Two years ago I decided to get a personal site. I was after two things: flexibility and low cost. I didn’t want to get a VPS but I also didn’t want the hosting packages of one domain and 350MB of space. So I found IPage.com a shared hosting provider that was giving me unlimited hosted sites, unlimited databases, unlimited bandwidth and unlimited disk space for about 35 euros for a year… that in my book was a great deal! So I went ahead and bought it. In that year I was generally happy with them. My pages where occasionally a bit slow but still fast enough for my sites’ needs. The problem was that the 35 euro price was an introductory price and the next year IPage asked me for triple that amount… Since I didn’t feel like that was a good thing (now that you are a customer we’ll suck you dry) I decided to look elsewhere. A colleague at work recommended Bluehost.com. Bluehost offered me the same things as IPage plus SSH access for about 50 euros per year. I went for that and I was quite happy…. until this week… Continue reading
Joke I just made up:
What do you call a woman who first says to you “I love you” but ten minutes later she adds “I actually don’t, but don’t feel bad because I say that to all men”?
Since the beginning of October I’ve been following the online AI course from Standford, taught by Sebastian Thrun and Peter Norvig. In the last two months, I’ve given up a great part of my free time to look at videos, do quizzes, read clarifications on the AI page on Reddit and complete assignments. I will not say it was not worth it. It definitely was. I’ve
learned so much and I already have ideas on how to use Artificial Intelligence (specifically Machine Learning) in my own field (Computer Security).
Last night, I noticed a link on the course website that lead me to a YouTube video
of the latest Google+ Hangout where two AI professors, along with Sal Khan, the founder
of Khan Academy and a handful of students from some universities in the US where talking about the future of education and how these new ways of teaching are “reinventing education”.
I was listening to their discussion when the following comment by Prof. Thrun really jumped out of the page and hit me on the head…
Its been a while since my last post so I decided to make it worthwhile :). I was recently checking a friend’s site for the classic Web application vulnerabilities, when I found a reflected XSS attack. While I was investigating the bug, I noticed that while the bug worked on Mozilla’s Firefox, it didn’t work on Google’s Chrome. As it turns out, Chrome uses an Anti-XSS filter, based on static analysis, which attempts to detect XSS. If it detects such an attempt, it filters out the injected code, and effectively stops the on-going attack.
In order to demonstrate this, I made a vulnerable page at http://securitee.tk/files/chrome_xss.php. This page simply reads two GET parameters, namely a and b, which it then prints out in the resulting page.
To show that injection is possible, I start by injecting some HTML which is indeed rendered as part of the HTML page.
This article is not written by me. I found it online, but only in one place so this is effectively a mirror for it. Enjoy 🙂
/* Tutorial: How to write a backdoor for OpenSSH. */
/* Date: June 29, 2005 */
/* Author: pikah (email@example.com) */
/* Website: http://w4ck1ng.net */
You have to love phpinfo() . This simple PHP function prints out a truck-load of information regarding all kinds of configuration details of your Apache + PHP installation. It is very helpful to a Web administrator who is trying to debug his installations and also very “helpful” to attackers who can get a quite good peak of what
goes on inside your installation, such as:
- PHP Version running on the machine (cough*exploits*cough)
- Operating System
- Paths to your Web applications
- All modules installed
While I was in Eindhoven for OWASP BeNeLux 2010 I was at some point searching online for WikiLeaks posts regarding greek politics. I was checking the results from the first page of Google when suddenly this caught my eye:
On the 3rd of December 2010 I decided to start this blog. I am way too busy to update this on a regular basis however I plan to post here all the things that I find (interesting|smart|stupid) enough to share with the rest of the world.
Thanks for stopping by 🙂