I realized that I missed a great episode of Colbert when a friend described at lunch how Colbert had likened the Barr attack on anonymous to him sticking his penis to the hornets nest. I hope you enjoy a laugh. For a good article on how anonymous got into Barrs accounts read this Ars Technica [...]
Tags:
Some of us are attending the San Francisco Drupalcon 2010 this week. I am in a session which some of you may find interesting. The concepts are far from revelational but they are relevant. Most security
Tags:
I noticed lots of email being relayed on one of our shared hosting server, CentOS5 with Cpanel and running Exim, and the strange thing is that the email server (MX) for these accounts are pointing to Google (GoogleApps), and we have correct entries for localdomains and remotedomains for these account. The relayers (‘From’ server/address) looks [...]
Absolute Path Error: cvs [checkout aborted]: absolute pathnames invalid for server (specified `/path/drupalsite/’) Ok, I got the error above when I performed Drupal CVS update on our Debian server (newly installed CVS 1.12.13). The same command works on other server with older CVS installation. The issue is the reference to local cvs directory where I [...]
Tags: cvs·drupa update
The whole hidden IFRAME vulnerability has been going on for some time, only a few of our client have been effected by this. The net is still buzzing with this issue and while some are saying that the injection are results of php insecurities, mysql injection or cross site scripting, while others point to key [...]
Tags:
After a long development time, Centos 4.8 was finally released on the 21st August. This is a good thing that after the latest problems between the centos developers, they were able to pull this out finally and now be able to focus on the upcoming 5.4 release. There are no major changes in this update, [...]
Tags: Centos
Are you often waiting over 1 minute to get a ssh prompt? This can be caused by several things however more often then not is a missing PTR record for server address and enabled GSSAPIAuthentication in ssh_config. GSSAPIAuthentiction is Kerberos 5 centralized authentication/authorization mechanism that relies on resolving a hostname for proper operation, when it [...]
TrueCrypt is an open source encryption application, it has an ability to create hidden encrypted containers and file systems/volumes, it is portable and cross platform compatible. It allows to use cascading cyphers and encrypts/decrypts files on the fly. Be sure to read the FAQ and documentation before fully committing your files to TrueCrypt. – install [...]
Tags: Fedora 10
A month ago one of our customers complained on lots of spam comments appearing on his WordPress site. There’s no development changes, including updates, to that site since it was launched and it runs on WP version 2.3.3. We managed the issue by activating the Akismet plugin and upgrading the WordPress to latest version (2.7.1 [...]
Ran into an issue today where a php created file was unreadable by other users or services that run under a different user. Since this is a software originated issue the sysadmin would love for the developer to change the code to include the chmod() php function to set permission to 644 after file creation. [...]
Tags: umask
