Tag: Apache

  • Configuring email notifications to be friendly but secure

    I have commented in the past on the generally low security level of Microsoft ASP.Net web applications which stems from the closed Microsoft monoculture and a product strategy that prioritizes ease of use over security and privacy by hiding features and functionality from the user. In the course of a security audit/penetration test of a […]

  • Exploiting Apache DoS vulnerabilities

    Apache is the world’ most popular Web server for Linux and Windows platforms, and with such a large attack surface, it’s no surprise that attackers are looking to exploit Apache software vulnerabilities. The approach used by XerXeS is somewhat novel in that it is based on a DoS (not DDos) attack and apparentlyrequires┬árelatively modest computing […]

  • Apache.org hack

    Friday morning August 28, a compromised SSH key┬á enabled attackers to deploy a rootkit and upload files to one of the Apache Foundation servers, the files were then synch’ed to a production server. A blog post from the Apache Foundation explained that attackers accessed an account at a hosting provider: “To the best of our […]