We are back after a very long break due to work. In this episode we have brand new intro music, discuss the yahoo hack and a apache tomcat vulnerability, and record in the same room for the first time in 2.5 years.

Show Notes:

Have I been pwned?: https://haveibeenpwned.com/

Apache misconfiguration: Below are examples of misconfigurtions in the web.xml file.

<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>

or

Is this context "read only", so HTTP commands like PUT and DELETE are rejected? [true]

New intro music provided by GIANT MONSTERS ON THE HORIZON:

http://giantmonstersonthehorizon.com/

https://www.facebook.com/giantmonstersonthehorizon/

https://open.spotify.com/artist/4HmglWNfF7jAYQxbEjv9Xt