Yesterday two issues affecting CPUs have been released to the public.
TL;DR: the attacks are named Meltdown and Spectre. They allow reading the memory of the OS or of other processes, to steal secrets or get information for other exploits. A part of the solution can greatly affect performance of running code. In particular, this attack allows to easily cross container boundaries, and in some cases (not our case) even VM boundaries.
In addition to servers, consumer machines are affected, especially through browsers, so you should definitely update your operating system as well as your browsers.
To protect your web app or API, there is almost only one way at this time: TLS. But users
and browsers don't always use TLS by default. So what you want is to redirect them to a
TLS encrypted version of your site if they try to connect via plain http.
nom is a parser combinators library witten in Rust
that I started about a year ago.
Its goal is to let you write parsers that are safe by default, fast, and abstract
all of the dangerous or annoying details of data consumption.
TL;DR:
We are disabling the support of SSLv3 in front of our platform the Friday, 24th October.
CBC has already been disabled, mitigating the issue.
The secure web is not for Internet Explorer 6 anymore.
Did you like Heartbleed? Meet Shellshock — aka CVE-2014-6271 — a new bug discovered this week in the widely used Bash command line interpreter.
Yesterday, a security patch of OpenSSL 1.0.1g was issued, fixing a pretty critical vulnerability (refered to as CVE-2014-0160).
Once issued, the Clever Cloud support team immediately updated our service with it.
Lire la version française
Since the beginning of Clever Cloud, we never went back on our beliefs. Europe needs a cloud hosting offer made by Europeans, to avoid the constraints imposed by the US.
Clever Cloud is designed to let you code and create wonderful applications able to enable a cool and interactive social life.
You want to create a Facebook app? To interact with the Foursquare API? Or just to manage some critical users data?
