-
Mixed links
From a recent linkfest on The Old New Thing blog come the following links: Some C++ Gotchas – yes, C++ is hard, and if you can keep all the rules in your head, you are a genius (or at least somebody working in C++ for 10+ years). On a related note: Java is also hard…
-
Small programming tips
A quickpost inspired by issues I encountered recently. How to concatenate (aggregate) strings with PostgreSQL? In MySQL you can write: SELECT concat(name) FROM test_table Because concat also works as an aggregate function (like MIN, MAX, SUM, COUNT, etc). To get the equivalent result in PostgreSQL, you can use the following query (based on ideas from…
-
Adding a world clock to your blog
Quite some time ago I’ve written a post about how to create a clock which shows the blog author’s time zone. The intention was to make relative temporal references (like “tomorrow”, “yesterday”, “within the last hour”, etc) more relevant to readers from different timezones. While the method worked perfectly, it did require you to have…
-
The state of web security
If you are a busy (wo)man, I save you the time it would take to read this blogpost: it is deplorable. Now to elaborate on it: Yesterday I was putting together some new templates for the webhoneypot project with a focus on PHP shells. Things like r57, c99 and their derivatives. Then I looked at…
-
Updates for Webhoneypot
The development of the webhoneypot is back in swing again. We are aiming for the date of May the 15th as the release date for a beta version. A cool new feature which got committed recently is the possibility to “emulate” RFI vulnerabilities. How does it work (idea taken from the glastopf project): When a…
-
Mixed links
From Andy Helsby’s Bookmarks: How do I Reset a Dell BIOS Password? – apparently for laptops there is a free (if you live in the USA) number you can call, and after giving the serial number for your laptop, they give a master unlock code. This is cool, but also a reminder that BIOS passwords…
-
Gh0stNet
The latest security news (hype?) is the discovery of Gh0stNet. Links: Original papare: Tracking GhostNet: Investigating a Cyber Espionage Network F-Secure blogpost about it The paper from Cambridge: The snooping dragon: social-malware surveillance of the Tibetan movement My take on it? There is no proof that China is behind this. There are alternative explanations (as…
-
Alternative regular expression syntax
For a long time I was a believer in the “Perl way” of doing regular expressions and an avid reader of perlre. All other implementations I viewed as a “poor man’s copy” of the one true idea. However, after reading the Lua Patterns Tutorial, I found it quite enlightening. Even though it is called “patterns”…
-
Build a botnet – without infecting end-users
The idea is not new: get a lot of users to view a given webpage, to DDoS the webserver / backend (depending where the bottlenecks are). If I recall correctly, some student asked the visitors of his website to continuously refresh the page of his university and got charged for it. As many have remarked…
-
An other reason for having command line
Because you can easily follow along with tutorial / trouble shooting guidelines / other documentations. Check out the difference between these two tutorials: Improving TS Gateway availability using NLB Installing the webhoneypot on OpenWrt In the first you have to orient yourself after some screenshots. If an error message comes up, it is much less…