This week, some details about security flaws in several microprocessors were publicly shared; a full disclosure is expected to follow. The flaws take several forms, and have been named Meltdown and Spectre. You can find more information about the scope of both Meltdown and Spectre at https://meltdownattack.com. A process (application) running on a server can…
Continue reading ›The Imperva HTTP/2 Vulnerability Report and NGINX
On August 3, Imperva – an Internet security company – announced four potential security vulnerabilities in the HTTP/2 protocol, and issued a detailed report evaluating a number of web servers against these vulnerabilities. As shown in the table (from page 19 of the Imperva report), NGINX 1.9.9 performed comparatively well in Imperva’s tests, and was not affected by three of…
Continue reading ›