Jaan Paljasma | Tech Blog

Not even automakers like Tesla are immune to hacking Two researchers - Kevin Mahaffey, CTO of security startup Lookout, and Marc Rogers, a security researcher at CloudFlare - said they were able to take control of a Tesla Model S by hacking into the car's entertainment system. When the car was cruising at less than five miles per hour or idling, the researchers were able to apply the emergency hand brake, bringing the car to an immediate stop. Physical access to the car was necessary Researchers emphasized that physical access to the car was needed to carry out the hack. For their research, he and Rogers plugged a laptop into a Model S ethernet port and exploited the vulnerabilities until they tapped into the entertainment software. Back in the old days one would simply cut few wires or brake cables. Patch applied Over-the-Air It’s impossible to prevent an attack from hitting a car’s computer system, Mahaffey said. “The question is how do you respond quickly with ...

You should be FREAK ing out because of this encryption bug found in Windows and Internet Explorer. And if you are still the one using Windows XP, then most probably your PC is affected too, but don't wait Windows to send you any security updates on the way because  Windows XP support ended on April 8, 2014 . Windows 10 Tech Preview, Courtesy of Microsoft In a security advisory released Thursday, Microsoft has confirmed that Windows was and still is, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys). Earlier this week there were rumors that IE and Windows users were not affected by this bug. What is FREAK? It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. FreakAttack.com is dedicated to tracking the impact of the attack and helping users test whether they’re vulnerable. Popular sites that are vulnerabl...

Two biggest WordPress caching plugins are reported having serious vulnerability, allowing arbitrary code execution in specific HTML comments. Meaning, adversary can post comment on your site including specific text, and bug in W3TC allows executing any code he wants. Here's an example: <!–mfunc echo PHP_VERSION; –><!–/mfunc–> This command will output web server PHP version in a comment area. Whats the big deal? Well, nothing stops writing into mfunc real function which will print out mysql connection strings in first comment, and use second comment to wipe out everything from your database, something like this: <!–mfunc echo file_get_contents(ABSPATH.'wp-config.php'); –><!–/mfunc–> If you are using 3rd party commenting plugins you are safe, but you should still keep your WordPress installation and all plugins always up to date. Original article can be found here: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately...

You have made right choice by selecting nginx as your web server! According to Netcraft nginx served or proxied 12.96% busiest sites in April 2013 . Setting up nginx with OpenSSL is easy, and I will not cover it here. The goal is to enable SSL on your domain.com website, and just like anything with nginx, everything is very straight forward. I am using latest Amazon Linux in AWS with nginx/1.2.6 and php-fpm installed,  and GeoTrust as digital certificate provider. GeoTrust has product called QuickSSL Premium , which takes just minutes to get your certificate, and it even comes with free trial. Step One - Generate Certificate Signing Request (CSR)  Lets generate a key pairs. In this example, I will bypass the passphrase request. 1) generate private key Log in to your Amazon linux box via SSH, and generate 2048 bit RSA private key: openssl genrsa -out www.domain.com.key 2048 For encrypted keys, use -des3 parameter. If you don't use encryption for your priva...