-
Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites
The UK National Infrastructure Security Co-ordination Centre (NISCC) developed a test suite for SSL/TLS implementations, designed to detect vulnerabilities caused by the implementation responding badly to deliberately malformed certificate syntax. These tests have been run against a number of Vendors' implementations, several of which are either vulnerable to some extent, or are still awaiting the manufacturer's feedback, and the results are sumarised on the NISCC web site.The tests were made available to the OpenSSL team, and three specific vulnerabilities were found. These could result in denial of service, or theoretically allow execution of arbitrary code, when OpenSSL is presented with a malformed client certificate. The fixes for these problems are available in the latest versions (0.9.6k and 0.9.7c).
(more...)OpenSSL
versionNo. of
sitesApplicable
advisoriesEffect 0.9.6d and
earlier25539 30-Jul-2002 Practical to run arbitrary code remotely 0.9.6e-h and
0.9.714116 19-Feb-2003 Practical (LAN) attack to recover frequently repeated plaintext such as passwords 0.9.6i and
0.9.7a5877 17-Mar-2003
19-Mar-2003Practical (LAN) attacks to obtain or use secret key 0.9.6j and
0.9.7b4003 30-Sep-2003 Denial of Service, and theoretically possible run arbitrary code remotely 0.9.6k and
0.9.7c1356 Clean at present Total all
versions50891 Posted by Netcraft Admin on 3rd November, 2003 in Security
-
Secure Dog Hosting most reliable hosting company site during October
Secure hosting specialist, DITSCAP certified Secure Dog Hosting became the first hosting company to have its site run a complete calander month without a single request from any of our five performance monitoring machines failing. This speaks strongly for its routing providers, and the generally benign conditions on the Internet over the last month as well as for the stability and responsiveness of its own infrastructure.Sites running on BSD operating systems occupied the first four places: Secure Dog Hosting runs OpenBSD, Pair Networks, INetU, and IPowerweb all use FreeBSD. The top placed European company site was Energis, who provide the connectivity for Netcraft's own web sites. None of the performance measurement points is on Energis' network.
Ranking by Failed Requests and Connection time,
October 1st - October 31st
(more...)
Posted by Mike Prettejohn on 2nd November, 2003 in Hosting, Performance
Advertisers Directory
- Rackspace Hosting
- Compare the Best Web Hosting Companies
- INetU Managed Hosting - Dedicated Servers
- Windows Dedicated Servers from Server Intellect
- Business Web Hosting Services - webhosting.uk.com
- Web Hosting - Dedicated Servers & VPS Hosting
- Managed Hosting - PCI Compliance by NeoSpire
- PEER 1 UK Hosting - Web Hosting & Managed Hosting
- PEER 1 Web Hosting - Managed Servers in the UK
- Bespoke European SEO Hosting - Over 150 C-Classes
- Best SEO Pay For Performance SEO
- SSL Certificates from 15 EURO per year
- Award winning reseller hosting, VPS and web hosting from Heart Internet