Rodney Campbell's Blog

Archive for July, 2006

2006.07.31 Daily Security Reading

by on Jul.31, 2006, under Security

Learning to Detect Phishing Emails
Phishers launched a record number of attacks in January 2006, as reported by the Anti-Phishing Working Group. These attacks often take the form of an email that purports to be from a trusted entity, such as eBay or PayPal. The email states that the user needs to provide information, such as credit card numbers, identity information, or login credentials, often to correct some alleged problem supposedly found with an account.

The security risk in Web 2.0
Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say. The buzz around the new technology echoes the '90s Internet boom–complete with pricey conferences, plenty of start-ups, and innovative companies like MySpace.com and Writely being snapped up for big bucks. 

Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript
Imagine visiting a blog on a social site like MySpace.com or checking your email on a portal like Yahoo’s Webmail. While you are reading the Web page JavaScript code is downloaded and executed by your Web browser. It scans your entire home network, detects and determines your Linksys router model number, and then sends commands to the router to turn on wireless networking and turn off all encryption. Now imagine that this happens to 1 million people across the United States in less than 24 hours.

The Evolving Art of Fuzzing
Fuzzing is a testing technique used to find bugs in software. Often these bugs aresecurity related since fuzzing is performed against the external or exposed interfaces ofprograms. Fuzzing is not used to establish completeness or correctness, the task of moretraditional testing techniques. Instead, Fuzzing complements traditional testing to discoveruntested combinations of code and data by combining the power of randomness, protocolknowledge, and attack heuristics. Adding automatic protocol discovery, reading real-timetracer/debugger information, fault data logging, and multi-fuzzer sessions is the cutting edge in fuzzing tools.

Opinion: Windows Genuine Advantage and why you should be annoyed
The only "advantage" of Windows Genuine Advantage, Microsoft's controversial anti-piracy software, is to help Microsoft, says Computerworld 's Scot Finnie.

Windows Genuine Advantage: What it is, how to ditch it
Looking to rid your Windows PC of Microsoft's anti-piracy software, Windows Genuine Advantage? Computerworld 's Scot Finnie takes you step-by-step through the process.

Comments Off on 2006.07.31 Daily Security Reading more...

2006.07.28 Daily Security News Reading

by on Jul.28, 2006, under Security

Here are the most recent interesting security related articles I can recommend you read.

Trojan Hides Itself as Firefox Extension
Security firm McAfee warned of a new trojan that installs itself as a Firefox extension on Tuesday, saying it had found Web sites linking to a virus known as FormSpy. Once loaded on the infected computer, the trojan begins sending personal information entered in the Web browser to a malicious site. 

IE7 to be Pushed to Users Via Windows Update
IE7 will be pushed to users via Windows Update. This has serious implications for e-commerce websites whose functionality might be affected by any bugs in the software. Also to have end users suddenly using a new browser right before the holiday shopping season could magnify the cost any bugs that might create a bad user experience on sites.

Comments Off on 2006.07.28 Daily Security News Reading more...

DropCap First Character WordPress Plugin

by on Jul.27, 2006, under Technology

OK – I've written my first WordPress plugin – it is incredibly simple and VERY short but it does the job none-the-less. The plugin is called dropcap_first and is available for download if you so desire.

What it does is it makes the first character of the post BIG in a magazine style. I got the idea (and most of the CSS code) to do this from an article called Magazine Style CSS Drop Caps and then it was just a matter of writing the relevant PHP code to do what I wanted.

Current Version Download: dropcap_first plugin

Installation:

  • download the latest version the plugin (above).
  • upload the entire plugin folder to your wordpress plugins folder (wp-content/plugins) on your server.
  • activate the DropCap First Character plugin in WordPress Plugins administration tab.

The plugin consists of two files. The PHP file (dropcap_first.php) which does the work (the important code is below):

function dropcap_header() {
    echo('<link rel="stylesheet" type="text/css" media="screen" xhref="' . get_bloginfo('wpurl') . '/wp-content/plugins/dropcap_first/dropcap_style.css" />');
}

add_action('wp_head', 'dropcap_header');

function dropcap_first($content='') {
    $pos = stripos($content, '<p>');
    if (($pos !== 0) || ($pos === false)) {
        return '<p class="dropcap-first">' . $content;
    } else {
        return '<p class="dropcap-first"' . stristr($content, '>');
    }
}

add_filter('the_content', 'dropcap_first', 7);

and a stylesheet file (dropcap_style.css) which defines what the character will look like and uses the :first-letter pseudo element to limit the effect to the first character of the post.

p.dropcap-first:first-letter {
color: #D4D4C7;
float: left;
font-size:80px;
line-height:60px;
padding-top:4px;
padding-right:5px;
font-family: Times, serif, Georgia;
}

If you wanted to change what the first character looked like (the colour, size, font, etc) then you just need to adjust this stylesheet entry. If you like the look of this you can add it to your own WordPress blog by downloading the dropcap_first plugin and installing it as per usual – this plugin requires no other manual edits to work.

302 Comments more...

Computer and Network Security Reads

by on Jul.26, 2006, under Security

I work in the IT Security field and have been involved with this speciality for the past 15 years. My primary areas of expertise are in Unix system security, firewalls and application layer gateways. I've been the primary technical specialist for our organisations corporate Internet gateways for more than ten years. I try to keep abreast of recent IT security information available primarily on the Internet and as such I like to devote some time to reading good IT security articles from the web. In this section of the blog I'll post up links and information on some of the most interesting reads I come across.

PHP encryption for the common man
In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it means to encrypt and decrypt information, as well as some practical examples involving passwords and other data, using PHP's built-in functionality.

New Crypto Malware Nearly 'Uncrackable'
File-encrypting Trojans are becoming so complex that security companies could soon be powerless to reverse their effects, a new report from Kaspersky Lab has said. The report notes the rapid evolution of the public key encryption used by one family of crypto malware, Gpcode, which went from using 56-bit to 660-bit RSA in a matter of weeks.

A month of browser bugs
Scott Granneman looks at the virtues and pitfalls of browser fuzzing and the overwhelmingly positive impact it has on the security community.

Collection of Programming and Computer Cheatsheets
This website contains a large collection of quick reference materials ranging from HTML and CSS to Python and Perl.

The State of Spam
Nearly five billion pieces of spam are blocked every day between the efforts of AOL and Microsoft which represents 95 percent of SPAM traffic, but that still leaves about 5 percent that gets through. The Messaging Anti-Abuse Working Group says spam accounted for about 80 percent of all the e-mail traffic on the Internet during the first three months of 2006. IBM is reporting that phishing now accounts for one in every three hundred email messages.

Password Size Does Matter
Length is more important than complexity when it comes to secure passwords.

Comments Off on Computer and Network Security Reads more...

Choosing a Blogging Software Package

by on Jul.24, 2006, under Technology

So… I was tinkering with the idea of setting up and running a blog – but where to start? Weblogs (or Blogs for short) have been the rage on the Internet over the past few years so given that I was myself a VERY early adopter of the web (I setup my first web site back in around 1992/93? – back then we used the CERN software and the Viola and then Mosaic web browsers) I figured it was about time.

I've been familiar with web server software for many years (I've been running my own apache servers for about as long as I can remember) but I've never really done much with any of these complete software suites with content driven from a database – I've always been more of a cobble together and hand craft anything I need in Perl and Shell.

One of my passions and hobbies is Xbox (and now Xbox 360) console gaming and more specifically Online gaming with Microsoft's excellent Xbox Live service. A number of years ago when Xbox Live was in it's infancy (in fact it wasn't even out here in Australia) I helped create an online community for like minded gamers and more recently (just over a year ago) I was one of the founders of an Xbox Community web site and forums called XboxZone. In that capacity I've basically been their primary systems administrator and coder so I got my feet wet with PHP coding and a MySQL database driven site (we use the phpBB forums software package). Which brings us to now – my requirements were basically that I wanted something that I could host myself, would run on an Apache web server with MySQL and preferably PHP (or maybe Perl) and was free. This would allow me to have total control and since I can code and do all this other stuff myself I could tinker away and get it all to basically do what I want.

A search of some available literature and reviews of blogging software on the Internet basically narrowed things down to a shortlist in two distinct camps:

  1. What I'll call native blogging packages (e.g. WordPress, Textpattern and Movable Type).
  2. Complete CMS's (Content Management Systems) which would be able to run a whole site (with a blogging extension for the actual blog) (e.g. Drupal, Joomla and XOOPS)

Some of the better articles and reviews I came across in my travels in my reseach and investigation included:

In the end I decided to go with a specific dedicated blogging package and it came down to a toss up between WordPress and Textpattern (as you can see I decided on WordPress).

All in all I'd have to say it was all incredibly easy to set up; the addition of themes, plugins and widgets was relatively easy even with a number of manual code hacks and other extra coding I did to get things to work more like I wanted them. All up I went from zero to pretty much fully functioning site in perhaps under a dozen hours over two days. There are still more things I want to do and implement but I'll work on them over time.

In the next article I'll go through a number of the WordPress Themes I looked at as well as the WordPress Plugins and WordPress Widgets I decided to use.

Comments Off on Choosing a Blogging Software Package more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Copyright © 2015 Rodney Campbell

Images contained on this web site may not be used or reproduced in any way without prior permission.