A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s
a couple of different options using F5 solutions to secure your site against
it.
It’s called “Apache Killer” and it’s yet another example of
exploiting not a vulnerability, but a protocol’s behavior.
UPDATE (8/26/2011) We're hearing that other Range-* HTTP headers are also
vulnerable. Take care to secure against these potential attack vectors as
well!
In this case, the target is Apache and the “vulnerability” is in the way
multiple ranges are handled by the Apache HTTPD server. The RANGE HTTP header
is used to request one or more sub-ranges of the response, instead of the
entire response entity. Ranges are sometimes used by thin clients (an example
given was an eReader) that are memory constrained and may want to display
just portions of the web page. Generally speaking, multiple byte rang... (more)
Last week we read that HP wants to get out of its Tablet business which means
the Palm acquisition was a big failure. HP also said that it wants to sell
off its PC business due to poor margins, even though its revenue contributed
around $40B. Humorously, Michael Dell twitted that the spin-off unit may be
called Compaq. It is only ten years back that Carly Fiorina fought a big
battle to acquire Compaq at the extremely high price of $25B.
It seems Leo Apothekar, the new CEO wants to change HP to a different company
centered around software and services. Last week it announced the a... (more)
In October 2009, Enterprise Cloud Computing was considered bleeding edge
technology by many but there was something that seemed different about its
value potential and adoption rate. For CIOs, it seemed a chance to provision
affordable infrastructure quickly, alleviating delays to mission critical
deliveries. Federal CIOs interest in Enterprise Cloud Computing was limited
to innovators and early adopters. Two years later, where does Enterprise
Cloud Computing stand? Is it for real?
Today, Cloud Computing is on the Gartner® technology hype curve in the
“peak of inflated expectati... (more)
Last week I published my winning Customer X-Ray of the Quarter, which showed
how AppDynamics was able to help a media customer solve a production issue
that had plagued their application for over two years. This week I’m
posting the runner-up X-Ray entry. This one describes how AppDynamics was
able to help an Insurance customer avoid a production outage by spotting a
major bottleneck as their application was migrated from dev to pre-production
during performance testing. All of the X-Rays you see published in this blog
were written by customers, so the stories you read are real, ... (more)
The Canadian Federal Government recently announced plans to create a single
IT department ‘Shared Services’ that will save $100-200m a year through
consolidation-driven efficiencies. As highlighted in this fact sheet there is
lots of ‘low hanging fruit’ for cost savings due to a spread of many
different email systems, networks and data-centres.
This expensive complexity doesn’t stop there, it also continues into their
enterprise application estate.
Like most large organizations Governments are organized hierarchically, with
different departments for each of their main functions, ... (more)