Tag: security

  • Let’s Encrypt SSL Certificates and Nginx

    Let’s Encrypt SSL Certificates and Nginx

    HTTPS and Encryption by Default Encryption by default has become the new standard for web applications and many of the world’s top busiest sites have already made the switch to serving content via HTTPS. Google is no stranger to encryption, having made HTTPS the default for many of their apps long before it was cool, […]

  • Poodlebleed exploits SSL 3.0

    Poodlebleed exploits SSL 3.0

    Despite being 15 years old, and theoretically replaced by TLS, SSL 3.0 is still in widespread use. As luck would have it, yesterday Google¬†researchers revealed a vulnerability in 3.0 which¬†allows for the decryption of secure connections. Poodlebleed is a vulnerability in the design of SSL version 3.0. Poodle is actually an acronym for Padding Oracle…

  • Initial steps on a new Ubuntu 14.04 server

    Initial steps on a new Ubuntu 14.04 server

    Ubuntu 14.04 If you just logged in to a fresh installation of Ubuntu 14.04 (Trusty Tahr), there are a few steps you’ll want to take immediately to help secure your new server. The IP blocks used by the various VPS providers are constantly being scanned, and brute force attacks will begin even if you’re deploying…

  • Update Bash on Linux and Mac machines to protect against ShellShock vulnerability

    Update Bash on Linux and Mac machines to protect against ShellShock vulnerability

    If you have any Linux or Mac machines, you’ll want to update Bash due to a vulnerability announced by RedHat called ShellShock. This vulnerability allows an attacker to inject their own code into Bash using environment variable assignment. You can check if your machine is vulnerable by running the following at a Bash prompt: env…