Configuring email notifications to be friendly but secure
I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user. In the course of a security audit/penetration test of a […]
Exploiting Apache DoS vulnerabilities
Apache is the world’ most popular Web server for Linux and Windows platforms, and with such a large attack surface, it’s no surprise that attackers are looking to exploit Apache software vulnerabilities. The approach used by XerXeS is somewhat novel in that it is based on a DoS (not DDos) attack and apparentlyrequires relatively modest computing […]
Apache.org hack
Friday morning August 28, a compromised SSH key enabled attackers to deploy a rootkit and upload files to one of the Apache Foundation servers, the files were then synch’ed to a production server. A blog post from the Apache Foundation explained that attackers accessed an account at a hosting provider: “To the best of our […]
