11 November 2014

USPS Employee Portal Hit by Massive Hack!

The list of network hacks continues to grow, with the latest hack being the employee portal of the USPS. That's story is located at: http://www.cnn.com/2014/11/10/politics/postal-service-security-breach/index.html

What's even more interesting, however, is that fact that the USPS has still not properly encrypted their Employee Portal at:https://ereassign.usps.com/ereassign/login/welcomeEmployee.pge - it's still vulnerable to Poodle and other SSL v3.0 attacks.

Here's a site which will show you their SSL Certificate results in real time:https://www.ssllabs.com/ssltest/analyze.html?d=ereassign.usps.com&hideResults=on

The fix is actually very easy for anyone running Server, 2003, Server 2008, or Server 2012. For both the how to, and the necessary REG files, see my documents at: 

https://portal.chicagonettech.com/kb/c20/mailserver-security.aspx




Bruce Barnes, owner of ChicagoNetTech is an active member of the SmarterTools online support team who's posts can be found on the SmarterTools Technical Support Forums.

ChicagoNetTech's support portal is located at https://portal.chicagonettech.com 

No comments:

Post a Comment

Please keep all comments on topic and respect the poster of the original message.

Messages which attack a poster, contain profain language, are off topic, or are otherwise defamatory will be deleted from the blog.