Licensing
Categories
Tags
- A10-6800K
- AIX
- AMD
- AMD-Vi
- Benchmark
- Bible
- BIOS
- capitalism
- Catalyst/FGLRX/Crimson
- CentOS
- communism
- Confucius
- dd-wrt
- DirectX 11
- Fedora
- FedUp
- firmware
- FreeBSD
- GA-F2A88XM-D3H
- Gaming
- Gigabyte
- GNOME
- GNU/Linux
- GRUB
- Hardware
- httpd
- Hyper-V
- IOMMU
- iptables
- Islam
- Jails
- Jesus
- KDE
- KDM
- kernel
- Koran
- kvm
- Leftism
- LFCE
- LFCS
- Liberalism
- libvirtd
- LVM
- MAME
- Microsoft/Windows
- mod_wsgi
- NFS
- NVidia
- OpenSSH
- OpenSSL
- OpenSUSE
- OpenZFS
- overclock
- Paleolithic
- patch
- PlayOnLinux
- Pluto
- postgresql
- qemu
- R
- Red Hat Enterprise Linux
- rpm
- security
- SELinux
- SSH
- Steam
- storage
- systemd
- Torah
- Ubuntu
- UNIX
- upstart
- VT-d
- wine
- yum
-
Recent Posts
Recent Comments
Archives
- September 2021
- January 2020
- December 2019
- September 2019
- May 2019
- April 2019
- March 2019
- July 2018
- February 2018
- January 2018
- March 2017
- February 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
Tag Archives: OpenSSL
SharedSystemCertificates in Fedora 21: Blacklisting the CCNIC Root Certificate
A question came up on ask.fedoraproject.org regarding the recent CCNIC debacle and Google’s decision to distrust their Root CA given their recent misbehavior. The user wanted to know how to blacklist the CCNIC Root CA, himself, for all software running … Continue reading
Diagnosing POODLE (CVE-2014-3566) Vulnerability
Well, it’s kind of a silly vulnerability to be quite frank. It’s based on a very outdated and obsolete protocol with many superior replacements already in production and it’s a man-in-the-middle attack that requires a significant amount of technical expertise and a serious … Continue reading
Heartbleed and System Defense
It crosses my mind that this is a perfect opportunity to discuss system defense options against unknown threats such as Heartbleed (over the past two years, anyway). How does one defend against a threat which “leaves no trace” and is … Continue reading
Heartbleed and Cloudflare: Part 2
Damn, that didn’t take long. A server reboot might have contributed, but it looks like the private key got ganked pretty fast. What would be really nice (as I’ve suggested on the CloudFlare blog) would be if someone (them) could author … Continue reading
Heartbleed and Cloudflare
http://www.zdnet.com/private-keys-may-be-inaccessible-to-heartbleed-7000028356/#ftag=RSS4d2198e 1) CloudFlare rocks. They’re a great organization and they continue to do great things. 2) I suspected that this would be the case, given the very reasons provided (that certificate data is loaded into memory early on, and therefore … Continue reading
[Updated] Heartbleed and the NSA
UPDATE: Looks like the story may well have been based on bad intel: http://arstechnica.com/security/2014/04/nsa-used-heartbleed-nearly-from-the-start-report-claims/ There are some shrieky articles out there, so beware, but that one seemed mostly reasonable. Original Article Below: Well, I did call it: http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html The story … Continue reading
Heartbleed
By now I’m sure everyone’s seen the stories all over the news about the newly-unveiled OpenSSL exploit. If not, here’s an excellent write-up of the situation from Symantec. As always, patch and move on. If you run a publicly-surfaced secure … Continue reading