Tag Archives: security

Easy SSLv3 "poodle" vulnerability test (and the fix for Jboss/Tomcat)

Recently new vulnerability ("poodle") has been discovered in SSLv3 protocol. "man in the middle" attack could be performed using protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 then exploit the "poodle" vulnerability. In order … Continue reading

Posted in en | Tagged | 1 Comment

[ROZWIĄZANIE] "Wakacje przedłużone o dwa tygodnie" = automatyczny like na FaceBook?

"Wakacje przedłużone o dwa tygodnie" – tego typu komunikat ostatnio zaczął pojawiać się masowo na FB. Jest świadomie (a także nieświadomie) propagowany przez użytkowników FB. "Nieświadoma" część przekazywania linka polega na wykorzystaniu "click hijaking" przez autorów strony. W poniższym artykule … Continue reading

Posted in pl | Tagged | Leave a comment

Hardening Apache Based Installations

Sometimes you want to test some server-side software on public server but don't want be hit by automated scripts that explore known vulnerabilities in software. The simplest solution is to add additional protection using Apache-based access restrictions. Enable .htaccess in … Continue reading

Posted in en | Tagged , | Leave a comment

"Gray box" analysis example – FogBugz case

Recently I've hit the following exception at FogBugz site (hosted commercial bug tracker which one I'm a happy user): System.ArgumentException: Invalid syntax: expected identifier, found ')' Server stack trace: at FogCreek.FogBugz.Database.CSqlParser.ParseIdentifier(CSqlTokenList tokens) at FogCreek.FogBugz.Database.CSqlParser.ParseColumn(CSqlTokenList tokens, Nullable`1 fTableNameRequired) at FogCreek.FogBugz.Database.CSqlParser.ParseTerm(CSqlTokenList tokens, … Continue reading

Posted in en | Tagged , | Leave a comment

Encryption Using GPG: Minimal HOWTO

I assume you want to encrypt some files using your public GPG key. I'll focus on simplicity rather than completeness (minimal steps required to implement encryption). First you have to generate key pair: $ mkdir -p ~/.gnupg $ gpg –gen-key … Continue reading

Posted in en | Tagged , | Leave a comment