A proof of concept of a vulnerability in Parallels Confixx 3.3.9 (latest and final version) allowing an attacker to gain full write access (as root) to a UNIX server operating said hosting software.
A small comparison just cost me half an hour of valueable time.
In an ongoing series, I shall present another PHP WTF: The Boolean paradox.
At work I’m stuck with Microsoft Office XP Professional. My previous workstation was one that belonged in a museum (and now luckily is) and had no problems activating Office XP. With my new and shiny workstation (running Windows 7 Professional 64-bit), activating the software was impossible.
I wrote an upgraded variant of the Apache killer script propagated on Full Disclosure capable of HTTPS requests. Also, other than its descendant, it can follow a server’s initial response for redirection which the original script interprets as the server not being vulnerable.
Script is available here: Apache Vulnerability Check (687)
This script merely checks for vulnarabilities but will not exploit them.
As of version 5.3 of PHP, certain features and functions are considered deprecated. It comes with the territory. In major version changes, new features are added while old stuff is discarded. Unsurprisingly – and lucky for me, with that change in versions comes yet another WTF for me to rant about.
Strong passwords are a necessity when it comes to securing almost anything. This article shows how you can go that extra mile to securing access to an OpenSSH enabled server using not passwords but by flashing a badge…
I seriously have to double-check my upgrading policies. Only thanks to WordPress’ new requirements have I decided to finally update this server.
Though I had to say goodbye to 526 days of uptime, I kinda feel better now knowing it’s not running on Debian Etch anymore.