Add these to your /etc/apache2/apache2.conf then restart Apache:
LoadModule headers_module /path_to/mod_headers.so Header unset Server ServerSignature Off ServerTokens ProductOnly Header unset X-Powered-By
Location data tracked by iOS and Android devices
Security researchers discovered this week that iOS devices continuously track users physical location and store this data on the device. The data is also sync’d with your desktop if you use iTunes. What’s interesting is apparently this has been long known by Law Enforcement Agencies, who can use this data in investigations. This data is also transmitted back to Apple every 12 hours.
Android devices apparently also report location data back to Google – it sounds like WiFi MAC address location data is sent back to help triangulate a users location to provide location based services using this map of collected MAC addresses. This is similar to the MAC address collection that Google got into trouble for when they collected similar data from their StreetView cars (when they arguably collected far more than just MAC addresses and the location).
Browser security beaten in pwn2own hacker contest
Browser security topples this week, first Safari then IE8, in a contest to demonstrate the ability to execute native code and save files to the host machine’s file system via vulnerabilities in the browsers.
Safari was first to fall, followed by IE8. No results for Chrome yet, and no contestant signed up to challenge Firefox. Mobile phone browser next up.
Enabling SSL for Apache2 on Ubuntu
Edit /etc/apache2/apache2.conf – add:
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Generate SSL certificates:
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
Add SSL config and 443 port to a new Virtual Host in apache2.conf – for example:
<VirtualHost *:443> ServerAdmin your_admin@email.com DocumentRoot /var/www/your_doc_root SSLEngine on SSLOptions +StrictRequire SSLCertificateFile path/to/server.crt SSLCertificateKeyFile path/to/server.key ServerName your.server.name DirectoryIndex index.php </VirtualHost>
Add a listen port on 443 to /etc/apache2/ports.conf:
NameVirtualHost *:443