Posts tagged: security

Protecting node.js from BEAST TLS attack

By , Friday 7th June 2013 6:56 pm
Copyright Disney, I don't think they'll sue me. Thanks for the image.

Copyright Disney, I don’t think they’ll sue me. Thanks for the image.

After reading Eric Martindale‘s very useful blog post on “Mitigating TLS BEAST attack in node.js” I decided to implement this for pinitto.me in order to increase security of the site.

After implementing the suggested code I then attempted to test the SSL setup via SSLLabs.  Sadly the report came back showing that pinitto.me was still vulnerable to BEAST attacks.

A BEAST (or Browser Exploit Against SSL/TSL) attack is an attack where a third party can silently decrypt communications between a browser and a server. This is performed by attacking a weakness in CBC (cipher block chaining) discovered back in 2006 but with a practical exploit not found until late 2011.

BEAST attacks are not possible on TLS versions greater than 1.0 but as this version is currently the most predominant on the internet such attacks are possible on most unprotected servers.

The documentation on SSLLabs.com suggested a different set of ciphers to those suggested by Eric and so after implementing these pinitto.me is now reported to not be vunerable to these attacks, yey!

The code for setting up a HTTPS server on node.js therefore becomes:

var https = require('https')
  , fs = require('fs')

var options = {
   key: fs.readFileSync(config.ssl.key, 'utf8'),
   cert: fs.readFileSync(config.ssl.cert, 'utf8'),
   ca: fs.readFileSync(config.ssl.ca, 'utf8'),
   ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
   honorCipherOrder: true
}

https.createServer(options, function (req, res) {
  res.writeHead(200)
  res.end("Hello World!")
}).listen(443)

Notes

Something up with google or wordpress?

By , Friday 22nd February 2013 7:08 pm

I noticed something very strange in google results whilst searching for referenes to pinitto.me online today.  After the usual links to github, the site itself, and some various small references I noticed the following in the results:

Screenshot from 2013-02-22 18:56:40

I checked several of these links fearing my site had been hacked and it turns out none of the pages exist. There’s also no reference to them in the admin section of the site or from grepping site logs.  The posts seem to have been posted over the past few weeks according to google.

Have google search results been hacked/tricked? Or is there something else going on with my wordpress install? Currently running wordpress 3.5.1.

Clearly google did see something at some point:

Screenshot from 2013-02-22 19:12:36

Panorama Theme by Themocracy

2 visitors online now
0 guests, 2 bots, 0 members
Max visitors today: 6 at 12:00 am UTC
This month: 31 at 09-06-2017 03:33 pm UTC
This year: 45 at 02-01-2017 10:28 pm UTC
All time: 130 at 28-03-2011 10:40 pm UTC