Hi all DMT-Nexus members,
Due to new insights into security I have changed the configuration of the DMT-Nexus in a few ways. These changes improve the security but they also have one small penalty.
PENALTY
Lets start with this one, since it is probably the only one that might have a direct impact on some users.
* Internet Explorer on Windows XP is no longer supported, so you cannot use IE8 or lower on Windows XP. This is not a bad thing since both IE8 or lower is not that secure anyway. You should move to another browser like the newest version of Chrome(ium) or FireFox.
IMPROVEMENTS
This will be some technical mumbo-jumbo for many, though for those who are interested here is some extra information.
* The SSL certificate now has a SHA256 signature. The old SHA1 signature has several security issues where one with enough resources could possibly crack it.
* Cipher suite:
-- No more RC4. This one has been found to be insecure. Modern browsers already avoided it, but now it is completely impossible to use it with the DMT-Nexus site.
-- No more 3DES. Old, crappy algorythm. Like RC4 modern browsers avoided it like the plague but now it is also impossible to use it on this site.
-- SHA256 is now preferred above SHA1 for message authentication, note that this is a different thing than the aforementioned signature of the SSL certificate. If your browser can handle it, it will use this more secure option. The old SHA1 is still available since unfortunately not all browsers can handle these specific cipher suites.
* HTTP Strict Transport Security. This is a message from the server to your browser that it should ALWAYS use the HTTPS version of the site and not the plain text HTTP version. This can prevent certain so called man in the middle attacks.
Due to this we can a nice A+ overall rating of from Qualys SSL Labs:
I hope this make you all feel a tad more secure. However, remind yourself that this is just one layer of protection so make sure you all have a good security policy and it can never hurt to also use a trusted VPN or TOR to visit this site.
Kind regards,
The Traveler
Due to new insights into security I have changed the configuration of the DMT-Nexus in a few ways. These changes improve the security but they also have one small penalty.
PENALTY
Lets start with this one, since it is probably the only one that might have a direct impact on some users.
* Internet Explorer on Windows XP is no longer supported, so you cannot use IE8 or lower on Windows XP. This is not a bad thing since both IE8 or lower is not that secure anyway. You should move to another browser like the newest version of Chrome(ium) or FireFox.
IMPROVEMENTS
This will be some technical mumbo-jumbo for many, though for those who are interested here is some extra information.
* The SSL certificate now has a SHA256 signature. The old SHA1 signature has several security issues where one with enough resources could possibly crack it.
* Cipher suite:
-- No more RC4. This one has been found to be insecure. Modern browsers already avoided it, but now it is completely impossible to use it with the DMT-Nexus site.
-- No more 3DES. Old, crappy algorythm. Like RC4 modern browsers avoided it like the plague but now it is also impossible to use it on this site.
-- SHA256 is now preferred above SHA1 for message authentication, note that this is a different thing than the aforementioned signature of the SSL certificate. If your browser can handle it, it will use this more secure option. The old SHA1 is still available since unfortunately not all browsers can handle these specific cipher suites.
* HTTP Strict Transport Security. This is a message from the server to your browser that it should ALWAYS use the HTTPS version of the site and not the plain text HTTP version. This can prevent certain so called man in the middle attacks.
Due to this we can a nice A+ overall rating of from Qualys SSL Labs:
I hope this make you all feel a tad more secure. However, remind yourself that this is just one layer of protection so make sure you all have a good security policy and it can never hurt to also use a trusted VPN or TOR to visit this site.
Kind regards,
The Traveler
