A blog about tech, programming, security, and various other subjects.




Found 17 results for your search query or tag selection. Clear search.
Local File Inclusion by one misplaced character  Tags: security, websites.
"Uh-oh," I thought, as a good friend alerted me to a local file inclusion vulnerability in a site that I recently made. It's still in beta, not public yet, but still. How could this happen? I wrote code to prevent this!

The site has a ?page=mypage parameter that you could modify into anything, and it would just include the page instead of restricting it to existing and allowed pages. An absolute beginner's mistake, and I had thought of it, and secured it. Just not tested it.

I went to look at the code.

if (in_array($_GET['page'], array('about', 'contact', true))) {

    require($_GET['page'] . '.php');
}
Can you spot the error?
The sneakier way of violating net neutrality  Tags: networking, websites.
Net Neutrality

It's not just a good idea,
it ought to be the law.

— Kurt Griffith


I think many have seen this image already:
Encrypting passwords  Tags: security, webdevelopment, programming, websites.
It's so easy to bash Adobe for encrypting passwords instead of hashing them. The entire security community did, and of course they were right. Encryption is by definition reversible, so it was stupid of Adobe to encrypt passwords instead of hashing them, right? Right?

Or maybe not. As time passes and not a single password from an Adobe user has been leaked, aside from the ones solved in crossword puzzles, I was starting to doubt our judgment.
Are you affected by Adobe's hack?  Tags: websites, security.
I wrote a tool that checks whether your email address and password were among the ones hacked at Adobe. It won't be online forever, just for a few days I think.

You can find it here: https://lucb1e.com/credgrep

The reason it won't be online forever is because it needs a daemon to run. Searching a 10GB file is not trivial, so instead of searching it for everyone individually I wrote a program that does it in the background (daemon). Whenever someone adds a search, it is added to the database.
Google search results keyboard shortcuts stopped working  Tags: websites.
Just a very quick post, since I couldn't find the right solution easily elsewhere...

At Google you can use keyboard shortcuts to navigate in search results. The most used is probably tab and then enter, which just brings you to the first search result. By pressing tab, arrow keys, and then enter, it opens other results. And ctrl+enter will even nicely open it in new tabs (to which you can switch with ctrl+tab).

From time to time, these keyboard shortcuts stop working. Google offers no settings for this nor explanation why it would ever stop working; it just breaks and you worry the awesome feature has been removed.


Next page / Older posts
 
lucb1e.com

Circle on Google+
Follow at Twitter


Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing