In my new project (involving spam) I’ve created a script for retrieving the messages locally, which you could also use for rapidly backing up your emails.
The script is aimed for retrieving the emails for multiple accounts using the POP3 protocol (via SSL).
(continue)
It looks as my online existence was on the peek of doom this month…
At first, my last Hosting Service was hacked and malicious iframes were injected in the website.
Later on, one of my twitter accounts (I’ve got two accounts) was suspended because I had a link to my infected blog.
The current hosting service I use had a hardware failure and a part of my blogs content is gone, RIP.
Apache failed a series of times to work this last week. And I’ve noticed this happens due to cold reboots. Other webservers I tried did not seem to fail in that aspect, but weren’t able to register properly PHP $_SERVER variables, so CodeIgniter wouldn’t work on them.
Actually I could have made CI to work, but I want it to work OOTB (out of the box).
SFTP under Centos/CPanel doesn’t support officialy chroot (if you have set up a similar environment feedback is welcome) so I could browse the root directory of my current hosting service, and had access to more than 100 databases. Problem was fixed by disabling SFTP and now I’m stuck with FTPES, which doesn’t support transfer resume… talk about responsive disclosure.
Posting this, doing a database backup and looking forward for more fail until the end of the month.
p.s. It must be due to my low karma on reddit.
The hosting service had a massive breakdown and huge data loss, and I, in the formal tradition, didn’t do any backups (lesson learned). Luckily I was able to recover a couple of articles from the Google Cache.
So if you’re wondering, that was the reason why your feed filled with a bunch of Insane Security articles.
The idea to this article came to mind a couple of days ago, but decided to post it today after listening to the following two (”the Malware Report”) Podcasts: Virtualization is Not Security and Virtualization: Security Risks You Must Know. Podcasts in which they threat a common misconception that virtual machines (even virtual firewalls) are more secure than normal machines.
Recently after moving the blog to this self-hosted platform I decided to cleanup a bit my feed reader… you know, add some, delete some. And while searching for blogs to subscribe to I came across Michal Zalewski’s website searching for a feed. Unfortunately didn’t find a feed, but did find his newest project…
A couple of days ago David (The Great) Melnichuk released The Hacker’s Underground Handbook, (e)book that comes as an aid for all those that are starting just now in this domain.
After reading the title you may say to yourself “Oh no, another <<secure login script>> article! Aren’t there enough already online?”. Yes there are, but unfortunately many tutorials (if it’s appropriate to call them so) only show you how to write SQL Injection free code. But that isn’t enough. What about brute force (dictionary, hybrid) attacks? Or how about making your admin panel (user panel) CSRF free? Well this article will try to deal with those issues too.
Yesterday I listened OWASP’s Podcast #1 and recall the conversation about (media buzzing) Clickjacking attacks, and I can’t agree more on a certain aspect of the conversation: attacks are becoming more simpler than ever. Just having a look at common attacks: SQL Injection attacks (if done manually) need a certain amount of SQL knowledge, XSS attacks require some Javascript knowledge, CSRF attacks require some knowledge on website functionality, while Clickjacking attacks require almost no skill.
You might as well throw away your secure code, packed under a secure connection (SSL), because the users who use it will have one word, easy to remember password.
Logs are a very important part of security, either for preventing attacks or for forensics. But sometimes you don’t have access to logs, like for example in shared hosting environments.