PEAR Certificate invalid due to Servercrash

Invalid SSL certificate on pear.php.net One of the PEAR servers had a harddisk crash and got replaced by an intermediate Server, which causes the certificate to be invalid at the moment. From the intermediate website: The server running pear.php.net had a fatal hard disk failure and gets replaced by a new machine this week. Until…

VST Plugins

Do VST Plugins contain Viruses or Malware?

The .dll file is the VST Plugin I am doing music production using Image-Line’s Fruity Loops Studio. Just like all major digital audio workstations (DAW), it is capable of loading DLL files as plugins called VST plugins (Virtual Studio Technology). We know DLL files generally contain executable code, and executable code may contain viruses and…

How to generate a new Diffie-Hellman Group

Recently there has been a new hack to break secured traffic when using the Diffie-Hellman key exchange in combination with a weak group param. To generate a new one, use this command:

To include it in Apache, use

…or nginx

More information can be found on this page: https://weakdh.org/sysadmin.html

Notepad++ hacked by LizardSquad

Today, the famous hacker crew “Chameleon Liberty”, also known as #LizardSquad, hacked the Notepad++ website to demonstrate the power of Lizards and Chameleons. The lizard-chameleons demand a list of claims: Here are our claims: Remove Chameleon logo from your shitty product Release all domestic Chameleons Stop exploiting Chameleons in the movies even if they are…

WebRTC deanonymizing Tor / VPN / Proxy users

  Software engineer Daniel Roesler recently discovered how the WebRTC implementation in Mozilla Firefox and Chrome expose your real WAN IP to the website you visit (deanonymizing). The Tor Browser Bundle does currently block WebRTC by default (or at least the demo doesn’t work). When I use Tor through the normal Firefox / Chrome, my real IP is…

How to enable click2play in Chrome

SECURITY ALERT: There are TWO active 0days against Flash in the wild. The latest Flash update only fixes one of them. Set Flash click2play. — InfoSec Taylor Swift (@SwiftOnSecurity) January 22, 2015   A lot of malware and viruses infect your computer through browser plugins. As of today, there are two critical holes in the…

Download 1800 Minecraft Accounts

I have found the list of leaked Minecraft accounts everybody’s talking about, download the three lists here to see whether your account got hacked: http://bit.ly/1CMA9NP (1.8k) (click the first result of the search in the link) http://bit.ly/1kGCEI9 (9k) http://bit.ly/1CMCgBk (4k)   I am not responsible for the contents of the linked file, nor for what you do with it. As…

Let's Encrypt - free, automated, open

Free, reliable, automated HTTPS certificates

Let’s Encrypt is a community-driven effort, so please consider helping out. Our code and protocol specs are available on GitHub. Remember, Let’s Encrypt isn’t operational yet. For now, these programs are only intended for development and testing. Stay tuned for more as we get closer to launching the CA in Q2 2015. Protocol The Let’s Encrypt CA talks…

PHP elephant

PHP.net hacked?

Today I was not able to access PHP.net from within Firefox without a big red warning. Did PHP.net get hacked? I’m currently talking to other people on IRC and news sites to get information about this hack. We are not sure weather this is a false positive at the moment. Update 1: Rasmus Lerdorf: Except…