Beware of source code (even from your favorite portal/forum/…)

The other day I stumbed upon a weired piece of software on howtoforge.com : dns-add (code on sourceforge.net). Actually, the purpose of dns-add was very intriguing : update your DNS in one command ! The output should look like this: …::: ISP-fW DNS add v1.0 :::… http://isp-fw.sourceforge.net/ –== copyleft 2005-2006 ==– | Free memory: 864…
Continue Reading

Netios 0.74

Netios 0.74 is out. Complete changelog : 2010-04-08  (0.74) phocean <jc@phocean.net> * improve logging and  error handling * clean up some crapy code Check there for more details and a download link.

Netios 0.74 is out. Complete changelog : 2010-04-08  (0.74) phocean <jc@phocean.net> * improve logging and  error handling * clean up some crapy code Check there for more details and a download link.

Updates on OpenSSL CVE-2009-3555 (client renegociation)

So there are some news from the front of OpenSSL CVE-2009-3555 (see this and this for the history). Now the latest version of Apache mod_ssl (2.2) embeds an option to reactivate old way client renegociation : SSLInsecureRenegotiation on Check the official doc for more details. With this option activated, you can now safely upgrade openSSL…
Continue Reading

Possible use of SSL rogue certificates for spying purposes

Recent work of security researchers on SSL MiTM attacks have shown how fragile the whole Internet security design could be. But whereas some of these attacks concerns CA with insufficient security policies (md5 collisions) or some level of social engineering against the user (sslsniff), this paper alerts us on a more serious and stealth threat….
Continue Reading