March 2026
M	T	W	T	F	S	S
	1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Archive for the ‘Security’ Category

VirusTotal: Avira marks a Delphi built executable als false positive

Posted by jpluimers on 2018/12/06

Found out yesterday that Avira marks one of many Delphi 10.1 built executables as false positive; submitted, but VirusTotal shows it as false positive:

It took 2 days to fix, which for an anti-virus company is really slow
After that, and updating the signatures on Windows, Avira still thinks it is a threat:[WayBack] Jeroen Pluimers on Twitter: “Hey @Avira , I submitted a false positive 10 days ago; on virus-total it is now green, but on Windows – with latest Avira updates – Avira sill thinks it is a threat. What’s up?
[WayBack] delphi – Antivirus False positive in my executable – Stack Overflow
[WayBack] Any other Delphi download tagged as “Harmful Download” from Google ? – General Help – Delphi-PRAXiS [en]
[WayBack] security – Delphi applications considered ‘dangerous’ by Google Chrome – Stack Overflow
[WayBack] Google! Don’t be evil! « How to Remove Malware

I think it was Avira too that interfered with my Delphi IDE compiling Delphi applications, especially resource compilation:

–jeroen

Read the rest of this entry »

Posted in Delphi, Development, Security, Software Development | 4 Comments »

Update NOW! CVE-2018-1002105, with root access. Kubernetes’ first major security hole discovered | ZDNet

Posted by jpluimers on 2018/12/04

From [WayBack] Kubernetes’ first major security hole discovered | ZDNet in reverse order:

Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBack] v1.10.11, [WayBack] v1.11.5, [WayBack] v1.12.3, and [WayBack] v1.13.0-rc.1.

…

[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBack] This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

…

And the bug, [WayBack] CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBack] CVSS 9.8 critical security hole.

Via [WayBack] Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+

–jeroen

Posted in Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Security | Leave a Comment »

New official Embarcadero forums online http://community.idera.com/devel- initially only had non-TLS http URLs

Posted by jpluimers on 2018/11/23

If you are not a company good at infrastructure, then do not start hosting new things yourself. This is why I like the DelphiPraxis forums (both English and German), as they really know what they are doing.

Of course, forums never have all the features in a way that each user wants, but DelphiPraxis is secure, has well maintained and public moderators, and a history if quality posts.

But the G+ group did move there for a reason (: [WayBack] We have moved to https://en.delphipraxis.net ! Starting January 1st, 2019 – the G+ Delphi Developers Community will be closed for new posts and new mem… – Lars Fosdal – Google+

After a long series of goofing around with infrastructure (old forums, new forums, now newer forums, years of TLS trouble, selling software or which the infrastructure has been down for a long time), last week, finally they had the [WayBack] New official Embarcadero forums online http://community.idera.com/developer-tools/ The sign-up/login is a bit prickly at first, so keep your login name… – Lars Fosdal – Google+.

The announcement already has a the catch in the title: initially they were http only, so totally insecure for your logon data. They could have easily circumvented that by deploying some LetsEncrypt renewal, for instance the commercial one in Delphi ([WayBack] Execute’s Online Store), of which this is a demo: [WayBack] GitHub – tothpaul/LetsEncryptDelphi: Let’s Encrypt component for Delphi Tokyo 10.2.3

I have not added them to embarcaderomonitoring.wiert.me, as they are now on the Idera.com domain, so I will likely start a special monitoring page for those subdomains.

–jeroen

Posted in Delphi, Development, Power User, Security, Software Development | Leave a Comment »

This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet • The Register

Posted by jpluimers on 2018/11/02

If you run X.org, then patch now because of [WayBack] This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet • The Register

Overwrite arbitrary files? Load arbitrary code? As setuid root? Sure, why not!

This one got introduced in 2016, which is a lot more recent than an issue discovered in 2014 that was “ancient”: [WayBack] ‘Critical’ security bugs dating back to 1987 found in X Window • The Register:

27-year-old flaw and others slain in open-source patch batch

Via eXploit X: Give Me Root” – Computerphile

–jeroen

Read the rest of this entry »

Posted in History, Power User, Security | Leave a Comment »

GitHub – yandex/gixy: Nginx configuration static analyzer

Posted by jpluimers on 2018/10/26

[WayBack] GitHub – yandex/gixy: Nginx configuration static analyzer

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

…

Right now Gixy can find:

[ssrf] Server Side Request Forgery

[http_splitting] HTTP Splitting

[origins] Problems with referrer/origin validation

[add_header_redefinition] Redefining of response headers by “add_header” directive

[host_spoofing] Request’s Host header forgery

[valid_referers] none in valid_referers

[add_header_multiline] Multiline response headers

[alias_traversal] Path traversal via misconfigured alias

You can find things that Gixy is learning to detect at Issues labeled with “new plugin”

This helps you prevent an nginx configuration issue that can server too many static content by using ../ in the web request which got a lot of attention last week, but was in fact already found during 2016 HCTF by Aklis, and presented by Orange Tsai (twitter/github/blog) various times in 2018, including [WayBack] hack.lu 2018.

