WildFly 8.0.0 Final on OpenShift
8 Knackpunkte im Rechenzentrum
The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.
The source repositories were audited and they were not affected.
Other than the modification to the index.html page no changes to the website were made. No vulnerability in the OS or OpenSSL applications was used to perform this defacement.
Website defacement: final details.
Bit Twiddling Hacks
Insecurities in the Linux /dev/random
Abstract: A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and Halevi (BH). This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random numbers from the continually internal state. In this work we extend the BH model to also include a new security property capturing how it should accumulate the entropy of the input data into the internal state after state compromise. [...]
Why Android SSL was downgraded in late 2010
Fingerprinting Through Sensor Flaws
D-Link user agent Backdoor
On a whim I downloaded firmware v1.13 for the DIR-100 revA. Binwalk quickly found and extracted a SquashFS file system, and soon I had the firmware’s web server (/bin/webs) loaded into IDA. [...]
In other words, if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings.
BSI - Mindeststandard für verschlüsselte Verbindungen
Für den Einsatz einer Transportverschlüsselung mittels des TLS-Protokolls wird in der Bundesverwaltung das Protokoll TLS 1.2 in Kombination mit Perfect Forward Secrecy (PFS; die Bezeichnung Forward Secrecy kann synonym verwendet werden) als Mindeststandard nach § 8 Abs. 1 Satz 1 BSIG auf beiden Seiten der Kommunikationsbeziehung vorgegeben. Soweit zertifizierte Produkte für diesen Einsatz existieren, sind diese vorrangig einzusetzen.
Publishing JSON over XMPP
At the beginning of this post, it was mentioned that inventing protocols causes extra effort in the development of client implementations. What’s great about our selection of XMPP PubSub here is that Fanout’s JSON push becomes accessible on pretty much every platform and operating system imaginable, without us having to write any new client libraries. And if you’re already an XMPP aficionado, Fanout just got that much easier to use.
The Abomination of Ebooks: They Price People Out of Reading
The collusion of large ebook distributors in pricing has been a public issue for a while, but we need to talk more about how they are priced differently to consumers and to libraries. That’s how ebooks contribute to the ever-growing divide between the literary haves and have-nots.
We need to stop thinking of and talking about ebooks as books, and more as we would an app or a software package: Ebooks are computer code that display text and pictures instead of instructing our tablets to do some task. Not only can we not legally fiddle with such proprietary software, but we can’t “buy” it, either — we lease it, according to terms and conditions set by the manufacturer. [...]
PaaS Standards: Standardize On What?
Any talk of standardizing on any particular platform, even if it is open source, doesn’t help the end users in any significant way. Even though open source has strategic advantages over proprietary platforms, it is not enough to avoid vendor lock-in. Any standardization process should instead focus on portability of application dependencies or entire applications. Cartridges and Buildpacks are ideal candidates for the former and Containers are suitable for the latter.
XMPP voice and video chat in Web browser!
The purpose of Jingle is to enable one-to-one, peer-to-peer media sessions between XMPP [Jabber] entities, where the negotiation occurs over the XMPP signalling channel and the media is exchanged over a data channel that is usually a dedicated non-XMPP transport. Jingle is designed in a modular way.
Try a live demo on demo.frenchtouch.pro/valerian.saliou/jsjac-jingle/examples/simple_client.html
ESnet Fasterdata Knowledge Base
To make better use of its accumulated knowledge, ESnet has developed this Fasterdata Knowledge Base. The knowledge base provides proven, operationally-sound methods for troubleshooting and solving performance issues.