Making sure your application is available
RATE LIMITING
Maybe we should listen to those network guys.
A few months ago I wrote about the Slowloris attack on web servers, the short version of which is: Attackers connect and hold connections open, using very few resources on their end, but soaking up all your available sockets and preventing any legitimate users from connecting. Since then, a number of other denial-of-service types of attack have been announced against web servers, web applications, and other services. This got me thinking: How can programmers deal with these issues in a generic way to reduce their impact?
Read full article as PDF:
058-059_kurt.pdf (893.86 kB)Tag Cloud
News
-
KDE Announces Software Compilation 4.13
New release comes with better semantic search and improvements to Kontact.
-
Coverity: Open Source Code has Fewer Defects
Annual code quality report shows FOSS is more secure at all project size levels.
-
An Even Smaller Raspberry Pi
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
-
Freaky Privilege Escalation Attack
A new class of problems lets a malicious app pre-configure an invisible privilege update.
-
Facebook Rolls Out New PHP-like Programming Language
New Hack language adds static typing and other conveniences.
-
Fedora Announces Innovative Crytography Policy System
New crypto policy system will offer easier configuration and more uniform security.
-
Shuttleworth Calls for Declarative Firmware
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
-
New TLS Attack Takes the S out of HTTPS
Vulnerability affects many Linux web servers
-
Munich Adopts Kolab
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
-
Canonical Announces Ubuntu Smartphones
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.