Blogging Techstacks

Those scamps at VeriSign must be the life of parties!  What could be more hilarious than selling a three year certificate chained to an intermediate certificate that expires in only one year?  How about providing four days notice of the impending expiration of that intermediate certificate?

For folks wondering why their Global/Secure Site Pro certificate-secured sites are in browser-warning mode today, VeriSign posted the following support article on October 20, 2011.  In an article titled "Old "www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97" Intermediate CA Certificate will expire on October 24, 2011" (I know, I know...4 days notice...vague article title...)

In a nutshell, if your certificate is no longer trusted because of the October 24, 2011 Intermediate certificate expiration, you need to replace that certificate with a new Intermediate cert.  This new one expires on October 24, 2016.

I nearly fell out of my chair when I came across this post at the Internet Storm Center:  JBoss Worm.  JBoss certainly has come a long way--now it's got a worm!  The JBoss Community article "Statement Regarding Security Threat to JBoss Application Server" has some additional information but both the ISC and JBoss Community articles are a bit short on information--for example, I'm kind of interested what kind of code gets executed once infection as occurred.  (Update:  OK, I take that last sentence back.  The first comment descibes what the worm does in very nice detail)

The worm spreads by connecting to unsecured jmx consoles and then executes code as the user jboss runs as.  If you hadn't followed the instructions in "Securing the JMX and Web Console" to restrict access to the jmx console, placed your app servers in your DMZs, and figured running them on port 80 as root was fine because "it's *just* jboss...who hacks jboss?" then you're in for a rough night and/or weekend.

If you are front-ending your jboss servers with Apache and figured setting a ProxyPass and ProxyPassReverse for "/" to your app servers was fine, it wasn't.  The same applies to those mod_jk JkMount's for "/*".

www.apple.com unavailable after iPhone event keynote ended.