Category Archives: security - Page 2

Invitation to the OWASP Kraków meeting

OWASP logoI’ll have 40 – minute talk on this OWASP meeting – so If You’re interested in system level security, resources management, network isolation and restricting shell access – come, listen and have a talk with us :)

There’ll be also discussion about current situation regarding to NSA, Prism & Snowden and Wojciech Dworakowski’s presentation about new edition of OWASP top 10.

Register now ;)


Apache SSL cipher / protocol hardening

While preparing to the RHCE exam I rechecked my standard SSL configurations and came to conclusion, that I should probably update my SSLCipherSuite value. I also updated SSLProtocol and switched SSLHonorCipherOrder in the way that the server’s preference of SSLCipherSuite is used instead of the browser’s:

As You can see I also disabled SSLv3 in the SSLProtocol. Why? Because even IE8 on Windows XP uses TLSv1 :) You could also enter +TLSv1.1 or even +TLSv1.2 when using appropriate version of OpenSSL.


After applying changes make sure that new config will pass SSL tests

CVE-2013-2094 – local root exploit for kernels 2.6.37 – 3.8.8 (and 2.6.32 on RHEL/CentOS)

Here is more info:

This is tagged as CVE-2013-2094:


Just run it like below to check If You’re affected:

So remember, that:

is just workaround for this particular exploit and is not a solution. Patch is available here: ; You can also apply this one:

Update: kernel update fixing this issue is ready at RHEL network: