Security

Block remote root login via ssh on Ubuntu/etc to keep your server safe

A moment ago I was checking the system logs on my Ubuntu server and found that in auth.log reports that someone was repeatedly trying to SSH login as root. The "root" entry in /etc/passwd is setup so that no password will ever be matched, so perhaps this potential cracker would never get into my server anyway. But the requests are using bandwidth - and what if they were able to figure out a password that would work? Why not just block remote SSH login access to logging in as root in the first place?

Fixing 'Enter passphrase for /dev/fd/63' in a Gitlab CI job

gitlab-stacked_wm_no_bg.pngIf you're a Gitlab user you're probably hoping to use Gitlab CI to automate builds and deployments. You probably want to deploy something using rsync, using an SSH key for security. Unfortunately (in my opinion) the official Gitlab documentation is confusing.

Node v0.8.17 released - fixes security vulnerability - we're urged to upgrade ASAP

Isaac Schlueter just posted this warning .. 
    This release addresses a potential security vulnerability.

    If you do not use TypedArrays, then you're fine (but should still
    upgrade for other reasons, like better performance and npm
    peerDependencies.)

    If you use TypedArrays, you should upgrade to v0.8.17 as soon as
    possible. If user input can affect the size parameter in a
    TypedArray, an integer overflow vulnerability could allow an attacker
    to write to areas of memory outside the intended buffer. Please
    upgrade ASAP.

JavaScript or SQL injection attacks in the Node.js platform?

Alex Popescu writes about some having started to ponder how safe Node.js based servers are against injection attacks.  Traditionally injection attacks were targeting SQL commands being constructed from web queries, and various forms of cross site javascript injection attacks.  The cure for these attacks is to use a robust content filtering system as well as to follow sound software engineering practices.  But many Node.js tutorials and even some live systems apparently have injection attack vulnerabilities.

The Hole in the Wall Daemon