Monthly Archives: October 2014

What is Seafile?

Although Dropbox is extremely user-friendly, many companies do not use it for security reasons. As a result, Dropbox analogies operating within an enterprise network start to appear on the market. One of them is Seafile.

More precisely, Seafile is a Dropbox-like cloud data store that allows users to store their data on cloud servers and share information with other users on the Internet. In addition to the basic functions of remote server storage and data synchronization, Seafile provides flexible opportunities for content sharing and collaboration. Let’s examine Seafile advantages in detail. More →

What is POODLE SSLv3 Vulnerability?

On the fourteenth of October, 2014, a dangerous vulnerability of SSLv3 encryption protocol called POODLE (Padding Oracle On Downgraded Legacy Encryption) was detected. It allows a cracker to get the information encoded by this version of the protocol using man-in-the-middle attack. To be more precise, this bug is a possibility of Padding Oracle attack that allows an attacker to send their data to the server via SSLv3 in the name of the victim and decrypt 1 byte per 256 requests.

Theoretically, the attack can be implemented on any service that supports SSLv3 protocol. Moreover, the attacker can intentionally force the client to connect via SSLv3 More →

Heartbleed Bug FAQ

Unfortunately, Heartbleed OpenSSL vulnerability found in April 2014 proved to be non-trivial and extremely common. Moreover, many users still have some question concerning this bug. Since the problem is still relevant, it is necessary to clear it up. Let’s ask the most important questions and try to give them simple truthful answers.

How actually dangerous Heartbleed bug is? Bruce Schneier, a recognized cryptography expert, said that it is 11 points on a scale of 1 to 10. More →

Reasons to use Magento

Today e-commerce is attracting a growing number of people. Due to the Internet popularity, developing companies can safely withstand competition with larger and more successful ones. Selling goods online gives you the opportunity to minimize costs, expand into new markets, and attract more consumers.

But first it is necessary to supply the process of site development. Of course, this task is directly linked with software. Magento e-commerce system is one of the best boxed solutions in such a case. Magento is a completely free open source CMS specifically designed for online store development and support. Nowadays it is one of the most popular e-commerce engines in the world due to its flexible functions, namely: More →

What is Shellshock and how to fix it?

Shellshock (or Bashdoor) is a series of software vulnerabilities found in GNU Bash in September, 2014. The level of danger currently assigned to this vulnerability by NVD is ‘10 of 10’; moreover, it needs no authentication to use Bash through CGI scripts. Vulnerability affects all Bash versions of nearly 25 years (including 4.3). Alas, the vulnerability can be preserved in the future versions. Let’s clarify the essence of the bug.

The main danger is the ability to arbitrarily set the environment variables in the bash shell. The problem appears when the bash shell continues to process commands after the function definition, so it allows to perform code injection attack. Thus, at the moment bash interpreter processes some code line any command can be executed. In the context of the Web, it can be done through such mechanism as CGI script (not necessarily via a request header). Keep in mind that the path and query string can also be a potential attack vector. More →