It has come to my knowledge that SSL certificates that use the MD5 algorithm have been successfully hacked and are vulnerable to attacks. Only Verisign (owners of RapidSSL since 2006) have stated that they have stopped using MD5-signing for RapidSSL certificates, and will have phased out MD5-signing across all their certificate products by the end of January 2009
View 7 Replies
I am just trying to understand RSA encryption.
Just say I have three parties Alice, Bob and Eve.
All parties have access to Bob's Public Key.
Alice is going to send Bob an encrypted message of either "1" or "0" (without quotes)
Eve manages to intercept Alice's message.
If Eve encrypts "1" and "0" using Bob's Public Key, will one of them be the same as Alice's encrypted message?
My VPS provider just setup and delivered my new VPS ;-)
He also optimized and secured it.
These are the details of the setup he did:
Cleaned up /etc/hosts
SSH Server Hardening
PHP Hardening
Advanced Policy Firewall (APF) With IP Blacklists Configured
APF Add-on - Brute Force Detection (BFD) Dos/DDoS Prevention
Basic Apache Optimization
Basic MySQL Optimization
Is this enough or should i do more to let the VPS run smoothly and secure?
some hostings around WHT have a small "feature" enabled on all shared or reseller servers. This feature allows read/write on local files. Php safe mode or open_basedir won't help here
CREATE TABLE data (text LONGTEXT);
LOAD DATA LOCAL INFILE '/etc/named.conf' INTO TABLE data;
This SQL query allows me to load local 'named.conf' to mysql database.
Code:
SELECT text FROM data INTO OUTFILE '/etc/file';
This SQL query allow me to write data from mysql to local file.
Last year I bought some shared and reseller packages, it worked 100%. None from 17 providers have disabled it. Also some of them are well known and big.
I've wrote emails to them, reported this "feature", hope they have disabled it ;-).
To disable add to my.cnf file :
Code:
[mysqld]
local-infile=0
I tried searching around but maybe someone can steer me in the right direction.
I, as probably many other people, are in an interesting predicament.
I love my VPS right now...however obviously since I started with my VPS I'm about to out grow it, with the amount of power that I need.
What I'm looking for is a server which is completely managed, completely secured (some sort of active virus scanning), however I can get in there and have complete control like I would with my VPS, but obviously with more resources.
What I'm looking for is:
2-4GBs of ram
Pentium D (minimum) up to a Xeon 3220 SINGLE processor
1000 - 2000TB / bandwidth
100mb/s uplink
Windows 03 would be great, I'll settle for CentOS though
Budget max is $170/mo.
how to check if you host has made their job correct ?
We are looking into a PCI scan just because of the security, we do not need to be PCI compliant, but the security standard is what I believe the most reliable to stick to.
There has been a recent rash of Windows 2003 customers being hacked and having "UTorrent" installed, as well as having their Administrator password changed, rendering the server inaccessible.
At the moment, we have yet to determine the vulnerability in Windows allowing the hackers to breach the systems however we believe it is related to RDP.
We highly suggest you are complying with the following, to lessen your risk of having your server compromised:
1) Run RDP on a non-standard port
[url]
2) Run a software firewall on your machine, blocking ALL unnecessary ports on your server. You should only have the bare minimum open.
3) Limit any non-public access to your IP and trusted IP's only. This will prevent any other outside networks or servers from reaching your machine through ports which are not meant to be public (http for example)
4) Ensure you have FULL updates for your Windows O/S, immediately.
5) Ensure any 3rd party software you are running, has also been fully updated to the latest version including any patches.
Please make sure these suggestions are implemented immediately to lessen you risk of being hacked by the current wave of exploits.
Here are my requirements:
A. Space: 1/2 a secured cabinet
B. Location : Bay area
C. Power: 8 amps
D. B/w: 1 Mbps
I got quotes from
A. www.bayarea.net for 1 cabinet with 20 amps $699
B. www.he.net for 1 cabinet with 15 amps $600
C. www.svcolo.com/ for 1 cabinet with 15 amps $695
I am wondering who can give me 1/2 a secured cabinet for around $300 to $400
I have installed an SSL certificate on my website since last saturday the 1st of May, and forced redirection to https URLs via .htaccess.
Since then, I cannot see any statistics in AWStats. All values stops after the implementation of the certificate. How can I continue to have statistics for my secured web site ?
