How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE
II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Continue reading “How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE”

How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE

Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE
II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Continue reading “How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE”

How to Create a Self-Signed SSL Certificate on CentOS

An SSL certificate is an electronic ‘document’ that is used to bind together a public security key and a website’s identity information (such as name, location, etc.) by means of a digital signature. The ‘document’ is issued by a certificate provider such as GlobalSign, Verisign, GoDaddy, Comodo, Thawte, and others. For more information, visit the article: What is an SSL Certificate?

In this article we’re going to be covering how to create a self-signed SSL certificate and assign it to a domain in Apache. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Pre-Flight Check
  • These instructions are intended for creating a self-signed SSL certificate and assigning it to a domain in Apache.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “How to Create a Self-Signed SSL Certificate on CentOS”

How to Create a Self-signed SSL Certificate on Ubuntu

An SSL certificate is an electronic ‘document’ that is used to bind together a public security key and a website’s identity information (such as name, location, etc.) by means of a digital signature. The ‘document’ is issued by a certificate provider such as GlobalSign, Verisign, GoDaddy, Comodo, Thawte, and others. For more information, visit the article: What is an SSL Certificate?

In this article we’re going to be covering how to create a self-signed SSL certificate and assign it to a domain in Apache. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Pre-Flight Check
  • These instructions are intended for creating a self-signed SSL certificate and assigning it to a domain in Apache.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 14.04 server, and I’ll be logged in as root.

Continue reading “How to Create a Self-signed SSL Certificate on Ubuntu”

Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“. As of June 05, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

This vulnerability is likely not as severe as the Heartbleed Bug. In some circumstances, this flaw allows an attacker to conduct a man-in-the-middle attack on servers running vulnerable versions of OpenSSL. The attacker would be required to intercept and alter network traffic, and do so in real time, to exploit the flaw; in that case, the attacker could potentially view and/or modify the otherwise secured traffic.

What should you do?
  • Update OpenSSL and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on Ubuntu 12.04 against the “SSL/TLS MITM vulnerability (CVE-2014-0224)“.
  • I’ll be working from a Liquid Web Core Managed Ubuntu 12.04 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability”

Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the CCS Injection Vulnerability”?

The ChangeCipherSpec (CCS) Injection Vulnerability is a moderately severe vulnerability in OpenSSL, known formally as “SSL/TLS MITM vulnerability (CVE-2014-0224)“. As of June 05, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

This vulnerability is likely not as severe as the Heartbleed Bug. In some circumstances, this flaw allows an attacker to conduct a man-in-the-middle attack on servers running vulnerable versions of OpenSSL. The attacker would be required to intercept and alter network traffic, and do so in real time, to exploit the flaw; in that case, the attacker could potentially view and/or modify the otherwise secured traffic.

What do I do?
  • Update OpenSSL and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “SSL/TLS MITM vulnerability (CVE-2014-0224)“.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL on CentOS for the CCS Injection Vulnerability”

Update and Patch OpenSSL for Heartbleed Vulnerability

What is OpenSSL?

OpenSSL is a common cryptographic library which provides encryption, specifically SSL/TLS, for popular applications such as Apache (web), MySQL (database), e-mail, virtual private networks (VPNs), and more.

What is “the Heartbleed Bug”?

The Heartbleed Bug is a severe vulnerability in OpenSSL, known formally as “TLS heartbeat read overrun (CVE-2014-0160)“. As of April 07, 2014, a security advisory was released by OpenSSL.org, along with versions of OpenSSL that fix this vulnerability.

What are the risks?

In short, the risks are many. In most circumstances, this flaw allows an attacker to read the memory of servers running vulnerable versions of OpenSSL. This would allow attackers to impersonate users and services, and provide a means for data theft. For example, the exposed memory could include sensitive information such as private keys. If private keys are leaked, then it is possible that SSL certificates are compromised, and in that case should definitely be reissued.

What do I do?
  • Update and reboot your server immediately.
  • After the server has been rebooted, change all passwords associated with the server.
  • Consider getting your SSL certificates reissued.
Pre-Flight Check
  • These instructions are intended for patching OpenSSL on CentOS 6 against the “TLS heartbeat read overrun (CVE-2014-0160)” vulnerability.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Continue reading “Update and Patch OpenSSL for Heartbleed Vulnerability”

Install Dogecoin Wallet on CentOS

Dogecoin (Ɖ) is one of the many opensource cryptocurrencies that has penetrated the post-Bitcoin marketplace. As of February 2014, Dogecoin rates fifth (5th) in market capitalization among Bitcoin, Litecoin, and all other cryptocurrencies (source). This particular coin’s name is based on the “doge” meme, a slang term for “dog”.

Dogecoin is a fork of LiteCoin (presently third in market capitalization) and is based on the scrypt cryptographic algorithm, instead of being SHA-2-based like Bitcoin. The fact that Dogecoin is scrypt-based means that you can still actually mine Dogecoin with your Graphics Card or CPU (or Liquid Web server).

Without further delay… to the moon!

Continue reading “Install Dogecoin Wallet on CentOS”