SSL

HTTPS Easily Hacked in Seconds when Compressed

Tuesday, August 6th, 2013 | Business | No Comments

A new DHS report released on August 2, BREACH vulnerability in compressed HTTPS, detailed how an attacker could derive information from the length of a compressed encrypted stream.

From the report:

While the CRIME attack is currently believed to be mitigated by disabling TLS/SSL/level compression, compressed HTTP responses represent a significant unmitigated vector which is currently exploitable. By injecting plaintext into an HTTPS request, an attacker can learn information about the corresponding HTTPS response by measuring its size.

The article states what the symptoms are, as well as potential fixes.  Basically, disable HTTP compression.

 

 

Tags: , , ,

Help: I only have SFTP/SSH access, How can I update my WordPress plugins?

Wednesday, December 14th, 2011 | Business | No Comments

WordPressRan into this one today.  A site with only SFTP/SSH access, and the server required the “FTP” method of updating plugins/WordPress.  Remember FTPS is not SFTP.  FTPS runs over HTTPS/SSL, while SFTP runs over SSH.  Confusing?

Fortunately there’s a nice little plugin called, SSH SFTP Updater Support.

You must download it, then upload the contents of the zip into /wp-content/plugins/, then Activate the plugin in the admin.  It will add an SSH2 (which is used for SFTP) option to your “Updates” screen.

Worked for me.

Tags: , , , , , ,


Please share, it makes me happy:

Subscribe to Email Alerts

Follow Me

Follow seangw on twitter

Archives

Categories

prestashop theme

virtuemart template