Home » Archive

Articles in the Security Category

Featured, Hacking, Headline, Security »

[15 Mar 2013 | No Comment | ]

Is first time when I’m attending to Blackhat conf. I’m a little bit disappointed. Probably my expectation was pretty high. Anyway, I saw several good talks:

Share this post

Hide Bookmarks

Featured, Glassfish, Java, Security »

[5 Jan 2012 | No Comment | ]

This is an old bug, first discovered in 2003, but now was applied to the hash table functions from the new programming languages. The main idea behind this bug is to create hashes which collide, because collision will eat a lot more cpu cycles on your server. For a post of 2 MB is resulting in a 44 minutes of CPU time which will results in a DOS.

Share this post

Hide Bookmarks

Glassfish, Java, Recovery, Security »

[23 Nov 2011 | No Comment | ]

I should admit, I didn’t read the Glassfish 3.1 Administration Manual, and I don’t know if this is documented. Anyway the main problem appeared when I tried to connect on my cluster instances with admin credentials. If I connect with VisualVM or JConsole to Domain Administration Server (DAS) on 8686 I don’t have any problem. When I’m trying to connect to my cluster instances on port 28686 with admin credentials I get from JConsole

Share this post

Glassfish, Java, Security »

[13 Jul 2011 | 3 Comments | ]

I switched all my Java Glassfish webservices to SSL, because I wanted to have an encrypted communication between me and my clients. Until then, all my applications worked flawlessly over the HTTP protocol, but now, after switching to SSL, I got the following error:

Share this post

Hide Bookmarks

Apache, Debian, Featured, Headline, How-to, Php, Security »

[6 Jun 2011 | 6 Comments | ]

It’s been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. Then we didn’t care about the ftp and virtual users, the sites was updated from web pages and security was pretty much handled by upload application who managed the virtual hosting. Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota …