-
Adding a world clock to your blog
Quite some time ago I’ve written a post about how to create a clock which shows the blog author’s time zone. The intention was to make relative temporal references (like “tomorrow”, “yesterday”, “within the last hour”, etc) more relevant to readers from different timezones. While the method worked perfectly, it did require you to have…
-
The state of web security
If you are a busy (wo)man, I save you the time it would take to read this blogpost: it is deplorable. Now to elaborate on it: Yesterday I was putting together some new templates for the webhoneypot project with a focus on PHP shells. Things like r57, c99 and their derivatives. Then I looked at…
-
Updates for Webhoneypot
The development of the webhoneypot is back in swing again. We are aiming for the date of May the 15th as the release date for a beta version. A cool new feature which got committed recently is the possibility to “emulate” RFI vulnerabilities. How does it work (idea taken from the glastopf project): When a…
-
Mixed links
From Andy Helsby’s Bookmarks: How do I Reset a Dell BIOS Password? – apparently for laptops there is a free (if you live in the USA) number you can call, and after giving the serial number for your laptop, they give a master unlock code. This is cool, but also a reminder that BIOS passwords…
-
Gh0stNet
The latest security news (hype?) is the discovery of Gh0stNet. Links: Original papare: Tracking GhostNet: Investigating a Cyber Espionage Network F-Secure blogpost about it The paper from Cambridge: The snooping dragon: social-malware surveillance of the Tibetan movement My take on it? There is no proof that China is behind this. There are alternative explanations (as…
-
Alternative regular expression syntax
For a long time I was a believer in the “Perl way” of doing regular expressions and an avid reader of perlre. All other implementations I viewed as a “poor man’s copy” of the one true idea. However, after reading the Lua Patterns Tutorial, I found it quite enlightening. Even though it is called “patterns”…
-
Build a botnet – without infecting end-users
The idea is not new: get a lot of users to view a given webpage, to DDoS the webserver / backend (depending where the bottlenecks are). If I recall correctly, some student asked the visitors of his website to continuously refresh the page of his university and got charged for it. As many have remarked…
-
An other reason for having command line
Because you can easily follow along with tutorial / trouble shooting guidelines / other documentations. Check out the difference between these two tutorials: Improving TS Gateway availability using NLB Installing the webhoneypot on OpenWrt In the first you have to orient yourself after some screenshots. If an error message comes up, it is much less…
-
Mixed links
A paper about the state of the databases which store our information in the EU. I skimmed trough it, probably it is more interest to people who are concerned about this aspect. Advances in HTTP encapsulated payloads – a presentation about Metasploit using outbound connections. Nothing too revolutionary, but a good reminder that just because…
-
the_source review
the_source is a video podcast (vidcast? netcast?) concerned mostly with open source. The show is of high quality and they pride themselves with only using open source software to produce it (they use Cinelerra, now renamed Lumiera which seems to a very nice non-linear video editor for Linux). Their episodes are high quality, and even…