From the desk of Samy,
I didn’t want to post anything more today until next week… But this is almost compulsory! My fucking god, sometimes there are websites that make me freak out… How the hell can a so popular website have such a vulnerability?
Talking about SQL Injection is in my blog list now.
What do you think I could do with the following information I’ve just received after sending a VERY SIMPLE attack to the website?
Failed on select title.text, mistake.title, mistake.timecode, media, mistaketext.text, if((mistake.modified3) < (now() - interval 1 year),’yes’,'no’) as yearold, date(mistake.modified3) as date, mistake.type from title, mistake, mistaketext where mistake.id = ” or 1=1′ and mistaketext.id = mistake.id and mistake.title = title.id
Yes… You are right. EVERYTHING.
Reminding that all information (including admin password and so on) is stored in the website DataBase…
Have fun…
…SaMy*^30
ShareThis
From the desk of Samy,
First of all, we should know what SSH is:
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
This means that you may need to access from wherever to either your home-computer or work-computer. Using SSH protocol and Linux on the OS side, it’s easy. Anybody can use this protocol and he will be able to login remotely and execute commands (VNC is a alternative: it uses graphical mode, but data is not encrypted). I wanted to access my home-computer (reasons are besides the point), so I had to install a SSH server on my computer. As it gave me headache due to a silly thing, I’ll show you how you must do that.
(more…)
ShareThis
From the desk of Samy,
Fortunately, the other day I had the opportunity to attend another conference (I’m getting used to it): Bruce Schneier came to ETSE (my faculty, in UAB) in April, 24. A brief introduction about who Bruce is:
Bruce Schneier (born 15 January 1963) is an American cryptographer, computer security specialist, and writer. He is the author of several books on computer security and cryptography, and is the founder and chief technology officer of BT Counterpane, formerly Counterpane Internet Security, Inc.
Bruce is an internationally renowned security technologist and author. Described by The Economist as a “security guru,” Schneier is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
Now that we know a little bit more about him, let’s start! I hadn’t the foggiest about what he was going to tell us and it surprised me: The IT impact on the world nowadays, very close to security matters.
From now on, I’ll write this post according to Bruce, reproducing what he said.
(more…)
ShareThis
From the desk of Samy,
You can view a large list of Idioms, grammar mistakes, vocabulary and so on, in English, HERE.
Enjoy it ^__^
…SaMy*^27
ShareThis
