security

How To Protect your Server Against the POODLE SSLv3 Vulnerability

Introduction

On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces […]

How to Protect your Server Against the Shellshock Bash Vulnerability

Introduction
On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; […]

OpenSSL Heart Bleed

As many of you are now aware, yesterday the CVE-2014-0160 vulnerability, better known as the “Heartbleed bug”, in the OpenSSL Project was disclosed. This is a serious vulnerability that will affect many websites and applications on the internet. As the researchers have said:

“Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 […]