I am so sick of APT this and APT that. Advanced Persistent Threats, essentially state sponsored intelligence gathering, are no different to the age old espionage between EADS and Boeing – something that CANNOT be prevented by coining yet another new FUD term like APT. Espionage is at least the second oldest profession in the…
GaiaBB: Dog food coming soon
It’s been a slow haul working on converting all the database access to PDO. There’s just so MUCH crap in there. So to keep things moving, I’m going to move www.gaiabb.com to run on the donated OLPCs at my home. More details here.
Parameter Pollution with JSON
I’ve been playing around with JSON recently, and I’ve discovered that most JSON implementations allow parameter pollution. This might be obvious to JavaScript experts, it’s not immediately obvious to most folks as JSON is just so much line noise. {“varName”:value,”varName”:value2,”varName”:value3} In the systems I’ve tried injecting, value3 is the one taken. Now if you have…
How to migrate to PDO without it hurting… much
As we saw in the previous article, conversion to MySQLi is an awful lot of work. So let’s move to PDO. Step 0. Get PDO working with your database server Somewhere along the line, the PHP and MySQL folks decided to not be friends, so even though 99.99% of all PHP scripts require MySQL, in…
Converting your PHP app to MySQLi prepared statements
Okay, you’ve got like a zillion SQL queries in your PHP app, and probably 95% of them have a WHERE clause, and you need to make them safe so people will still download and use your app. Because if you don’t fix your injection issues, I will rain fire on your ass. These are the…
Howard Schmidt appointed US cyber czar
Howard Schmidt has been appointed as the US’s cyber czar. The position has been open for months, which is … interesting … considering how vital IT is to the world’s economy and safety. Mr Schmidt, if you read this blog entry, please consider the following: Web Application Security is the most pressing need for change….
Web App Sec Predictions for 2010
Normally at this time of the year, I would talk about the industry’s achievements over the last year. None. Zilch. Nada. We’re seeing more SQL injection used in real world attacks than ever before. XSS is still with us, and one of the biggest offenders – PHP – has made zero moves to include proper…
Inbox Zero
It’s Inbox Zero time again. Every year, I do the Inbox Zero thing and archive all my mail (read and unread) on January 1 from the year just gone. I also tell myself it’s time to start following the IZ rules, but … they somehow always fall to the wayside. I get a lot more personally…
Black Day For Australia
Today, the Labor Government, pandering to a tiny minority of voters who will NEVER vote for them, will proceed with censoring our Internet. Many of these hard right wing “Christian” (who obviously missed the entire point of the New Testament) “voters” (Exclusive Bretheren, etc) do not have computers let alone TV’s or newspapers to be…
Be careful for what you wish for
Well, the Emissions Trading Scheme is dead – for now. Yay! I do a little dance on its grave. We’ll have to fight it when the double dissolution election comes up sooner than later. However, I wasn’t expecting the mad monk, Tony Abbot, to gain the Liberal leadership. That was a surprise, as I bet…