Can You Hack Your Own Site? A Look at Some Essential Security Considerations Twice a month, we revisit some of our readers’ favorite posts from throughout the history of Nettuts+. This tutorial was first published in July, 2008. Version one goes gold! Maybe that dastardly style sheet just won’t cascade elegantly on browser X. This article walks through the brainstorming stage of planning for what is, in this instance, a hypothetical user-centric web application. Although you won’t be left with a complete project – nor a market ready framework, my hope is that each of you, when faced with future workloads, may muse on the better practices described. The Example We’ve been asked by our client to incorporate into an existing site, a book review system. After a quick chat with the client, we have the following specification to implement, and only twenty four hours to do it: Note: The client's server is running PHP5, and MySQL – but these details are not critical to understanding the bugbears outlined in this article. The Processes: $_REQUEST Variables SQL Injection
How to be a good (and lazy) System Administrator If you're anything like the average System Administrator, you are understaffed, underfunded, and overworked. By now, you've also gotten used to the idea that no one knows you exist until the mail server goes down, then you're suddenly on America's Most Wanted. In this article, I'm also assuming that you have many servers that you are responsible for. I'm also assuming that you don't really want to work as hard as you are; if you do, you should become a Windows server manager and begin worrying about frequent patches from Microsoft, security vulnerabilities, virus protection, a clumsy user interface, and lack of native scriptability. As a good System Administrator, you want to get the job done right, but as a lazy System Administrator, you don't want to work too hard to get it done. Over the years, I've developed the mantra, “If I have to do it more than once, I write a script to do it.” Once we've taken the time to get the authentication working, lets start making our lives easier. #!
Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.[4] Functionality[edit] Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark allows the user to put network interface controllers that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. On Linux, BSD, and OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also put wireless network interface controllers into monitor mode. History[edit] In the late 1990s, Gerald Combs, a computer science graduate of the University of Missouri–Kansas City, was working for a small Internet service provider.
Raging Menace - MenuMeters MenuMeters cannot be used on 10.11 El Capitan, please see "System Requirements" below. Introduction MenuMeters is a set of CPU, memory, disk, and network monitoring tools for Mac OS X. Although there are numerous other programs which do the same thing, none had quite the feature set I was looking for. Most were windows that sat in a corner or on the desktop, which are inevitably obscured by document windows on a laptop's small screen. Those monitors which used the menubar mostly used the NSStatusItem API, which has the annoying tendency to totally reorder my menubar on every login. The MenuMeters monitors are true SystemUIServer plugins (also known as Menu Extras). The CPU Meter can display system load both as a total percentage, or broken out as user and system time. MenuMeters comes without warranty or support. Screenshots License MenuMeters is released under the GNU General Public License (GPL). See the "GNU General Public License.rtf" file for full license terms. Donations
New "paint" provides wireless network protection without encryption Forget WEP and WPA; I’m switching over to the EM-SEC Coating System, a recently revealed paint developed by EM-SEC Technologies that acts as an electromagnetic fortress, allowing a wireless network to be contained within painted walls without fear of someone tapping in or hacking wireless networks. The EM-SEC Coating System is clearly the most secure option aside from stringing out the CAT5, and can be safely used to protect wireless networks in business and government facilities. “The use of EM-SEC Coating as an electromagnetic barrier for the containment of wireless networks has opened a new realm of possibilities for our company and for the future of wireless communications” said Robert Boyd, Vice President and Director of Technology for EM-SEC Technologies, LLC. The EM-SEC Coating System uses a series of water-based shielding products that restrict the passage of airborne RF signals, and was initially developed to aid the U.S.
atMonitor Monitoring MiniTop - Displays top 3 most CPU hungry applications. CPU - Supports multiple cores. Displays detailed process information and the top 3 CPU intensive processes. RAM - Shows memory specifications and the usage broken down into wired, used and free. It also tracks the top 3 memory hog processes and allows to "Purge" - recover memory (dev tools must be installed for the Purge feature to work). Temperature - Both CPU and GPU temperatures are reported. Disk - Displays the read and write performance of the most active disk. Network - Displays the read and write performance of the active network interface. Top Window Top Window is the core functionality of atMonitor. Triggers Triggers can be setup to activate any script when a predefined value reaches its target. Utilities Utilities, accessible from "System Info", are a set of useful and domain specific system commands that can show detailed information about the system such as Kernel State, I/O Registers, Smc Sensors and more. Logging