September 2011
22 posts
August 2011
24 posts
Certificate Authorities are getting a Beat Down...
Today Google (and the interwebs) announced that a Certificate Authority issued a false Certificate for GMail to the Iran government. The Certificate Authority was DigiNotar, and it doesn’t issues certificates for any of the Google Services… so it should have never issued a Certificate for GMail. To make matters worse, DigiNotar is a root Certificate Authority, which means...
Apache Killer vs TheXploit.com
Looks like Apache Killer took down www.thexploit.com.
Remember, if you are currently running an Apache Server, until Apache releases an update, the attack is pretty easily avoidable with a simple workaround.
In /etc/apache2/httpd.conf
# drop Range header when more than 5 ranges.
# CVE-2011-3192
SetEnvIf Range (,.*?){5,} bad-range=1
RequestHeader unset Range env=bad-range
UPDATE...
You know what they say... →
A Jupiter-mass companion orbiting so closely to it’s pulsar is a girls best friend.
WatchTacit: Sonar For The Blind
Love it - Should be part of everyone’s ninja arsenal.
