Search the Site

 

Top
Blog

My Social
Services
Meta
Powered by Squarespace

Entries from August 1, 2010 - August 31, 2010

Thursday
Aug192010

Adobe Coldfusion 8 and 9 Vulnerable to Hijacking

DateThursday, August 19, 2010 at 12:09

Adobe released a security bulletin regarding the Coldfusion web engine. Upgrade / patch your Coldfusion server if you like to stay in control of your webserver. The patch has been classified as important.

An important vulnerability has been identified in ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution to the reported vulnerability. It is recommended that users update their product installation using the instructions provided above.

The patch/update get be downloaded here.

AuthorWillem | CommentPost a Comment |
tagged , , in ,
Monday
Aug162010

'Official' Nikon Hand Strap II Review

DateMonday, August 16, 2010 at 18:29

I was in the market for a hand-strap. Nikon offers a AH-4 hand-strap for their cameras, but that accessory is over $70 USD. Not something you buy without knowing if it 'suits' you. Sure, I could get the official AH-4, and find out after a couple of days that it's not my cup of tea. Chances are slim that the store will get it back with a full refund, since it's used.

So I started to look around for a cheaper option, and I found one (well, several) on eBay. This Nikon Hand-Strap II is supposed to be official in/from Korea, but even the Korean Nikon website only shows the original AH-4. So it's a (cheap) knock-off, but that didn't keep me from getting one.

Click to read more ...

AuthorWillem | Comment5 Comments |
tagged , , , in ,
Thursday
Aug122010

Microsoft Cryptographic Store and Passwords

DateThursday, August 12, 2010 at 18:30

We've been experimenting with with the use of user certificates for VPN access to the lab. Issuing, and using them isn't the problem. The problem is that there's no way of enforcing a password on the use of the private key. You can use private key protection on the certificate template, but that still doesn't enforce a password requirement. The user still has the option to choosing for the notification instead of a password.

Certificate Template - Request Handling OptionsThere's an option to enforce a password, but that's system wide for the Microsoft Cryptographic Service Provider, and we don't want to enforce passwords for ALL certificates. We just want to enforce passwords for this specific template.

Click to read more ...

AuthorWillem | CommentPost a Comment |
tagged , in , ,