First we need to grab instant client from oracle..
Basic and Devel RPM packages is enough.
Before we install PHP we need to install prerequisites.
sudo apt-get install gcc libbz2-dev libpng12-dev libc-client2007e-dev libmcrypt-dev libxml2-dev libcurl4-openssl-dev libxslt1-dev libaio1 apache2-dev alien
Turn rpm packages to debian packages with alien.
sudo alien -d oracle-instantclient12.1-basic-22.214.171.124.0-1.x86_64.rpm
sudo alien -d oracle-instantclient12.1-devel-126.96.36.199.0-1.x86_64.rpm
Install instant client packages we freshly converted.
sudo dpkg -i oracle-instantclient12.1-basic_188.8.131.52.0-2_amd64.deb
sudo dpkg -i oracle-instantclient12.1-devel_184.108.40.206.0-2_amd64.deb
Download latest php source from php.net; for example;
tar -jxvf php-5.6.19.tar.bz2
export paths to system;
now we configure to generate make files;
./configure --with-pdo-oci --with-oci8 --with-pdo-oci --with-apxs2=/usr/bin/apxs2 --with-kerberos --with-mysql --with-pdo-mysql --with-bz2 --with-curl --with-gd --with-imap --with-imap-ssl --enable-mbstring --with-mcrypt --with-openssl --enable-zip --with-zlib --disable-phar
(if you need phar, delete last option).
make & install
sudo make install
DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. DROWN is another downgrade attack over SSL hence this time over SSLv2.
SSL has a good history with downgrade attacks likewise Lucky13, Crime, BEAST, Poodle. Currently %33 of internet servers uses SSLv2. With DROWN an attacker can decrypt connection with server which has SSLv2 enabled.
Papers and Vulnerability Testing Here
Microsoft Encryption Library for Health Databases released.
“SEAL” (Simple Encrypted Arithmetic Library) is a homomorphic encryption algorithm and allows querying medical data without decryption.
The code contains a few basic examples, and more detailed documentation will be available soon.
World’s fastest and most advanced GPGPU-based password recovery utility oclHashcat is now open-source.
Hashcat and oclHashcat sources released at github
Oracles new website aimed for Oracle SQL users. LiveSQL site has snippets and tutorials for Oracle Database Systems.
Microsoft is working on a new encryption algorithm for healthcare sector. Algortihm which called “SEAL” is a homomorphic encryption algorithm and allows querying medical data without decryption.
Release address (not yet published)
Research Article (pdf)
while we are waiting for free and open Certificate Authority “Lets Encrypt”, we got a new option.
sslip.io gives a subdomain based upon your ip and you just need to set up SSL key which released at GitHub to your server.
Finally you will have a ip based SSL subdomain address e.g. https://52-0-56-137.sslip.io/
Detail of SSLip.
Amazon Web Services introduced s2n; an Open Source implementation of the TLS protocol. s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, Amazon developers expected that it is easier to review s2n; they have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing.
Mozvote package implements a private voting protocol, as well as contains a demo.
Note that the public and private keys are hardcoded: you will want to use the
output of keygen.go to change them in a real application.