A defense is easy: Does the so-called hacker have a handle? If not, it is not a hacker! Seriously most reporters spend more time recovering handles or other goes-by-the-name-of-references than describing the issue at hand.
IMHO SSL is often not the problem. Most websites/webapps are hacked through badly configured and unpatched servers or through programming errors in the site itself. If you're concerned about security, make sure that your website/webapplication/cms is secure. OWASP is a good source for hints and tips.
They even have a top-10 for this stuff.
So, if SHA-512 is you're only problem, you're doing just fine.
No worries for the average user. Most people I talk to aren't even aware that there was a sandbox-option that could be used. So it's a hole in a door that nobody knew was there. Kinda philosophical: "If a sandbox was cracked that no-one knew existed, is it really cracked".
I've read your comment several times and each time I hear the voice of comic book guy from the simpsons in my head. I'm not trying to be rude so I'm hoping you're not offended by this. I think it has to do with the "no, incorrect" part that your comment starts with.
As 3\/1l as this may seem, this might even be a good thing from a security point of view. The MS-guys have made huge steps the last decade in improving their security processes. We all get a monthly mea culpa and a bunch of fixes. This can only but improve the track record of Adobe.
Your explanation is correct. But I think I have a small contribution.
When the client connects, the server returns a certificate (in X.509 format) that states that this is indeed www.bankofslashdot.org. The public key is just a part of this certificate. This certificate is signed by an organition that both the server and client trust (in this case verisign). In a complete SSL session the client then presents his certificate to the server to announce who he is. This certificate is also signed by an organisation both client and server trust. (This part is often not implemented because it is a hell of a job to distribute all those client certificates).
Often the verification of X.509 certificates is not correctly implemented by browsers (http://www.securityfocus.com/bid/2735) which enables an attacker to create his own certificate and offer that instead.
When connecting to an SSL-enabled site it is often best to inspect the certificate yourself. When the connection is realy important you can use the fingerprint of the certificate to see if this is realy the right site. It should be possible to call your bank and have the fingerprint verified. Be warned though, not all banks know what the H*ll a X.509 certificate is and what that fingerprint is you're moaning about.
This of course also creates a breeding ground for viri (virusses ?!?) and other flora. Besides giving them a free laptop you also present a vulnerable system with software no longer supported by a vendor and therefore without patches.
Just hope their Internet connection is big enough to download the latest debian release;-)
Even though recently some security issues are found in openssh, it can be regarded as one of the more stable and secure implementations of the ssh protocol.
Make sure that when openssh is used, it is configured properly. e.g. - no root login - SSH2 instead of SSH1 - use login with key instead of passwords
There are more configuration options, please read the man pages for those.
When using multiple OS-es, your network could even become more secure. Imagine a hundred servers running the same OS. Once a worm or virus is created for that OS all your servers are vulnerable and can be infected.
If you multiple OS-es, only some of your servers will be vulnerable for that worm or virus. Thus the impact of a virus will be limited.
Sounds like a transputer from inmos that was popular in the beginning of the '90. Dunno if they can be bought though. I've used them at the university. The most easy way to program such a cluster was with the occam programming language.
Slashdot Mirror
A defense is easy: Does the so-called hacker have a handle? If not, it is not a hacker! Seriously most reporters spend more time recovering handles or other goes-by-the-name-of-references than describing the issue at hand.
IMHO SSL is often not the problem. Most websites/webapps are hacked through badly configured and unpatched servers or through programming errors in the site itself. If you're concerned about security, make sure that your website/webapplication/cms is secure. OWASP is a good source for hints and tips. They even have a top-10 for this stuff. So, if SHA-512 is you're only problem, you're doing just fine.
And Debian explains in detail what has happend. I'm hoping Sony will do the same eventually.
Naturaly cyberspace is the correct term ever since US and Russia agreed about what it means back in april 2011.
No worries for the average user. Most people I talk to aren't even aware that there was a sandbox-option that could be used. So it's a hole in a door that nobody knew was there. Kinda philosophical: "If a sandbox was cracked that no-one knew existed, is it really cracked".
I've read your comment several times and each time I hear the voice of comic book guy from the simpsons in my head. I'm not trying to be rude so I'm hoping you're not offended by this. I think it has to do with the "no, incorrect" part that your comment starts with.
That's it, I'm switching to Hurd.
http://www.debian.org/ports/hurd/.
As 3\/1l as this may seem, this might even be a good thing from a security point of view. The MS-guys have made huge steps the last decade in improving their security processes. We all get a monthly mea culpa and a bunch of fixes. This can only but improve the track record of Adobe.
I've found this book that is really (i mean really) simple in describing J2EE. And while it is a bit optimistic, it does tell you why to bother with J2EE in the first place. http://www.amazon.com/J2EE-1-4-Picture-Solveig-Haugland/dp/0131480103
I've read that book, the answer seems to be 42.
1. Buy laptop from dell
2. Find someone speaking/writing English that only wants a dollar per day
3. ??
4. profit
It is also dutch liquor since 1860:
http://www.sonnema.nl/nl/index.asp
Better yet, use occam !h tml
http://wotug.kent.ac.uk/parallel/www/occam/occam.
Your explanation is correct. But I think I have a small contribution.
When the client connects, the server returns a certificate (in X.509 format) that states that this is indeed www.bankofslashdot.org. The public key is just a part of this certificate. This certificate is signed by an organition that both the server and client trust (in this case verisign).
In a complete SSL session the client then presents his certificate to the server to announce who he is. This certificate is also signed by an organisation both client and server trust. (This part is often not implemented because it is a hell of a job to distribute all those client certificates).
Often the verification of X.509 certificates is not correctly implemented by browsers (http://www.securityfocus.com/bid/2735) which enables an attacker to create his own certificate and offer that instead.
When connecting to an SSL-enabled site it is often best to inspect the certificate yourself. When the connection is realy important you can use the fingerprint of the certificate to see if this is realy the right site. It should be possible to call your bank and have the fingerprint verified. Be warned though, not all banks know what the H*ll a X.509 certificate is and what that fingerprint is you're moaning about.
Imagine a beowolf cluster of one of these .. oh wait ... all your flies belong to us .. no uhm, but does it run Linux?
This of course also creates a breeding ground for viri (virusses ?!?) and other flora. Besides giving them a free laptop you also present a vulnerable system with software no longer supported by a vendor and therefore without patches.
;-)
Just hope their Internet connection is big enough to download the latest debian release
Even though recently some security issues are found in openssh, it can be regarded as one of the more stable and secure implementations of the ssh protocol.
Make sure that when openssh is used, it is configured properly.
e.g.
- no root login
- SSH2 instead of SSH1
- use login with key instead of passwords
There are more configuration options, please read the man pages for those.
When using multiple OS-es, your network could even become more secure. Imagine a hundred servers running the same OS. Once a worm or virus is created for that OS all your servers are vulnerable and can be infected.
If you multiple OS-es, only some of your servers will be vulnerable for that worm or virus. Thus the impact of a virus will be limited.
The radio news (radio1, http://portal.omroep.nl/radio1 ) mentioned it in the early morning around 7 AM.
" The nice thing about standards is that there are so many to choose from. " -- Andrew S. Tanenbaum
Sounds like a transputer from inmos that was popular in the beginning of the '90. Dunno if they can be bought though. I've used them at the university. The most easy way to program such a cluster was with the occam programming language.
Hmm, I think I'm getting old
Our corp moved the webserver and mailserver to linux. Nobody noticed except that mail worked and the site was not down.