A blog about tech, programming, security, and various other subjects.




Found 16 results for your search query or tag selection. Clear search.
So I got hacked  Tags: security, my blog, my server.
I must say well done to Robbert Camps for hacking my website :)

Due to my inattentiveness when writing scripts in the randomprojects folder, I missed a leak which gave him access to my blog and read-only access to any file on the system.

Ironically I was watching the website statistics right the moment before he discovered the leak, and realized there was an issue with a file someone was browsing.
On security questions  Tags: security, websites.
Security questions, as still used by many websites among which Windows Live, are conceptually flawed in many ways. They should never have been launched on the scale that they have, they should never have been taken as seriously as they have, and they should have been phased out long ago by now--the only thing they haven't. Also I discovered recently that their purpose is a mystery to many users, which only increases the security risk they introduce by a lot.
EICAR  Tags: security, my server.
The EICAR test file [is a file] to test the response of computer antivirus (AV) programs. The rationale behind it is to allow [you] to test [AV software] without having to use a real computer virus that could cause actual damage should the AV not respond correctly. (From wikipedia.org). Also it's often much easier to create an EICAR file than find real malware.

Do not ever put this file on your domain. You'll be banned from the web by companies like Bitdefender. They'll detect
Secure login systems  Tags: webdevelopment, security.
What a secure login system should be like:
  1. The password field must hide the password;
  2. The login processing script must be called via HTTPS, or if over HTTP the login must be hashed before transmission;
  3. The password should be hashed via a secure hashing algorithm, I consider sha1 the minimum;
  4. The hash should be salted;
  5. The username or another static and user-specific should be included with the salt;
  6. The hash should be run a lot of times, like 100
3rd party access to social network accounts  Tags: social networks, security.
Just a short message: It might be good to review 3rd party access to social network accounts every month or two.

I practically never use Twitter, and thought I might have one or maybe even two applications permitted to read stuff. Turns out I had 6, from which 3 had read and write access and another one even direct messages access (not that I know what that is, but it seems even more personal than read and write access).
I revoked some permissions now. Not that I suspected abuse, but


Previous page / Newer posts
Next page / Older posts
 
lucb1e.com

Circle on Google+
Follow at Twitter


Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing
Contact Me (test)