A blog about tech, programming, security, and various other subjects.




Found 18 results for your search query or tag selection. Clear search.
Google banned from this site for foul play  Tags: websites.
Yesterday, I read this article: https://unlikekinds.com/article/google-amp-page-speed.

The main points are:

  • To get more prominent visibility on Google, you can implement AMP. Without AMP, you will never enjoy the prominent placement your competitors might get by implementing it.
  • Your domain is not displayed anymore when a user clicks on your results: everything goes through Google.
Local File Inclusion by one misplaced character  Tags: security, websites.
"Uh-oh," I thought, as a good friend alerted me to a local file inclusion vulnerability in a site that I recently made. It's still in beta, not public yet, but still. How could this happen? I wrote code to prevent this!

The site has a ?page=mypage parameter that you could modify into anything, and it would just include the page instead of restricting it to existing and allowed pages. An absolute beginner's mistake, and I had thought of it, and secured it. Just not tested it.

I went to look at the code.

if (in_array($_GET['page'], array('about', 'contact', true))) {

    require($_GET['page'] . '.php');
}
Can you spot the error?
The sneakier way of violating net neutrality  Tags: networking, websites.
Net Neutrality

It's not just a good idea,
it ought to be the law.

— Kurt Griffith


I think many have seen this image already:
Encrypting passwords  Tags: security, webdevelopment, programming, websites.
It's so easy to bash Adobe for encrypting passwords instead of hashing them. The entire security community did, and of course they were right. Encryption is by definition reversible, so it was stupid of Adobe to encrypt passwords instead of hashing them, right? Right?

Or maybe not. As time passes and not a single password from an Adobe user has been leaked, aside from the ones solved in crossword puzzles, I was starting to doubt our judgment.
Are you affected by Adobe's hack?  Tags: websites, security.
I wrote a tool that checks whether your email address and password were among the ones hacked at Adobe. It won't be online forever, just for a few days I think.

You can find it here: https://lucb1e.com/credgrep

The reason it won't be online forever is because it needs a daemon to run. Searching a 10GB file is not trivial, so instead of searching it for everyone individually I wrote a program that does it in the background (daemon). Whenever someone adds a search, it is added to the database.


Next page / Older posts
 
lucb1e.com

Circle on Google+
Follow at Twitter


Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing