Non vedi il contenuto di questa Email?
Clicca Quì
http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=1bbacc64-00a9-4a60-a35f-33f98efe0ab6
Greetings!

Inotra questa email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1125465391724





Questa mail è stata inviata a [email protected],
da parte di [email protected]

Aggiorna profilo/indirizzo e-mail
https://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=1bbacc64-00a9-4a60-a35f-33f98efe0ab6


Rimozione istantanea con SafeUnsubscribe(TM)
https://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=1bbacc64-00a9-4a60-a35f-33f98efe0ab6


Informativa sulla privacy:
http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp





Online Marketing by
Constant Contact(R)
www.constantcontact.com



Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy

Hello,

I sincerely hope you are doing well.

We are an India based Web Design company with a primary focus on SEO based Website Design
& Development (Magento, HTML, WordPress, , PHP and Yahoo Store development).

We have a dedicated team of 250 professional designers, developers and SEO specialists; especially
for Graphic designing and SEO.

We can assure you of getting quality works. Most firms overseas have achieved a significant
amount of savings by outsourcing either part of, or their entire work to us in India.

We would like you to give us an opportunity to work with your company and AMAZE you with our
service.

Please let us know in case you are interested.

Warm Regards,

Abhinav Kumar Singh!

Note: We are not spammers and are against spamming of any kind. If you are not interested
then you can reply with a simple "NO",We will never contact you again.

Non vedi il contenuto di questa Email?
Clicca Quì
http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=956bcd99-8043-402a-bb6d-af6206044bdb
Greetings!


Questa mail è stata inviata a [email protected],
da parte di [email protected]

Aggiorna profilo/indirizzo e-mail
http://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=956bcd99-8043-402a-bb6d-af6206044bdb


Rimozione istantanea con SafeUnsubscribe(TM)
http://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=956bcd99-8043-402a-bb6d-af6206044bdb


Informativa sulla privacy:
http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp





Online Marketing by
Constant Contact(R)
www.constantcontact.com



Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


          Security Advisory - Apache Software Foundation
                Apache HTTPD WebServer  / httpd.apache.org

	X509 Client certificate based authentication can
           be bypassed when HTTP/2 is used

                   CVE-2016-4979 / CVSS 7.5

The Apache HTTPD web server (from 2.4.18-2.4.20) did not validate a X509 
client certificate correctly when experimental module for the HTTP/2 
protocol is used to access a resource. 

The net result is that a resource that should require a valid client certificate
in order to get access can be accessed without that credential.

Background:
- -----------

Apache can control access to resources based on various things; such as 
a password, IP address and so on. One of the options, when SSL or TLS is
used, is gating access based on the client having access to a private-key of 
a X509 client certificate. These client certificates are typically held on
a chipcard (e.g. the CAC card in the US, national identity, banking cards
or, for example, medical-chip cards in Europe). In some cases they
are 'soft tokens' - i.e. files, often called PKCS#12 files, which are loaded
into the browser or the 'keychain'.

Gating access based on a client certificate is done by adding a line such as

	SSLVerifyClient require 

to the httpd configuration; along with a list of trusted client certificate
authorities (SSLCACertificateFile).

Version 2.4.17 of the Apache HTTP Server introduced an experimental feature:
mod_http2 for the HTTP/2 protocol (RFC7540, previous versions were known as 
Google SPDY).

This module is NOT compiled in by default -and- is not enabled by default, 
although some distribution may have chosen to do so.

It is generally needs to be enabled in the 'Protocols' line in httpd by 
adding 'h2' and/or 'h2c' to the 'http/1.1' only default. 

The default distributions of the Apache Software Foundation do not include 
this experimental feature. 

Details:
- --------

- From version 2.4.18, upto and including version 2.4.20 the server failed
to take the (failed/absent) client certificate validation into account
when providing access to a resource over HTTP/2. This issue has been fixed 
in version 2.4.23 (r1750779).

As a result - a resource thought to be secure and requiring a valid
client certificate - would be accessible without authentication 
provided that the mod_http2 was loaded, h2 or h2c activated, that
that the browser used the HTTP/2 protocol and it would do more than
one request over a given connection.

Impact:
- -------

A third party can gain access to resources on the web server without
the requisite credentials.

This can then lead to unauthorised disclosure of information.

Versions affected: 
- ------------------
All versions from  2.4.18 to  2.4.20. The issue is fixed in
version 2.4.23 (released 2015-6-5)

Resolution:
- -----------

Upgrade to version 2.4.23 or newer.

Mitigations and work arounds:
- -----------------------------

As a temporary workaround - HTTP/2 can be disabled by changing
the configuration by removing h2 and h2c from the Protocols
line(s) in the configuration file. 

The resulting line should read:

		Protocols http/1.1

Credits and timeline
- --------------------

The flaw was found and reported by Erki Aring <[email protected]> 
from Liewenthal Electronics Ltd on 2016-06-30. The issue was 
resolved by Stefan Eissing that same day and incorporated in 
the  release of 5th of July 2015 (thus avoiding a bank holiday).
 
Apache would like to thank all involved for their help with this.

