http://www.randombugs.com Just another Bastard Operator From Hell. Everything from *nix to programming Thu, 05 Jan 2012 11:44:55 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 http://www.randombugs.com/java/glassfish/glassfish-311-workaround-denial-service-hash-table-multicollisions.html http://www.randombugs.com/java/glassfish/glassfish-311-workaround-denial-service-hash-table-multicollisions.html#comments Thu, 05 Jan 2012 11:42:48 +0000 admin http://www.randombugs.com/?p=783
This is an old bug, first discovered in 2003, but now was applied to the hash table functions from the new programming languages. The main idea behind this bug is to create hashes which collide, because collision will eat a lot more cpu cycles on your server. For a post of 2 MB is resulting in a 44 minutes of CPU time which will results in a DOS. As suggested in advisory released by nruns.com we can limit the maximum post size from several 10′s of KB. In Glassfish 3.1.1 ...]]> http://www.randombugs.com/java/glassfish/glassfish-311-workaround-denial-service-hash-table-multicollisions.html/feed 0 http://www.randombugs.com/java/glassfish/user-admin-host-null-administration-access.html http://www.randombugs.com/java/glassfish/user-admin-host-null-administration-access.html#comments Wed, 23 Nov 2011 08:24:33 +0000 admin http://www.randombugs.com/?p=771
I should admit, I didn’t read the Glassfish 3.1 Administration Manual, and I don’t know if this is documented. Anyway the main problem appeared when I tried to connect on my cluster instances with admin credentials. If I connect with VisualVM or JConsole to Domain Administration Server (DAS) on 8686 I don’t have any problem. When I’m trying to connect to my cluster instances on port 28686 with admin credentials I get from JConsole Connection Failed: Retry? The connection to admin@rb.randombugs.com:28686 did not succeed. Would you like to try again? and on server.log [#|2011-11-23T12:12:40.599+0000|INFO|glassfish3.1.1|javax.enterprise.system.tools.admin.com.sun.enterprise.container.common|_ThreadID=34;_ThreadName=Thread-2;|User [admin] ...]]> http://www.randombugs.com/java/glassfish/user-admin-host-null-administration-access.html/feed 0 http://www.randombugs.com/java/glassfish/http-transport-error-javaxnetsslsslhandshakeexception-sunsecurityvalidatorvalidatorexception-pkix-path-validation-failed-javasecuritycertcertpathvalidatorexception-signature-check-failed.html http://www.randombugs.com/java/glassfish/http-transport-error-javaxnetsslsslhandshakeexception-sunsecurityvalidatorvalidatorexception-pkix-path-validation-failed-javasecuritycertcertpathvalidatorexception-signature-check-failed.html#comments Wed, 13 Jul 2011 02:45:02 +0000 admin http://www.randombugs.com/?p=762
I switched all my Java Glassfish webservices to SSL, because I wanted to have an encrypted communication between me and my clients. Until then, all my applications worked flawlessly over the HTTP protocol, but now, after switching to SSL, I got the following error: HTTP transport error: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed That means, the client doesn’t have the certificate and cannot check response against the server certificate. The most simple solution is to export the certificate from the webserver server and import it on the webservice ...]]> http://www.randombugs.com/java/glassfish/http-transport-error-javaxnetsslsslhandshakeexception-sunsecurityvalidatorvalidatorexception-pkix-path-validation-failed-javasecuritycertcertpathvalidatorexception-signature-check-failed.html/feed 2 http://www.randombugs.com/php/apache-dynamic-virtual-hosting-php-security.html http://www.randombugs.com/php/apache-dynamic-virtual-hosting-php-security.html#comments Mon, 06 Jun 2011 10:35:21 +0000 admin http://www.randombugs.com/?p=739
It’s been a while since I configured the latest Dynamic Mass Virtual Hosting Server. Last time I used mod_vhost_alias to create a dynamic virtual hosting and it worked without any problem for what we need in that time. Then we didn’t care about the ftp and virtual users, the sites was updated from web pages and security was pretty much handled by upload application who managed the virtual hosting. Now, the problem is a little bit changed: We need a secure sever which should support ftp virtual users with quota ...]]> http://www.randombugs.com/php/apache-dynamic-virtual-hosting-php-security.html/feed 1 http://www.randombugs.com/linux/atomic-modsecurity-rules-debian-lenny-50.html http://www.randombugs.com/linux/atomic-modsecurity-rules-debian-lenny-50.html#comments Thu, 30 Dec 2010 11:26:26 +0000 admin http://www.randombugs.com/?p=666
