Blogging Techstacks

Ivan Ristić posted a couple of articles earlier this month that will be really useful for security professionals and systems administrators.

The first is titled "Defending against the BREACH attack", which provides background and mitigation instructions for protecting against this new attack.

The second is titled "Increasing DHE strength on Apache 2.4.x", which describes a problem (as well as a solution) that occurs when using a default compile of the Apache web server and OpenSSL and when one is looking to use Diffie-Hellman parameters stronger than 1024 bits in conjunction with ciphers supporting Forward Secrecy.

The Apache HTTP Server project announced the release of Apache HTTP Server 2.4.6 today. This release fixes two security vulnerbilities, quite a few bug fixes, and contains the following enhancements:

• Major updates to mod_lua
• Support for proxying websocket requests
• Higher performant shm-based cache implementation
• Addition of mod_macro for easier configuration management

The changelog lists all that is new, enhanced, and fixed in this release and you can download source and binaries from a mirror near you.

In addition to today's release of version 2.2.25, the Apache HTTP Server team released version 2.0.65 today. This version fixes 6 security vulnerabilities and 13 other fixes. The Apache HTTP Server 2.0.65 Changelog provides some more details on what was fixed in this release. 

Download source and binaries from a mirror near you.

The vulnerabilities addressed in this release are: CVE-2013-1862, CVE-2012-0053, CVE-2012-0031, CVE-2011-3368, CVE-2011-3192, and CVE-2011-3607.