Home » Archive

Articles in the Security Category

Featured, Glassfish, Java, Security »

[5 Jan 2012 | No Comment | ]

This is an old bug, first discovered in 2003, but now was applied to the hash table functions from the new programming languages. The main idea behind this bug is to create hashes which collide, because collision will eat a lot more cpu cycles on your server. For a post of 2 MB is resulting in a 44 minutes of CPU time which will results in a DOS.

(adsbygoogle = window.adsbygoogle || []).push({});

Share this post

Hide Bookmarks …

Glassfish, Java, Recovery, Security »

[23 Nov 2011 | No Comment | ]

I should admit, I didn’t read the Glassfish 3.1 Administration Manual, and I don’t know if this is documented. Anyway the main problem appeared when I tried to connect on my cluster instances with admin credentials. If I connect with VisualVM or JConsole to Domain Administration Server (DAS) on 8686 I don’t have any problem. When I’m trying to connect to my cluster instances on port 28686 with admin credentials I get from JConsole

(adsbygoogle = window.adsbygoogle || []).push({});

Share this post

Glassfish, Java, Security »

[13 Jul 2011 | 3 Comments | ]

I switched all my Java Glassfish webservices to SSL, because I wanted to have an encrypted communication between me and my clients. Until then, all my applications worked flawlessly over the HTTP protocol, but now, after switching to SSL, I got the following error:

(adsbygoogle = window.adsbygoogle || []).push({});

Share this post

Hide Bookmarks

Apache, Debian, Featured, Headline, How-to, Php, Security »

[6 Jun 2011 | 6 Comments | ]

It’s been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. Then we didn’t care about the ftp and virtual users, the sites was updated from web pages and security was pretty much handled by upload application who managed the virtual hosting. Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota …

Debian, Linux, Security »

[9 Jan 2011 | No Comment | ]

This is a little bit old, but is worth to mention it because on a lot of system is still working. The proof of concept code and a lot of details you will find here: http://bit.ly/fYpOtx . This exploit is based on 3 vulnerabilities found by Nelson Elhage (probably because of that exploit is named full-nelson). As I said the exploit is based on 3 vulnerabilities CVE-2010-4258, CVE-2010-3849 and CVE-2010-3850. The last 2 vulnerabilities are based on Econet protocol driver. If you don’t have this driver loaded exploit will not …