Everyone, with a decent Linux security knowledge, should know about ModSecurity – Open Source Web Application Firewall. Personally, I know this mod from 2004 and it help me a lot in detecting and/or preventing malicious attacks before reaching my customers applications.]]> http://www.randombugs.com/linux/atomic-modsecurity-rules-debian-lenny-50.html/feed 0 http://www.randombugs.com/linux/compile-configure-modqos-prevent-slowloris-ddos-apache-2-debian-lenny-distribution.html http://www.randombugs.com/linux/compile-configure-modqos-prevent-slowloris-ddos-apache-2-debian-lenny-distribution.html#comments Tue, 04 May 2010 20:00:13 +0000 admin http://www.randombugs.com/?p=650
mod_qos is becoming a very popular module for Apache, from the discover of Slowloris DDoS Attack. It seems, mod_qos is the best solution for Slowloris attack on Apache 2, but you can also check mod_evasive, mod_security or http accelerator “Varnish”. In this post I will try to present a step by step tutorial how to install mod_qos and configure to prevent Slowloris DDoS attack. This post is just a compendium of other good posts: How To Defend slowloris DDoS With mod_qos (Apache2 On Debian [Lenny]) DDoS, Apache2 and mod_qos How to best defend ...]]> http://www.randombugs.com/linux/compile-configure-modqos-prevent-slowloris-ddos-apache-2-debian-lenny-distribution.html/feed 4 http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html#comments Mon, 10 Aug 2009 09:57:57 +0000 admin http://www.randombugs.com/?p=577
Trying to integrate BouncyCastle Cryptography provider in Java can be a nightmare. I read a lot of forums messages about “JCE cannot authenticate the provider BC” and I didn’t find any clear response. After several hours of tweaking and digging I found the main reason of the problem. If you want to use BouncyCastle as Security provider then install it directly on your Java Virtual Machine and remove any library of bc from your application. How to install correctly Bouncy Castle on your JVM: First for Ubuntu/Debian users you should look ...]]> http://www.randombugs.com/java/javalangsecurityexception-jce-authenticate-provider-bc.html/feed 7 http://www.randombugs.com/linux/gpg-ubuntu-debian.html http://www.randombugs.com/linux/gpg-ubuntu-debian.html#comments Wed, 13 May 2009 12:40:28 +0000 admin http://www.randombugs.com/?p=443
Gpg is stands for Gnu Privacy Guard and is a free alternative to the PGP cryptographic software. GnuPG (or GPG) follows the RFC 4880 which is the standard specification of OpenPGP. The most important thing GPG is interoperable with PGP. GPG is build as a command line utility but also have several front-ends for KDE, Gnome and other Linux desktops, but also is directly integrated in other software like: Email Clients as Mozilla Thunderbird, Evolution, Kmail, Instant Messaging as PSI, Fire, Browsers as Mozilla Firefox etc. GnuPG encrypts messages using ...]]> http://www.randombugs.com/linux/gpg-ubuntu-debian.html/feed 3 http://www.randombugs.com/linux/encrypting-decrypting-files-ubuntu.html http://www.randombugs.com/linux/encrypting-decrypting-files-ubuntu.html#comments Tue, 05 May 2009 12:27:27 +0000 admin http://www.randombugs.com/?p=434
This days we shouldn’t trust in anything. The Internet is full of worms, trojans, viruses and they are spreading more and more. Even if you have a firewall is not enough. The best security for your computer is to have it unplugged from power and network … and even then you cannot be 100% about security of your stored data. So today we will talk about encryption under Linux. I will show you how to do it from console and from KDE Windows manager. We have several possibilities to encrypt ...]]> http://www.randombugs.com/linux/encrypting-decrypting-files-ubuntu.html/feed 2 http://www.randombugs.com/linux/howto-work-ssh-keys-agents-usefull-stuff.html http://www.randombugs.com/linux/howto-work-ssh-keys-agents-usefull-stuff.html#comments Tue, 17 Mar 2009 13:54:45 +0000 admin http://www.randombugs.com/?p=314
Managing more than 80 Linux servers is not an easy job, but with the help of ssh I can distribute a command to all servers without typing, retyping the password every time for that. Don’t understand me wrong, you will need to type a password for accessing this servers, but just one time. If you manage correctly your keys you will don’t need to have any fear in heavy exploiting the ssh keys. What is SSH ? SSH stands for Secure Shell and is a protocol that allows secure data exchange ...]]> http://www.randombugs.com/linux/howto-work-ssh-keys-agents-usefull-stuff.html/feed 0