[WayBack] htctf 你没走过的套路 – Th1s’s Bl0g which has a very good Google Translate
Earlier presentation by Orange Tsai at blackhat 2018 USA: [WayBack] us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
[WayBack] x0rz en Twitter: “Nginx off-by-slash vulnerability, cool trick presented by @orange_8361 at #hacklu… “
[WayBack] Orange Tsai on Twitter: “Be careful the Nginx configuration, or use https://github.com/yandex/gixy to scan your configuration!… “
[WayBack] Orange: This is 🍊 speaking
[WayBack] Talks – hack.lu 2018
hack.lu 2018 videos are being uploaded at https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/videos
[WaBack] Hier ein Hackerterrorcybercyber gegen nginx. twitter… – Kristian Köhntopp – Google+

–jeroen

Read the rest of this entry »

Posted in *nix, DevOps, nginx, Power User, Security | Leave a Comment »

Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking – Naked Security

Posted by jpluimers on 2018/10/22

Medical devices are still vulnerable, five years after this became public:

Former US Vice President Dick Cheney’s doctors disabled his pacemaker’s wireless capabilities to thwart possible assassination attempts, he said in an interview with CBS’s ̶…

[WayBack] Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking – Naked Security

I knew they were, but never realised Dick Cheney had a modified one implanted.

Some people are more equal to others…

via: the below video “Freedom In My Heart And Everywhere” from the linux.conf.au 2012 Keynote by Karen Sandler.

–jeroen

Read the rest of this entry »

Posted in Development, Open Source, Power User, Security, Software Development | Leave a Comment »

Some links on encrypting configuration files or sections

Posted by jpluimers on 2018/10/18

All encryption comes down to a combination of key management and tooling.

With more and more communication projects going on, encryption of the secrets (passwords, API keys, etc) in configuration files, especially the ones that might end up in (sometimes public) repositories will need my attention some day.

My gut feeling is that an asymmetric solution might work best for these kinds of problems.

Here are some links:

[WayBack] How to securely store API keys – DEV Community 👩‍💻👨‍💻
[WayBack] Rails 5.2 credentials – cedarcode – Medium
[WayBack] The best way to store secrets in your app is not to store secrets in your app
via [WayBack] Where is the right place to store db passwords, api keys, etc? What is best prac… | Hacker News:
- [WayBack] GitHub – StackExchange/blackbox: Safely store secrets in Git/Mercurial/Subversion
- [WayBack] Introduction – Vault by HashiCorp (which has key expiration)
- [WayBack] Matthew D Fuller – Blog: Using IAM Roles and S3 to Securely Load Application Credentials
- [WayBack] Keywhiz A file-based secret management and distribution system
- [WayBack] Windows Data Protection
- [WayBack] The Twelve-Factor App A methodology for building modern, scalable, maintainable software-as-a-service apps.
- [WayBack] Encrypting Secret Data at Rest – Kubernetes
[WayBack] ASP.NET IIS Registration Tool (Aspnet_regiis.exe)
- [WayBack] Encrypting and Decrypting Configuration Sections
- It can do asymmetric encryption as explained at [WayBack] Encrypting Credentials in App.config for Multiple Machines | My Web Anecdotes

–jeroen

Posted in Development, Encryption, Security, Software Development | Leave a Comment »

Do change your underwear often, but not your passwords. Keep both of your desk and do not share them with anyone.

Posted by jpluimers on 2018/09/18

Maastricht University got 2 out of 3: [WayBack] https://twitter.com/ml2mst/status/1030626908629811200 – Jeroen Wiert Pluimers – Google+

–jeroen

via [WayBack] Marti van Lin 🇳🇱 🇮🇱 on Twitter : “Some useful advice from @MaastrichtU #Security #passwords #computerintelligence 😂😂😂 cc: @nixcraft… “

https://twitter.com/ml2mst/status/1030626908629811200

Posted in Power User, Security | Leave a Comment »

Some interesting presentations by Arjen Kamphuis

Posted by jpluimers on 2018/09/17

The missing of [WayBack] Arjen Kamphuis (@ArjenKamphuis) | Twitter, made me revisit some of his past videos. In addition, I made the list quite a bit longer, as I was not aware he made so many presentations.

Many, but not all, of these videos are listed no YouTube video channel of Arjen Kamphuis.

Be sure to read the book Information Security for Journalists – Gendo he co-authored with Silkie Carlo.

–jeroen

Posted in Power User, Security | Leave a Comment »

Privacy Badger was blocking fsdn.com CDN domains

Posted by jpluimers on 2018/09/14

Not sure why Privacy Badger blocked both fsdn.com and a.fsdn.com (if someone knows how to find that out: please let me know), but these are CDN domains are used by Slashdot and sf.net, so I have put a.fsdn.com from red to yellow (no cookies).

I have not unblocked s.fsdn.com, which redirects to sourceforge.net over TLS.

–jeroen

Read the rest of this entry »

Posted in Internet, Power User, Security | Leave a Comment »

« Previous Entries

Next Entries »

	Attila Kovacs on Crowbarring Windows 95 into Wi…
	Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N…
	Lars Fosdal on Security alarm provider Woonve…
	Thomas Mueller on Question got closed in May 202…
	Thaddy de Koning on Formulier voor bewindvoerders…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Security’ Category

VirusTotal: Avira marks a Delphi built executable als false positive

Update NOW! CVE-2018-1002105, with root access. Kubernetes’ first major security hole discovered | ZDNet

New official Embarcadero forums online http://community.idera.com/devel- initially only had non-TLS http URLs

This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet • The Register

GitHub – yandex/gixy: Nginx configuration static analyzer

Doctors disabled wireless in Dick Cheney’s pacemaker to thwart hacking – Naked Security

Some links on encrypting configuration files or sections

Do change your underwear often, but not your passwords. Keep both of your desk and do not share them with anyone.

Some interesting presentations by Arjen Kamphuis

Privacy Badger was blocking fsdn.com CDN domains

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Security’ Category

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this: