Screen Sharing, PDF creation… Adobe steps up!
June 4th, 2008 by Sarah KingAdobe have launched a whole new suite of tools but the most exciting for me is the online pdf creation and screen sharing. Read the rest of this entry »
vBulletin needs to tackle Private Message Spam
May 8th, 2008 by Sarah KingThanks to the Black Hat community not keeping a lid on their activities I’ve been made aware of a spamming system targetted at the DigitalPoint forums. It can, however, be used on any vBulletin forum – I would assume. Some have implemented different rules around when you can send a private message, and some might even have captcha – but it’s all circumventable. Read the rest of this entry »
LiveMesh – the end of PHP?
April 24th, 2008 by Sarah King
Microsoft’s .Net applications have failed to dominate the web world. Certainly there are alot of sites using it, and alot of very good applications built in it but the closed door, clip the ticket approach has blocked alot of interest. Add to that the lower hosting costs of PHP and you’re onto a winner with smaller enterprises.
Now Microsoft are announcing that their focus has moved away from the PC and onto the Web and that LiveMesh is their new baby. We’re yet to see what LiveMesh actually is but LiveSide define it as: Read the rest of this entry »
Dear Google, It’s my site, let me scan!
April 11th, 2008 by Sarah KingI’ve just discovered the Goolag Scanner.
It’s a handy dandy tool for using Google queries to identify if there are any known holes in a website. Googlebot has already checked every crevice in the site, I just want to know what it knows!
Now Google, being all security conscious and that, gets a bit sensitive about you running these queries. They know that it’s possible you’re going to use the results to do bad things. Read the rest of this entry »
Domain registration changes we need!
December 17th, 2007 by Sarah KingI check the whois records for domains reasonably often. Whoisguard type systems are commonly in place to protect the identity of the domain owner. No problems there.
What irks, though, is the people who give completely false information… like this one where the info is incomplete and gives an Australian address yet I know that the actual owner is in India. By saying he’s in Melbourne he aquires a western credibility he perceives as superior to his Indian identity. Read the rest of this entry »
Exploiting the Adult Industry
August 22nd, 2007 by Sarah KingThis is a big topic in Auckland right now as our City Council Elections are hijacked by a supposed candidate promoting his porn empire. It’s hard to separate the “no harm done” side of the industry from the exploitive and damaging side and to understand, in the long run, where to draw the line.
Aside from the obvious industry fronts of websites, movies, magazines and gadgets there are the rogues that exploit the demand for the product. I guess anytime you have something popular there are going to be people who trick and connive.
Take Captcha – it’s a great way to bot proof your website and unless Read the rest of this entry »
Protecting your forum logins from hackers
August 11th, 2007 by Sarah KingThis is a hot topic at DigitalPoint right now as there is a bot working it’s way down the memberslist and doing bruteforce or dictionary attacks on the logins. Because the forum uses vBulletin it only gets 5 shots before there’s a lockout and it has to move onto the next member and then remember to return later. But it’s keen and has been running for a couple of days now. Reports indicate that it’s tried some other forums too.
Newbies, don’t upload exploits with your images!
July 20th, 2007 by Sarah KingManuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing users to upload images. It’s not something I’ve done alot but lets say you have a generated image such as this one – with a .php extension. I could upload it to your server and have it served from there – not much use to me because it would fail to update.
The next guy, however, might be uploading a malicious script that might take over your server, send spam etc.
Read his post here: PHP security exploit with GIF images
