Jump to content

Gaz

Senior Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

 Content Type 

Posts posted by Gaz

    Unix freeBSD help -> phpMyAdmin installation

    in Computer Help

    Posted

    To get a list of what php extensions etc you have installed, you can use pkg_info(1) like so:

    %pkg_info |grep php

     

    If php4-session isn't listed in that output you're going to want to install it:

    %cd /usr/ports/www/php4-session
%make install clean

     

    This will take some time as it downloads the source and compiles. You can then restart apache with (i'm assuming you're running apache2 here)

    %/usr/local/etc/rc.d/apache22 restart

     

    More information on installing software is available if you get stuck.

     

    now.. weird question: the php on the server is version 4.4.2, but in the /usr/port/lang/ there's also php5-extensions

     

    The ports tree has both php5 and php4 available. So nope you don't want to install anything labeled php5-* since you're running 4.

    1

    Somebody Is Up To No Good

    in The Lounge

    Posted

    The problem is that finding a collision won't be a problem for forum softwares. A hacker would need access to the database to find the md5 hash anyways, and if he has access to the database, it doesn't really matter any more.

     

    Exactly, and rainbow tables can be rendered useless by salting your hash.

     

    The problem with MD5 collisions is when you're talking about binaries that could potentially be replaced with a malicious alternative with the same hash. Luckily most smart people are using SHA (for example, the FreeBSD ports system computes both MD5 + SHA-256 for a downloaded package; try finding a collision for both ;) )

    0

    Foward EVERY port?

    in Computer Help

    Posted

    Plus at twenty I'm out of room to forward any more ports.

     

    (ok, yeah, I know twenty is a lot but most are rarely used. Like all the filesharing ports -- I don't use them all the time, just every now and then when I need something.)

     

    So am I out of luck or is it possible to do this?

     

     

    If the DMZ function isn't doing what you want, and you're running out of forward input boxes on your router config the only other solution is to get a better router. Find an old box and learn how to use PF

    0

    Life Sucks

    in The Lounge

    Posted

    and right away I see my sliding glass door is open.

     

    Most likely they lifted the door up and off the tracks. I walked in on a burgler who used the same method; nearly made away with a laptop. Unlucky mike :( Get it checked out!

    0

    p2p programs wont connect an its not my firewall dammit

    in Computer Help

    Posted

    A company that sells a program that shares other peoples hard work for free really irritates me. They make money by exploiting other people. Stealing. I hope they and Limewire and bearshare and all the other ones get fined more they can pay and get shut down. Just my moral 2 cents.

     

    These companies and open source projects create software that can be used to "share other peoples hard work for free". Should they be fined too?!

     

    Ultimately, piracy happens because the end-user makes that decision. There is nothing wrong with P2P/any Technology, only the way in which it is (ab)used.

    0

    SQL Database

    in Computer Science

    Posted

    The program will only be used on some of the computers in the office. Nobody will have access to the program who doesn't already have access to the customer data.

     

    Thats still no excuse to code sloppy sql-injectable code. What happens if Mr employee gets fired and decides to ' DROP DATABASE really_important_stuff ?

     

    If they only need to display data, I suggest creating a read only user for the database in question and using that for queries.

    0

    Defender

    in Computer Science

    Posted

    Heh I can't get windows defender to update its defs (running XP SP2 in VMware)

     

    Windows Defender was unable to complete the update: 0x8024001d. The system cannot write to the specified device

     

    Google says nothing :/

     

    edit: fixed it by deleting C:\Windows\SoftwareDistribution\Download

    0

    My website was hacked

    in The Lounge

    Posted

    You can learn more by looking at your webserver logs and grepping through them for common things like sql commands (union,select,insert) and characters that shouldn't be there. A lot of attacks on a site I run come from vietnamese and chinese proxies, consider blocking them if they aren't your audience. You can also check secunia and milw0rm for vulns; patch to the latest verison of your CMS when updates are available.

     

    If you're running apache have a look at mod_security, it can stop a great deal of attacks if you're too lazy to update your webapps but it is by no means a reason not to patch; only a safety net if you forget.

     

    Tree's code looked secure. I shall implement that.

     

    Proper could should never accept user input like that. Always validate! I would use a regular expression containing the list of pages "home|page1|page2" and compare input to the list.

     

    PHP is executed server side. You cannot bring up info about other files/directories, or do pretty much anyathing at all, by executing a script on another server!

    It's not being executed on the some_free_host.com site. If you look at the code, it's telling it to include the contents of "some_really_nasty_script" into the current page, so it gets run on the poor webserver.

    0

    Wireless internet.

    in The Lounge

    Posted

    Yes' date=' I've got it so that only my mac address is able to access it.

    However, I have yet to disable all security, I'll try that one next.[/quote']

     

    Start off simple; no mac filtering, no wpa key etc. this way you know if

    a) your hardware / driver is bad or

    b) you typo'd somewhere

     

    Then slowly build up your security, wpa key; mac filter et al.

    0

    Undetectable malware...coming soon?

    in Computer Science

    Posted

    A Singapore researcher has found a way to make malware 100% undetectable under vista 64 bit using AMD's SVM/Pacifica virtualization technology. It basically creates an ultra-thin hypervisor that takes over control of the base operating system and there is no performance penalty - gfx and other devices are fully usable by the os which is now executing inside virtual machine. This all happens on-the-fly without rebooting.

     

    A lot of the article sounds like marketing (matrix references et al) but the virtualisation technology is here..xen etc. oh and it doesn't just affect windows: "I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD"

     

    http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html

    http://www.eweek.com/article2/0,1895,1983037,00.asp

     

    " A working prototype of the Blue Pill will be unveiled at the Black Hat Briefings on the same day that Microsoft is scheduled to show off some of the key security features of Windows Vista.
    0

    Vista or XP Pro

    in Computer Science

    Posted

    If you want to make lots of money off support calls and fixing machines, go with the largely untested (in production environment) vista.

     

    If you want something that is tried, tested and picked apart for security exploits go with XP or wait for vista SP2 :D*

     

     

    *assuming unix/linux is not an option

    0
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.