UPDATE (16/Apr/2014): Following a lead from the Firebase Support it looks like the problem could be inside Azure for all SSL, since "https://www.google.pt".GET(); also doesn't work.
Just had a really weird scenario happen to me in the last couple hours, which could be somebody hacking Azure (but I think there is a more benign explanation)
The new version of TeamMentor (currently in 3.4.1 RC0) has a really cool real-time log/activity log viewer which uses Firebase to push data and pull data (from a 'configured TM server' into 'multiple browser-based viewers').
For a while all was good (both locally and in Azure), but in the last couple hours, I noticed that the 'data push' stopped working (i.e. my test version of TM running on Azure was not pushing Activities, DebugMsg and RequestUrls into the assigned Firebase account).
Here is what the viewer looks like (with new messages not being received):
A personal blog about: transforming Web Application Security into an 'Application Visibility' engine, the OWASP O2 Platform, Application/Data interoperability and a lot more
Friday, 11 April 2014
On the unrealistic expectations on OWASP board members, and the 'myth of the OWASP Board member'
Following Michael's original OWASP.next post to the leaders list (regarding his OWASP.next post on the OWASP blog), Dennis replied with a number of examples of rotten leadership which I don't really agree with and posted the text bellow as my reply
For a while I have been saying that putting such 'expectations and requirements' on board members was going to cause a lot of friction and this is just another example of it
For a while I have been saying that putting such 'expectations and requirements' on board members was going to cause a lot of friction and this is just another example of it
I don't actually agree with Dennis analysis. But the reason I don't agree is not due to the fact that he is correct (or not) in his analysis. My view is that it is completely unrealistic to put such a high level of expectation on OWASP board members, specially in terms of their: behaviour, morals, actions and words. My biggest problem with current/past board members is on lack of action, decisions and delegation of duties :)
Labels:
OWASP
Thursday, 10 April 2014
RIP 'Belly Cruz', 12 year old Labrador
Today was a sad day :(
We had to put our 12 year 'belly' to 'sleep'
She got hit by a brain tumour a couple weeks ago, which left her without being able to walk and without any quality of life.
But what we have to remember, is that she had a great life, fully of joy and happiness (although she never managed to catch the squirrel, even after hundreds of attempts).
She was able to keep a mental map of every single plate/pot/pan that had not been licked (yet), and was always super excited to find our house (after going our for a walk).
She will be missed ... our silly dog....
We had to put our 12 year 'belly' to 'sleep'
She got hit by a brain tumour a couple weeks ago, which left her without being able to walk and without any quality of life.
But what we have to remember, is that she had a great life, fully of joy and happiness (although she never managed to catch the squirrel, even after hundreds of attempts).
She was able to keep a mental map of every single plate/pot/pan that had not been licked (yet), and was always super excited to find our house (after going our for a walk).
She will be missed ... our silly dog....
Labels:
Philosophy
Tuesday, 8 April 2014
OpenSSL Heartbleed Bug (read server side memory anonymously)
Wow, this is a pretty nasty vulnerability:
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."
(from http://heartbleed.com/)
See if your website is vulnerable using: http://filippo.io/Heartbleed/
PoCs:
"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."
(from http://heartbleed.com/)
See if your website is vulnerable using: http://filippo.io/Heartbleed/
PoCs:
- GitHub repo for the http://filippo.io/Heartbleed/ test site (in Go)
- OpenSSL heartbeat PoC with STARTTLS support. (in Python)
References
- Reddit threads: Technology , Netsec
- Diagnosis of the OpenSSL Heartbleed Bug
- See list at the end of http://heartbleed.com/
Labels:
Security
Monday, 7 April 2014
Published Beta version of "Practical O2 Platform Tools" eBook
After releasing the "Practical AngularJS", Practical Git and GitHub, Practical Jni4Net and Practical Eclipse books, here is an equivalent book containing the O2 Platform Tools related blog posts.
This new eBook has 113 pages and is made of 23 blog posts published in the last couple years.
The posts are grouped by topic and represent a number of mini-tools created by the O2 Platform
This eBook is available at https://leanpub.com/Practical_O2Platform
This new eBook has 113 pages and is made of 23 blog posts published in the last couple years.
The posts are grouped by topic and represent a number of mini-tools created by the O2 Platform
This eBook is available at https://leanpub.com/Practical_O2Platform
Labels:
LeanPub,
O2 Platform
Sunday, 6 April 2014
Workflow to create a new LeanPub book from blogger posts
After creating a number of Leanpub based books, I've come up with a workflow that works quite well for me.
This workflow is based on Managing LeanPub book's Markdown content using Git and GitHub (synced to back to LeanPub via DropBox) which is supported by the following technologies:
This workflow is based on Managing LeanPub book's Markdown content using Git and GitHub (synced to back to LeanPub via DropBox) which is supported by the following technologies:
Subscribe to:
Posts (Atom)