Tag: security

Testing CVE-2019-11043 (php-fpm security vulnerability) with LXD system containers

CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution. There is an exploit at PHuiP-FPizdaM that targets certain nginx and php-fpm configurations. On their page, the describe how to use Docker to test this exploit. In this post, we use LXD to test the exploit and verify whether …

Continue reading

Permanent link to this article: https://blog.simos.info/testing-cve-2019-11043-php-fpm-security-vulnerability-with-lxd-system-containers/

Using the LXD Kali container image

If you have a look at the list of container images for LXD (repository images:), you will notice the recent addition of the Kali container images. These were added by Re4son (@kali.org). But Kali is a security distribution, does it make sense to create system containers with Kali? LXD offers system containers, which are similar …

Continue reading

Permanent link to this article: https://blog.simos.info/using-the-lxd-kali-container-image/

Checking the Ubuntu Linux kernel updates on Spectre and Meltdown

Here is the status page for the Ubuntu updates on Spectre and Meltdown. For a background on these vulnerabilities, see the Meltdown and Spectre Attacks website. In this post we are trying out the Spectre & Meltdown Checker on different versions of the stock Ubuntu Linux kernel. Trying the Spectre & Meltdown Checker before any …

Continue reading

Permanent link to this article: https://blog.simos.info/checking-the-ubuntu-linux-kernel-updates-on-spectre-and-meltdown/

How to use Sysdig and Falco with LXD containers

Sysdig (.org) is an open-source container troubleshooting tool and it works by capturing system calls and events directly from the Linux kernel. When you install Sysdig, it adds a new kernel module that it uses to collect all those system calls and events. That is, compared to other tools like strace, lsof and htop, it …

Continue reading

Permanent link to this article: https://blog.simos.info/how-to-use-sysdig-and-falco-with-lxd-containers/

Announcing the Certificate Watch (CertWatch) Firefox addon

CertWatch is a Firefox add-on that helps you control how digital certificates are used when you visit secure websites. While there exist tools that help control how, for example, scripts like Javascript are executed (NoScript addon), there has not been a tool for digital certificates. The closest Firefox addon to the functionality of CertWatch is …

Continue reading

Permanent link to this article: https://blog.simos.info/announcing-the-certificate-watch-certwatch-firefox-addon/

Αναβαθμιστείτε από hotmail σε GMail.com

Ενημέρωση: Μπορείτε να δείτε το περιεχόμενο του άρθρου αυτού και μέσα από το Google Docs, http://docs.google.com/Doc?id=dccdrjqk_14czzrvdcn Έχετε λογαριασμό hotmail και θέλετε να περάσετε στο GMail για όλους τους γνωστούς λόγους και πλεονεκτήματα που παρέχει η υπηρεσία της Google. Πως μπορείτε να κάνετε τη μεταφορά; Πριν λίγους μήνες ήταν εφικτό να προωθούμε αυτόματα την αλληλογραφία που …

Continue reading

Permanent link to this article: https://blog.simos.info/%ce%b1%ce%bd%ce%b1%ce%b2%ce%b1%ce%b8%ce%bc%ce%b9%cf%83%cf%84%ce%b5%ce%af%cf%84%ce%b5-%ce%b1%cf%80%cf%8c-hotmail-%cf%83%ce%b5-gmailcom/

%d bloggers like this: