Top posts
Latest articles
Avoid Debian Exploid using SSH
(1 votes, average: 3 out of 6)
Loading ...Not so long ago news surficed that the SSH protocol used in Debian was a lot less then secure. It appears that you can easily guess the key used for the encryption of all data send between the client and the server.
This would mean anyone could hack your debian server by just listening in to the communication between you and it. This is of course not what you want so here are a few easy steps to upgrade the faulty components.
- First you must update the apt by entering apt-get update
- After this it’s time to update the SSL libraries by entering apt-get install libssl0.9.8
- Know that the encryption is a lot more secure again its time to generate new keys for the server this can be done by executing the following line:
ssh-keygen -N ” -t dsa -f /etc/ssh/ssh_host_dsa_key - Also update the RSA key by entering:
ssh-keygen -N ” -t rsa -f /etc/ssh/ssh_host_rsa_key - Last but not least is restarting the SSH service to complete the update, this is done by running:
/etc/init.d/ssh restart
Please note that after doing this and reconnecting you will most likely get a warning stating the server changed certificates. Which is true as you’ve done just that in the above steps.
Creating a dynamic PropertyGrid in .Net
A long time ago I wrote an article on how to use the .Net property grid, but I never published the PDF version of this article. The article describes how to use the PropertyGrid in Visual Basic.net, from basic static property grid to a more dynamic version.
This article is meant for developers who are looking into creating a more flexible property grid then is offered by .Net v1 and v2. It explains how to create classes to add tabs to the property grid and dynamically add and remove properties during execution.
You can download the .Net PropertyGrid article by clicking this text.
Cleaning Up Java Sessions
As part of a migration from Resin 1.3 to Tomcat 5 we had to migrate servers that are session based. Because we wanted to measure the time someone was on the website a listener had to be used. In resin this was done by implementing a HttpSessionBindingListener. But when we migrated to tomcat our measurements no longer worked.
Once a session became invalidated the HttpSessionBindingListener valueUnbound method was called. During this call we used the getLastAccessedTime() on the session to figure out how long the session was idle before the session was cleaned up.
During the investigation as to why the idle time was no longer logged we found out that for some reason the valueUnbound was no longer working the same in Tomcat as it used to in Resin. After some debuging it appeared as if the HttpSession.getLastAccessedTime() could no longer be used at this stage of the clean up. Every time you tried to access it I got a IllegalStateException.
Some searching on the web later toled me that this was because the session is already invalidated at this point. And an invalidated sessions information cannot be trusted. So what I had to do is build another listener. This time one that is more generic and catches all session deletions. The class to implement in order to do this is called the HttpSessionListener. The methods on this class are called when a session is made or destroyed.
By storing the last access time during the destruction the idle timeĀ is available.
