6. To edit the file type vi httpd.conf and press enter.
    7. Use the down arrow key to scroll down near the bottom of the file. You’re looking for SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
    8. Once you spot it, press the Insert key on your keyboard and use the keyboard to change the +TLSv1 to TLSv1
    9. Press ESC to exit the editing mode.
    10. Now press : (you might have to press enter after typing the colon). This should take you to the bottom of the screen.
    11. After the : type x and press enter. This should save the file and get you back to the command  line.
    12. At the command line, paste this entire code and hit enter to restart httpd:
      /etc/init.d/httpd restart
    13. Once it restarts, at the command line, you can verify TLS 1.0 is disabled by pasting this line and pressing enter:
      openssl s_client -connect localhost:4444 -tls1
    14. If properly disabled, it will say the handshake failed or something similar.
    15. Type quit and close Putty. You’re done.

Note: You’ll need to repeat these steps every time you update the Sophos UTM firmware. Thanks for nothing, Sophos. :(

Huge thanks to Colorado State University for the VI commands above.


Funny and Cool WiFi Network Names

Here is a list of funny WiFi network names pulled from various sources.

  • ItHertzWhenIP
  • Wu-Tang LAN
  • The LAN Before Time
  • House LANnister
  • Password is Taco
  • TellMyWifiLoveHer
  • HideYoKidsHideYoWifi
  • 4 8 15 16 23 42
  • WiBelieveICanFi
  • This LAN is my LAN
  • Bill Clinternet
  • Batcave
  • Router Roddy Piper
  • Abraham Linksys
  • Kings LANding
  • NotYourWiFi
  • Skynet

SkyHub Cloud Unlimited Backup Lifetime Subscription Review

I just got the following promotion from BitsDuJour and StackSocial recently. It’s for “SkyHub Cloud Unlimited Backup: Lifetime Subscription” priced at a whopping one time payment of $89. I haven’t signed up or used this service, but I was curious…who are these people? And how can they offer lifetime backup for the cost of a 1tb external hard drive? I finally found the answer. Continue reading

Unsubscribe from MedAxiom ListServ Emails

Getting MedAxiom LISTSERV emails you don’t want? Their email LISTSERV doesn’t give instructions on how to remove yourself from the list. It says to send an email to their help desk that never responds. I finally found the link to unsubscribe inside of their email headers. Click the link below to get redirected to the MedAxiom Unsubscribe page. Enter you name and email on the next page and click submit. They’ll send a verification email with a link that needs to be clicked. Clicking it finalizes the removal process.

Click Here to Unsubscribe from MedAxiom ListServ Emails

MedAxoim….get your act together and prominently include this link inside your emails before you accidentally end up on Blacklists.

How to Fix the WordPress Casino Hack

A client running WordPress received a Manual Action warning from Google about their site being hacked with injected URLS. The page mentioned on Webmaster Tools was The page was iframing a casino website which was making them look bad on Google. Here’s the way to remove the offending pages. Continue reading