FFFjacking is new web browser hacking technique discovered by Roman Kümmel (aka .cCuMiNn.). Even though it requires a little of social engineering, it is quite dangerous. Yet another string to add to the bow.
How the hell is it possible that after so many months, the fix for OpenSSL renegociation has not been yet included in either Chrome (6.0.4) or Opera (10.61)? I haven’t tested other browsers though, except Firefox which at least has fixed the issue since several months.
So there are some news from the front of OpenSSL CVE-2009-3555 (see this and this for the history). Now the latest version of Apache mod_ssl (2.2) embeds an option to reactivate old way client renegociation : Check the official doc for more details. With this option activated, you can now safely upgrade openSSL and mod_ssl [...]
I found this initiative, apparently started in Sweden, quite funny but also educative. So I just set up the Shockingly Big IE6 Warning plugin in this blog. Then I became curious and checked the stats of this site : So there is still about 9% of our visitors that are running IE 6 and 3% [...]
¶
Posted 03 March 2009
§
Web § Web
‡
°
Also tagged: IE
I am using a client certificate to authenticate against some Apache HTTPS website. By default, Firefox 3 has a very annoying setting : it will prompt you with a box to select your certificate, every time the browser access to a file. I quickly realized that there is not setting in the preference tab to [...]
