-
Fetching files form PHP in a compatible way
I just finished comparing a whole bunch of OS’s to determine which is the most compatible (widely available) way to fetch an external HTTP page from PHP. The winner is: fsockopen – it was available on 100% of the tested systems. I was only interested in HTTP pages, not HTTPS, so the ssl transport might…
-
Mixed links
An interesting story about sniffing VPN (or more correctly: what the user thought to be VPN). This shows that you always have to be alert. Why is the web the default development platform? – completely agree with all the points (and also most of the points made in the comments). One additional thing is: instant…
-
Can good programmers be part of a SDLC?
From the security balance blog. SDLC is the Security Development Lifecycle for all of you non-acronym junkies :-). I disagree with the definition of “good programmer”. In my opinion being a good programmer is not just about being able to bang out X lines of quality code per hour. It’s about knowing your limits, and…
-
Does AV more harm than good?
This article is one of the best description of the current situation that I’ve seen out there. Some of juicy bits: This comfort and confidence is the problem – if this user had learned the basics about how malware works and is spread, and been educated on the simple day-to-day activities which put them at…
-
Fixing a hibernation problem with Intel network cards
I had a problem with hibernating a Windows XP system containing an on-board Intel(R) 82566DC Gigabit NIC. The hibernation was ok, but it would wake up in a couple of seconds after shutting down. Today I looked around a little more and found the following setting: “Wake On Directed Packet”. Unchecking it solved the problem.…
-
The importance of understanding
I found the paper .NET Framework Rootkits: Backdoors inside your Framework via the Security4All blog some time ago. It is an interesting article about modifying the basic .NET libraries such that they do other things than what they were intended (for example log any traffic going trough sockets). However it seems to have created some…
-
Nice validation technique
Reading the Paint.NET blog I found this post about parameter validation. It is a very cool one for at least three reasons: Makes the code more readable. Making the code such that readers can infer (correctly!) what the code does without additional comments is very useful. Makes the code shorter. Can be easily adapted into…
-
The Monty Python YouTube channel
Found this via the net@night podcast. Warning! Very funny, it will make you laugh out loud! 🙂 The Monty Python YouTube channel
-
The big java regex shoutout
I discovered recently that the built-in java regex library has problems with some expressions, so I set out to find alternatives. Searching for regex benchmarks, I found the following page: Java Regular expression library benchmarks (it also has an older version). The original IBM article also contains a benchmark. However both of these resources are…
-
If Wireshark complains about incorrect cheecksums…
You most probably have TCP checksum offloading enabled in your NIC. You can disable it, just know that enabling/disabling it will probable reset your network stack (so don’t do it on remote system). PS. This is not always the case, I’ve seen the same error message on systems which didn’t have TCP checksum offloading (and…