Common Vulnerability Scoring (Version 3) and vector
- ---------------------------------------------------

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

CVSS Base Score         7.5
CVSS Temporal Score     7.0 

1.05 / : 2339 $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4
Comment: This message is encrypted and/or signed with PGP (gnu-pg, gpg). Contact [email protected]
if you cannot read it.

iEYEARECAAYFAld7tREACgkQ/W+IxiHQpxssBwCg2PU1xiye20scB23ZEAdhuEjA
JPoAmwUaZFh/tr2tR3opAVnFo+mSgMDi
=zNG2
-----END PGP SIGNATURE-----

          Apache HTTP Server 2.4.23 Released

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.23 of the Apache
HTTP Server ("Apache").  This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
principally a feature and bug fix release.

NOTE: Versions 2.4.22 and 2.4.21 were not released.

We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.4.23 is available for download from:

http://httpd.apache.org/download.cgi

Apache 2.4 offers numerous enhancements, improvements, and performance
boosts over the 2.2 codebase.  For an overview of new features
introduced since 2.4 please see:

http://httpd.apache.org/docs/trunk/new_features_2_4.html

Of particular note are 2 reverse proxy additions: Support of
HTTP/2 and dynamic health checks.

Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.4.23 includes only
those changes introduced since the prior 2.4 release.  A summary of all 
of the security vulnerabilities addressed in this and earlier releases 
is available:

http://httpd.apache.org/security/vulnerabilities_24.html

This release requires the Apache Portable Runtime (APR) version 1.5.x
and APR-Util version 1.5.x. The APR libraries must be upgraded for all
features of httpd to operate correctly.

This release builds on and extends the Apache 2.2 API.  Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and require minimal or no source code changes.

http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING

When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

Please note that Apache Web Server Project will only provide maintenance
releases of the 2.2.x flavor through June of 2017, and will provide some
security patches beyond this date through at least December of 2017.
Minimal maintenance patches of 2.2.x are expected throughout this period,
and users are strongly encouraged to promptly complete their transitions
to the the 2.4.x flavor of httpd to benefit from a much larger assortment
of minor security and bug fixes as well as new features.

Non vedi il contenuto di questa Email?
Clicca Quì
http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=5de61e7d-f5b8-40ba-912c-fa226f0735b9
Greetings!

Inotra questa email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1125150038487





Questa mail è stata inviata a [email protected],
da parte di [email protected]

Aggiorna profilo/indirizzo e-mail
http://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=5de61e7d-f5b8-40ba-912c-fa226f0735b9


Rimozione istantanea con SafeUnsubscribe(TM)
http://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=5de61e7d-f5b8-40ba-912c-fa226f0735b9


Informativa sulla privacy:
http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp





Online Marketing by
Constant Contact(R)
www.constantcontact.com



Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy

Hi,


My name is Otilia I represent a-digital-marketing-company here in  
Melbourne, I landed on to your-web site-while doing some research in your  
industry. I'm impressed with your company, but there are some real  
opportunities for growth that you currently are missing.


I think I can help your-web site-rank on-Search-Engines-a lot easier. I  
have compiled a-web site-audit-which lists all the areas that your-web  
site-needs improvement in.


Would you be interested in this-Website-Audit-Report?


I am happy to send it through at-no-charge-associated-and let me know if  
you would like this-report.


We can also have a-marketing-expert-give you a cal to discuss the specific  
issues.


Please just reply to this mail with your phone number and either myself or  
one of our team will be in touch with you soon after.


Best Regards,


OTILIA | BDM


CREATIVE AUST
Headquarters: Office 7004 X 2 Tower, Melbourne Vic. 3000 Australia.
Other Branches: Sydney | Perth | Brisbane | Adelaide | Hobart

 HelloMy name is Angelica Michaeli am interested in having communication with you as a true
friend, please write me back using my e-mail([email protected])i can also send
my picture directly to you,and also tell you more about meyour new  friendAngelica Michael

Hi,



I am Silpi, a Web Development Manager in (India) and I work with
100+experienced IT professionals who are into:



Website Designing, Web Development, PHP development, e-Commerce solutions,
SEO Services and Content Writing, PPC Services.



May I know if you are interested in any of these services?



If you are interested, then I can send you our past work details, company
information and an affordable quotation with the best offer.



Look at the Special offered Packages which can build your online
recognition and increase your profit margins.



You can give me your Skype id or Phone number to discuss more.



Thanks & Regards,

Silpi

Web Development Executive

Non vedi il contenuto di questa Email?
Clicca Quì
http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=299918a0-2865-4ba7-b1a3-c9bbdc857c18
Greetings!

Inotra questa email
http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1124939785157





Questa mail è stata inviata a [email protected],
da parte di [email protected]

Aggiorna profilo/indirizzo e-mail
http://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=299918a0-2865-4ba7-b1a3-c9bbdc857c18


Rimozione istantanea con SafeUnsubscribe(TM)
http://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=299918a0-2865-4ba7-b1a3-c9bbdc857c18


Informativa sulla privacy:
http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp





Online Marketing by
Constant Contact(R)
www.constantcontact.com



Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy