Home Tag "Webserver"

March 19: OpenSSL update

The OpenSSL team announced that there will be security fixes in the OpenSSL releases 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf which will be published on the 19th march. The announcement states that the highest severity being fixed is “high”. The highest severity defect fixed by these releases is classified as “high” severity. – OpenSSL Project Team The OpenSSL […]

Short News: OpenSSL…”FREAK” attack

And once again an OpenSSL vulnerability has been disclosed. It was disclosed by Karthikeyan Bhargavan and the mitLS team. As every vulnerability needs a fancy name these days, this one is called FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be […]

Short News: Forbes.com hacked back in November

Forbes released a blog post about an attack targeting forbes.com visitors back in November. While I visited the Blog and found that “Thought of the Day” pretty useless (and one more click before seeing the content), it’s kind of ironical that it was in Flash once (doesn’t seem to be the case anymore) and it […]

Turn off Nginx version display

By default Nginx likes to show it’s version in the reply header of every request and on error pages. It is important to turn off the nginx version disclosure in order to prevent attackers to find potential exploits for your nginx server version. While this is generally a problem, I suspect that the secure “do […]