Records management company Iron Mountain have just published a report on public sector agencies, revealing that around 40% have suffered a data breach. It also noted that information security teams are under-resourced, lacking in the required skills or are performing roles above their grade. Considering…
Political hacking – the latest cyber threat
Regardless if you believe North Korea were the culprits or not, everyone will acknowledge that since the Sony hack, we’ve all started to take cyber terrorism a little more seriously. You mean they don’t just want financial details and government intelligence? No, that’s right, terrorists…
Troubleshooting tips for Apache, Part 4 – Run Apache HTTP Server as a single process
Run Apache HTTP Server as a single process and use debugging tools A typical Apache HTTP Server installation runs with several processes. However, to simplify troubleshooting it’s best to run Apache as a single process. This can be done by using the X option when…
FREAK first major SSL bug for 2015
If anyone thought that big bugs would end with (a disastrous) 2014, 2015 looks as though it will also cause network admins to fret. The first in the series of BIG bugs for 2015 has just been uncovered. Nicknamed FREAK, this vulnerability breaks SSL, allowing…
Troubleshooting tips for Apache, Part 3 – Apache Server modules
Use the mod_whatkilledus module When things go really bad, and Apache server crashes, The mod_whatkilledus module can be used to log detailed technical information about the crash together with the original client request which caused it. Additionally, if the mod_backtrace module is enabled, a backtrace…
Scanning vs Pen Testing
For those intent on having top notch security measures in place, the question shouldn’t really be ‘automatic or manual pen testing?’ but rather ‘how much of each?’ A web application scanner, used to identify security vulnerabilities in your web applications does not replace an experienced…
Troubleshooting tips for Apache, Part 2 – Apache HTTP Server logs
Apache HTTP Server logs First and foremost, the Apache HTTP Server error log should be analysed as this provides detailed information about any errors that have occurred on your web server. By default errors are logged in the error_log file located in the logs directory…
Troubleshooting tips for Apache, Part 1 – Verifying Apache HTTP Server Configuration and Version
Verify your Apache HTTP Server configuration Apache HTTP Server issues may also be a result of a misconfigured Apache httpd.conf configuration file. Going over the whole configuration file searching for typos may be a cumbersome task, but thankfully Apache provides a way to scan your…
The Internet of Things; Technological Paranoia Brought to Life
An emerging development which is a growing risk to security is the ‘internet of things’ (IoT). This refers to appliances which are connected to the internet and can, therefore, be hacked just as a computer can be. While their functionality might be limited, there have…