Security

Two tips to make Railo 4’s default installation more secure

by kai 16/01/2013

You might have read my recent post about installing Railo 4 on a Debian server. Post-install I did a bit of clean up and also used Pete Freitag’s excellent hackmycf.com against that server. Many people might not know that it does support checking Railo servers as well as Adobe ColdFusion servers. Two interesting things popped […]

Read the full article →

Adobe Connect 8 SSL – Certificate Signing Request for multiple domains

by kai 10/09/2012

This is part 3 of a mini-series of posts about Adobe Connect 8 and SSL. It actually was never intended to be a series of posts, it just grew into one – kind of organically. In the last post I explained how one can create a Certificate Signing Request (CSR) for Adobe Connect 8 SSL […]

Read the full article →

Creating a Certificate Signing Request (CSR) for Adobe Connect

by kai 26/08/2012

The other day, I wrote about setting up stunnel for Adobe Connect. When I did the SSL setup for the client I was working with on that occasion, we also had to get the SSL certificate created. The Adobe Connect installation of the client is entirely internal and not used outside their organisation. The way […]

Read the full article →

Adobe Connect 8 SSL – getting stunnel up and running

by kai 22/08/2012

Today I was helping a client to setup proper SSL handling for their Adobe Connect 8 instance. Essentially all they wanted to do was to secure the Adobe Connect web admin with SSL and https; the actual Flash Media Server-based meeting server and its RTMP communication wasn’t going to be secured at this stage. The […]

Read the full article →

Lack of password security at Telecom NZ?

by kai 12/02/2012

I had to change the password for Telecom NZ’s “mbbmeter” application for a prepaid data SIM card the other day. I wanted to create and set a secure password, some mix of latin characters, numbers and special characters. Look at the screenshot below: It didn’t let me. It didn’t allow “symbols” – which means: special […]

Read the full article →

Keep your phpMyAdmin installations up to date!

by marcus 12/08/2010

One of our customers is running an old, but stable 😉 Ubuntu Dapper Server that recently got hacked. The whole system acted totally normal, except for the fact that it ran ssh brute force attacks against several randomly chosen remote servers. So what happened? The attacker used a vulnerability in phpMyAdmin, which once had been […]

Read the full article →

Next Entries →