Archive for the ‘Security’ Category
Sunday, July 6th, 2008
People have hacked Digg before. This guy found an xss injection that allowed him to force users to Digg his articles. Digg happily patched the problem and went on with their business. However, there is another problem with Digg that has to do with their content parsing system. The difference ...
Posted in Hacks and Bugs, How-To, Security, Technology | 5 Comments »
Monday, June 23rd, 2008
Introduction
Most of us have seen movies where the thief takes control of a video cameras and shuts it down or switches it to a fake feed with his laptop. It's not just fiction, and this article will show you how to do it.
By video surveillance systems I refer to ...
Posted in Hacks and Bugs, How-To, Security, Technology | 3 Comments »
Monday, June 9th, 2008
Some people might say that the difference between a seasoned hacker and a script kiddie is that the script kiddie will take a vulnerability from someone else, and a hacker will find the vulnerability himself. There is another difference that is crucial to a seasoned hacker. A seasoned hacker will ...
Posted in Hacks and Bugs, Security, Technology | 2 Comments »
Monday, May 26th, 2008
Any experienced admin will tell you that it is very easy to figure out which lines in an http log are hack attempts and which are not. If you don't know, you're about to find out. It is actually normal to find very large amounts of malicious traffic in your ...
Posted in Hacks and Bugs, How-To, Security, Technology | No Comments »
Thursday, May 22nd, 2008
There is no guaranteed way to secure your blog, there will always be a way in, but there are ways to make sure that you're not vulnerable to any widespread problems. Here are some tips to keep your blog under your control.
1. Minimize Total Code
This is very similar to the ...
Posted in How-To, Security, Technology | 4 Comments »
Thursday, May 15th, 2008
Now that you have your ubuntu router set up, what can you do with it? There are a few interesting things you will notice if you look at your events list long enough. You might notice a large number of incoming requests for a specific port. Let's use one that ...
Posted in How-To, Security, Technology | 1 Comment »
Saturday, May 3rd, 2008
Today's post will include 3 different languages: html, php and sql. There is a mysql database, a php backend and an html form to try out different injections, as well as a sample injection and vulnerable/patched code.
We'll start off by making a sample table in mysql:
[sourcecode language='sql']
CREATE TABLE `example`.`users` (
`id` ...
Posted in Hacks and Bugs, Security, Technology | 1 Comment »
Wednesday, April 30th, 2008
Last time we covered XSS in php. What about perl? It turns out there's an even more in house solution to XSS in perl, because it has been used so long for cgi. We'll use the same basic example.
[sourcecode language='html']
alert('XSS!');
[/sourcecode]
This is the XSS attack.
[sourcecode language='html']
This script is vulnerable to ...
Posted in Hacks and Bugs, Programming, Security, Technology | No Comments »