Have you’ve had enough yet? 😀
Recently I found out about Soushin, an free solution which tries to help you secure your PHP installation (similarly to mod_security – meaning that it doesn’t require you to modify the source code of your applications). It seems that a new feature which is currently in beta test is the detection of SQL injections. My opinion about this: as a PHP developer I fought for years to make my applications secure. In a recent project I adopted PEAR::DB as the abstraction layer (with a MySQL backend). Imagine my surprise when it turned out that the so called
compiled queries were in fact strings in which it verbatimely included the parameters I gave them. While in Perl it is hard not to do real precompiled queries. So IMHO, at least in this segment – database access, Perl is clearly superior to PHP.
A very nice quote from Susan Jacoby:
When politicians start citing God as the authority for whatever they want to do, they are usually promoting some policy that defies human reason.
Via Slashdot I came across CERTStation. Whoever designed it had no intention for it whatsoever to be usable. Just to much useless movement and animation (other have the same opinion). For a nice relaxing graphic, see the DShield statistic below:
Something similar to DShield: Shadowserver (similar because it too handles large scale security events and it’s too decentralized
Via Lifehacker: a free utility for Windows virtual desktops
If your computer CMOS battery is gone, you can use AboutTime to synchronize it if you have Internet access. I personally used the Windows port of the official NTP client. It is a bit harder to configure, but at the time I didn’t know about AboutTime. You can find a list of public NTP servers (meaning that not only are these servers publicly accessible, but they were intended to be) here. Be sure to make the first server the one closest to your geographic location and use others as fallback. For example in my case I use them as follows:
ro.pool.ntp.org, europe.pool.ntp.org, pool.ntp.org