Web Security - Part 1 - Google Hacking
Doing security reviews from time to time of web applications you can find real beauties. You see GET variables in eval, system, include and all sorts of things you would not even imagine that could run live for years without anyone noticing it :- )
I dont really have great english nor writing skills but i thought i will try to write a few parts of the security article just to give something back to the community. Its not really rocket science nor my invention or discovery. Its just day and weeks and years spent working with web apps and reading here and there. What i hope is to write something you will enjoy and maybe put some new spin on some issues.
PHP display_errors => You will be Google-Hacked for sure
How to compile memcached 1.4 on MAC
I am using Mac just since January and im still not so familiar with it. If you want to install latest memcached on Mac OSX you will need libevent.
Download libevent from this site:
http://www.monkey.org/~provos/libevent/
Then unpack, configure and compile it. Also install it in /usr/local
./configure --prefix=/usr/local make make install
Then obtain latest memcached from:
http://www.danga.com/memcached/download.bml
Then unpack, configure and compile. You need to point to the same folder so configure could find the library.
unpack ./configure --with-libevent=/usr/local/ make ./memcached -u root -vv
And thats all.
PALM - bundle of Linux system, Network, Apache2, PHP, APC and Memcached scripts and Cacti graphs
After some more work on the weekend and playing around with cacti i have fixed up some of the previous scripts and joined input methods with data sources and graphs all together.
I have also added a host template so now adding servers will be much easier you just enter host name and click ccreate graphs ... job done.
Package includes graphs to monitor Linux system metrics, disk IO, network IO, apache status, APC op code cache, memcached.
Im still adding stuff to it so make sure to come back for an update : -)
You can see some of the graphs in earlier versions here:
Linux graphs
Mac OS X default logging helper sucks
Mac has some nice features but some are really lame. Trying to make syslog look cool made my system inresponsive for like 10 minutes. All because of GrowlHelperApp.
How to check file consistency across operating systems
Its very stressful if we have to copy 2gb database dump or archive of important data over network. Even that TCP is supposed to let us send data without any damage it can happen from time to time while copying huge amounts of data through slow networks that some package gets damaged and crc checksum does not detect it (32 bit checksum still gives some chance of collision so the more packages the bigger the chance)
digg