Jump to content

Gaz

Senior Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by Gaz

  1. To get a list of what php extensions etc you have installed, you can use pkg_info(1) like so: %pkg_info |grep php If php4-session isn't listed in that output you're going to want to install it: %cd /usr/ports/www/php4-session %make install clean This will take some time as it downloads the source and compiles. You can then restart apache with (i'm assuming you're running apache2 here) %/usr/local/etc/rc.d/apache22 restart More information on installing software is available if you get stuck. The ports tree has both php5 and php4 available. So nope you don't want to install anything labeled php5-* since you're running 4.
  2. Exactly, and rainbow tables can be rendered useless by salting your hash. The problem with MD5 collisions is when you're talking about binaries that could potentially be replaced with a malicious alternative with the same hash. Luckily most smart people are using SHA (for example, the FreeBSD ports system computes both MD5 + SHA-256 for a downloaded package; try finding a collision for both )
  3. If the DMZ function isn't doing what you want, and you're running out of forward input boxes on your router config the only other solution is to get a better router. Find an old box and learn how to use PF
  4. Gaz

    Life Sucks

    Most likely they lifted the door up and off the tracks. I walked in on a burgler who used the same method; nearly made away with a laptop. Unlucky mike Get it checked out!
  5. More likely what you are seeing is a result of Referer spamming.
  6. My middle click is paste Ctrl+click works good
  7. http://www.firewallleaktester.com/removewga.htm
  8. These companies and open source projects create software that can be used to "share other peoples hard work for free". Should they be fined too?! Ultimately, piracy happens because the end-user makes that decision. There is nothing wrong with P2P/any Technology, only the way in which it is (ab)used.
  9. That tutorial has certainly perked my interest, are there any particular books you would recommend bascule?
  10. Windows doesn't like booting for a drive that isn't primary. I have a setup of primary (gentoo) secondary (winxp) and used something like this in grub: http://www.gnu.org/software/grub/manual/html_node/map.html CD-Roms etc don't show up as hdx in grub. Hope that helps
  11. Thats still no excuse to code sloppy sql-injectable code. What happens if Mr employee gets fired and decides to ' DROP DATABASE really_important_stuff ? If they only need to display data, I suggest creating a read only user for the database in question and using that for queries.
  12. Gaz

    Defender

    Heh I can't get windows defender to update its defs (running XP SP2 in VMware) Google says nothing :/ edit: fixed it by deleting C:\Windows\SoftwareDistribution\Download
  13. You can learn more by looking at your webserver logs and grepping through them for common things like sql commands (union,select,insert) and characters that shouldn't be there. A lot of attacks on a site I run come from vietnamese and chinese proxies, consider blocking them if they aren't your audience. You can also check secunia and milw0rm for vulns; patch to the latest verison of your CMS when updates are available. If you're running apache have a look at mod_security, it can stop a great deal of attacks if you're too lazy to update your webapps but it is by no means a reason not to patch; only a safety net if you forget. Proper could should never accept user input like that. Always validate! I would use a regular expression containing the list of pages "home|page1|page2" and compare input to the list. It's not being executed on the some_free_host.com site. If you look at the code, it's telling it to include the contents of "some_really_nasty_script" into the current page, so it gets run on the poor webserver.
  14. He should be jailed for being "excessivly cheesy"
  15. Kaspersky seems to do a good job on my brother's XP box
  16. A Singapore researcher has found a way to make malware 100% undetectable under vista 64 bit using AMD's SVM/Pacifica virtualization technology. It basically creates an ultra-thin hypervisor that takes over control of the base operating system and there is no performance penalty - gfx and other devices are fully usable by the os which is now executing inside virtual machine. This all happens on-the-fly without rebooting. A lot of the article sounds like marketing (matrix references et al) but the virtualisation technology is here..xen etc. oh and it doesn't just affect windows: "I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD" http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html http://www.eweek.com/article2/0,1895,1983037,00.asp
  17. You're running a BETA os, from microsoft no less. What were you expecting?
  18. If you want to make lots of money off support calls and fixing machines, go with the largely untested (in production environment) vista. If you want something that is tried, tested and picked apart for security exploits go with XP or wait for vista SP2 * *assuming unix/linux is not an option
  19. If this is true, then there is no doubt it will get pushed to the side - just look at voice regognition typing software and how unsuccessful that was. I <3 my keyboard.
  20. Public beta: http://www.microsoft.com/windowsvista/getready/default.mspx direct download If you're into that sort of thing...
  21. Go with Debian or one of the BSDs
  22. Find an old box and install linux on it. There are plenty of great free FTP servers and it will be infinitely more secure and cheaper than paying for a licence and more legal than warezing soft.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.