Vakava haavoittuvuus selaimien ja palvelimien SSL/TLS-suojauksessa

September 21st, 2011 1 comment

Tietokone-lehti:
Vakava haavoittuvuus löytyi selaimien ssl-suojauksesta

Selainten haavoittuvuus

Näyttäisi siltä, että tällä hetkellä suosituimmista selaimista Firefox, Chrome ja Safari tukevat vain TLS 1.0:aa. Internet Explorer 8+ (vain Windows 7 ja Windows Server 2008 R2 -alustoilla) ja Opera 10+ tukevat jo TLS 1.2:sta.
http://en.wikipedia.org/wiki/Transport_Layer_Security#Browser_implementations
http://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations

IE:ssä tuo TLS 1.1 ja 1.2 tuki on kuitenkin oletuksena pois käytöstä. Kyseisten protokollien käyttöönotto onnistuu (englanninkielisessä versiossa) seuraavan valikon kautta: Internet Options -> Advanced -> [x] Use TLS 1.1 ja [x] Use TLS 1.2.

Firefox ja Chrome käyttävät kumpikin SSL/TLS-yhteyksiin Mozilla Network Security
Services (NSS)
-kirjastoa, joka ei vielä tue TLS 1.1:stä eikä TLS 1.2:sta. Tämän ongelman saama julkisuus nostikin jo hetki sitten TLS 1.2:n implementoinnin prioriteettia (“enhancement” ➔ “major”): https://bugzilla.mozilla.org/show_bug.cgi?id=480514. Read more…

Categories: Finnish, Security Tags: , , ,

Generating monthly and weekly IRC stats with pisg

March 25th, 2011 2 comments

This tutorial shows you how to configure automatic generation of all time, monthly and weekly IRC statistics from Irssi log files using pisg and a custom bash script by me. A PHP script (also by me) is also provided for injecting handy navigation links to the HTML files generated by pisg for easy navigation between all time, monthly and weekly stats of a specific channel.

Apache mod_rewrite is used for providing fancy URL access to the PHP enhanced statistics. PHP and mod_rewrite aren’t necessarily needed, but they make things handier and prettier.

In this example the Irssi log files are stored on a remote shell, and they are retrieved automatically with scp using public key authentication, but this is not necessary if you already have the Irssi log files on the same machine where you are generating the stats. Read more…

Categories: Uncategorized Tags: , , , , ,

Open Flash Chart

July 5th, 2009 7 comments
ofc2-charts

OFC2 Example Charts

Have you ever wanted to have some data you have gathered (e.g. your website’s visitor statistics, poll results etc.) to be displayed visually as a fancy graphical chart on your website? Open Flash Chart (OFC) is an easy to use solution for displaying any data as stunning Flash charts. OFC is licensed in LGPL.

OFC is a single Flash (.swf) file that reads it’s data and configuration parameters in JSON format. You can have the JSON data in a dedicated text file or you can feed it through JavaScript for most flexibility when having multiple charts on one page. OFC comes with PHP, Ruby, Perl, Python, .NET and Java classes (which are also LGPL) for configuring charts (generating the JSON data). Read more…

css.php