» Blog
» About me
» External links
» Random post
A blog about tech, programming, security, and various other subjects.
Found 16 results for your search query or tag selection. Clear search.
So I got hacked Tags: security, my blog, my server.
I must say well done to Robbert Camps for hacking my website :)
Due to my inattentiveness when writing scripts in the randomprojects folder, I missed a leak which gave him access to my blog and read-only access to any file on the system.
Ironically I was watching the website statistics right the moment before he discovered the leak, and realized there was an issue with a file someone was browsing.
I must say well done to Robbert Camps for hacking my website :)
Due to my inattentiveness when writing scripts in the randomprojects folder, I missed a leak which gave him access to my blog and read-only access to any file on the system.
Ironically I was watching the website statistics right the moment before he discovered the leak, and realized there was an issue with a file someone was browsing.
On security questions Tags: security, websites.
Security questions, as still used by many websites among which Windows Live, are conceptually flawed in many ways. They should never have been launched on the scale that they have, they should never have been taken as seriously as they have, and they should have been phased out long ago by now--the only thing they haven't. Also I discovered recently that their purpose is a mystery to many users, which only increases the security risk they introduce by a lot.
Security questions, as still used by many websites among which Windows Live, are conceptually flawed in many ways. They should never have been launched on the scale that they have, they should never have been taken as seriously as they have, and they should have been phased out long ago by now--the only thing they haven't. Also I discovered recently that their purpose is a mystery to many users, which only increases the security risk they introduce by a lot.
EICAR Tags: security, my server.
The EICAR test file [is a file] to test the response of computer antivirus (AV) programs. The rationale behind it is to allow [you] to test [AV software] without having to use a real computer virus that could cause actual damage should the AV not respond correctly. (From wikipedia.org). Also it's often much easier to create an EICAR file than find real malware.
Do not ever put this file on your domain. You'll be banned from the web by companies like Bitdefender. They'll detect
The EICAR test file [is a file] to test the response of computer antivirus (AV) programs. The rationale behind it is to allow [you] to test [AV software] without having to use a real computer virus that could cause actual damage should the AV not respond correctly. (From wikipedia.org). Also it's often much easier to create an EICAR file than find real malware.
Do not ever put this file on your domain. You'll be banned from the web by companies like Bitdefender. They'll detect
Secure login systems Tags: webdevelopment, security.
What a secure login system should be like:
What a secure login system should be like:
- The password field must hide the password;
- The login processing script must be called via HTTPS, or if over HTTP the login must be hashed before transmission;
- The password should be hashed via a secure hashing algorithm, I consider sha1 the minimum;
- The hash should be salted;
- The username or another static and user-specific should be included with the salt;
- The hash should be run a lot of times, like 100
3rd party access to social network accounts Tags: social networks, security.
Just a short message: It might be good to review 3rd party access to social network accounts every month or two.
I practically never use Twitter, and thought I might have one or maybe even two applications permitted to read stuff. Turns out I had 6, from which 3 had read and write access and another one even direct messages access (not that I know what that is, but it seems even more personal than read and write access).
I revoked some permissions now. Not that I suspected abuse, but
Just a short message: It might be good to review 3rd party access to social network accounts every month or two.
I practically never use Twitter, and thought I might have one or maybe even two applications permitted to read stuff. Turns out I had 6, from which 3 had read and write access and another one even direct messages access (not that I know what that is, but it seems even more personal than read and write access).
I revoked some permissions now. Not that I suspected abuse, but
Previous page / Newer posts
Circle on Google+
Follow at Twitter
Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing