Tech News

...

Part seven of the series detailing the OWASP top 10 web application vulnerabilities with a focus on password hashing. (See intro) "Insecure cryptographic storage" relates to a number of aspects, but I think that it can be broken down to two main areas: Encryption and Hashing. As these are similar in some respects and are often both used together, there's a bit of confusion around what they are. Firstly, encryption uses a mathematical formula to transform human readable data into an unreadable form by means of a key. Often...

There seems to be an amusing correlation between the history of the fight between Kevin Mitnick and Tsutomu Shimomura as portrayed in the movie Takedown and the goings on with Anonymous and HBGary. In the same way as the "expert", Shimomura, was hacked by Mitnick, HBGarry was hacked a while ago after annoying the group. By means of getting in through the company website via an SQL injection attack, breaking unsalted hashed passwords via rainbow lookup tables and some social engineering, they managed to download the company emails...

Here's an excellent series of articles on an "average" Windows user, trying out Ubuntu Linux for the first time. I think his experience closely mirror many others, including mine. This was just one person's experience but I think his final conclusions may give interested people some perspective on the OS. http://www.pcworld.com/businesscenter/article/229187/30_days_with_ubuntu_linux_day_1.h...

To watch the Star Wars movie in a terminal, type the following and hit enter (Works in Linux, Windows and probably Mac as well.) telnet towel.blinkenlights....

Finally, Microsoft seems to making headway with Windows 8 and it seems to be heavily influenced by the Windows Phone 7 interface. A video has been released which showcases some of the new features and it looks pretty awesome. It's very different to the usual start menu/ windows/ desktop environment which has been around since windows 3.11.  It quite obviously has to compete with the likes of Android and Mac's iOS on tablets. However, I suspect that due to its late start, it'll always be playing catch-up. Now that users...

I've recently come across the OWASP (The Open Web Application Security Project) and it's really opened up my eyes. http://www.owasp.org/index.php/Main_Page According to their website: "Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license." The thing that interests me is that they've compiled a list of top 10...

Part four of the series detailing the OWASP top 10 web application vulnerabilities. (See intro) On the surface of it, this might seem to have something to do with class type objects, but actually, it doesn't... So what are we talking about? Well, the sort of objects we're talking about here are files, directories, database records or primary keys. I find that using a specific example is the easiest way to explain these concepts, so consider the following URL: http://myserver/index.jsp?getfile=myreport.doc or http://myserver/index.aspx?getfile=myreport.doc The...

Microsoft has just announced that it will purchase Skype for $8.5bn. On the surface of it it seems as though it's a great purchase with possible integration with Xbox, Windows Phone 7, Live.com etc. But has it come at too high a cost? In 2009, 70% of Skype was sold for $2bn. 2 years later, it's bought for $8.5bn? I doubt that Skype's value has increased to the degree which justifies the price and the stock market seems to agree - Microsoft's share price is down slightly for the day by 0.62%, in spite of the NASDAQ gaining...

I know a bit random - but a weird/funny take on the new Ubuntu colour. (Not that it actually has anything to do with Ubuntu though...) ...

"South African software industry players are pushing for changes in legislation to help reduce piracy" http://mybroadband.co.za/news/software/19277-Fighting-Piracy-with-the-law.html Is there much of a point? The industry moves faster than law can keep up. Back in 2002 the Electronic Communications and Transactions Act came into being. Prior to the ECT act, there were virtually no laws governing many areas of the industry. But even by the time it came into being, there were already shortcomings/ loops. So, are we ever going...

I faced an interesting question recently in building SharePoint based InfoPath forms. The problem was that a drop down field was being populated from a SharePoint list which could potentially have 50+ values, making the control cumbersome to use. The aim was to filter the values in the drop down based on another drop down field where there was a relationship between the two. So how do you build these cascading dropdowns? As an example,...

Gnome 3 has finally been launched after what seems like years! So long in fact that Canonical/Ubuntu has decided to drop it from their upcoming version. But even if you don't want to wait for the major editions to release it in their next versions, you can install it right now.This is probably one of the biggest changes to the Gnome interface for the past few years, so it's a big change.Have a look at the following to see how to install...

I came upon an interesting article this morning about HP presenting the Linux based WebOS which it acquired when buying Palm Computing as its future and "dumping Microsoft Windows.http://mybroadband.co.za/news/business/19279-HPs-bold-move.htmlNot that WebOS is new, or that Windows is going to be totally left out in the cold, but it certainly seems to have a slightly higher profile now. So, it's going to compete head on with Android and probably a host of other Linux based OS's. Once again, the question around a fragmented Linux...

This is part five in a list of articles in which I'm detailing the OWASP Top 10 vulnerabilities. (see intro)What is Cross-Site Request Forgery? Cross-Site Request Forgery, one-click attack, session riding or XSRF is an attack whereby unauthorised commands are transmitted from a user that exploits the trust that a site has in a user's browser. This is also known as a confused deputy attack against a browser. The "deputy" is the user's Web browser which is confused into misusing a user's authority at an attacker's direction.Basically,...

I've had to set up a SharePoint 2010 Virtual machine for upcoming projects. The problem is that SharePoint 2010 requires Windows 2008 server 64bit.OK, no problem... I've got a 64 bit machine. Hmmm.... But at the time of reformatting my machine I didn't have the 64-bit Ubuntu with me, so I installed the 32 bit.So... the question is can you install a 64 bit guest on top of a 32 bit host? Yes! Well, at least using VirtualBox - I can't really comment on other virtual technologies. The other thing is that my physical CPU is a Intel...

In my review of Kubuntu 10.10, I closed in saying that I probably wasn't going to keep it for very long. There seemed to be a few bugs in the UI, with some of the windows tearing. But I got used to most of the small idiosyncrasies and liked some of the features. So, I ended up running it for about 3 months. I've just reinstalled Ubuntu 10.10 on my main laptop and have once again feel much more at home. Firstly, I used a stopwatch to see...

I've got some stones that I've found in my garden which are guaranteed to grant you immortality! And furthermore, I'll give you a 100% money back guarantee!Yeh.... WHATEVER!Power Balance Australia has been forced to admit that their product is a scam: "The Australian Competition and Consumer Commission (ACCC) has orderedPower Balance Australia to refund all customers who feel they weremisled by the supposed benefits of Power Balance bands." ACCC Link GizmodoI can't believe that people still fall for this "magic" these days,...

This is part one of the series detailing the OWASP top 10 web application vulnerabilities. (See intro)http://xkcd.com/327An SQL Injection attack is a type of code injection attack where an attacker exploits a vulnerability in the database layer of an application. This can occur when user input is incorrectly filtered for escape characters. Serious system damage can be suffered such as lost data or entire databases, compromised systems etc.A...