• Twitter: You Say Transparency, I Say Vulnerability

    We received a number of tips early this morning that the majority of web servers at Twitter was exposing server and load-balancer status information to the public. The status page, which are an (often default) option in the open source Apache web server dump an output of all connections and state information for a particular server. The information is used by administrators to monitor servers… Read More

  • Basic Flaw Reveals Source Code to 3,300 Popular Websites

    A Russian security group has posted a detailed blog post (translation here) about how they managed to extract the source code to over 3,300 websites. The group found that some of the largest and best known domains on the web, such as apache.org and php.net, amongst others, are vulnerable to an elementary information leak that exposes the structure and source of website files. A web surfer is… Read More

  • A pony, for your Friday amusement

    Here’s a little treat for all you Apache admins out there in The Internet: mod_pony. It produces an ASCII art representation of a pony. It would be grand to see ponies proliferate around The Internet today! Read More