Stefan Esser of the Hardened-PHP Project posted a security advisory of a flaw in ModSecurity regarding POST Data NULL Byte Rule Bypass.

The problem is that it is possible to bypass rules by adding NULL bytes to POST data with the application/x-www-form-urlencoded media type.

Now the funny part:

SOLUTION:
Do not rely solely on ModSecurity to block attacks.

ModSecurity isn’t a magical anti-hack solution, and the people who use it know that. Kinda stating a very obvious fix. How about “turn off scripting” :) [IE]

Steven.

The guys over at the Hardened-PHP Project have started a months of PHP Bugs. Whereby they set out to find vulnerabilities in the PHP Core (not any specific application). At the time of writing, they are up-to their 9th flaw. You can see all the action at php-security.org.

Yesterday I made a nother presentation at the Sydney PHP Group February Meeting.

This time about dealing with comment spam.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

I am talking about in the context of Win NT. SID is an acronym for Security Identifier. Today I needed to change the name of my main box, simple because the name, well, was crap. So thinking back to the last time I needed to change a SID, I used the newsid.exe tool from [what was then] SysInternals and I remember seeing an option for changing the name of the computer. Now I could of simply inputting my current SID, but no, I was in a rush and chose to generate a random key. Big mistake, all my EFS encrypted files (which were not that important anyway, since I don’t use EFS to secure anything important) were made usless, now I could recover them, but to save me the trouble I obtained the old SID from SAM file (C:\WINDOWS\system32\config\SAM), by viewing the security tab, which then showed me my SID. (You will need to truncate after the 7th dash, eg. S-1-5-21-xxxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx|-xxxx <– .The rest is just to do with the user name. The simple way to change the computer name is Control Panel>System>Computer Name>Change.

So there a lesson learn’t, do not change the SID!

Steven

I have search everywhere for something that disabled Num Lock and Caps Lock, yet I can only find one or the other, not both.

Why? Because you only accidentally press those keys, and they mess up your typing.

Solution: disable_numlock+capslock.reg

Notes: You might want to set Num Lock to be on at boot:

If you open up HKEY_USERS\Control Panel\.Default\Keyboard

You will find the key named InitialKeyboardIndicators

If you set it to 2 (String Value) then numlock will be on at boot. A value of 0 will turn it off at boot.

Yesterday I made a presentation at the Sydney PHP Group February Meeting.

For those who are interested my slides are in S5 format (xHTML + CSS + JScript).

No preamble needed…

Readonly:

*[readonly] {
/* CSS for all nodes with readonly attribute */
}

input[readonly] {
/* CSS for input nodes with readonly attribute */
}

textarea[readonly] {
/* CSS for textarea nodes with readonly attribute */
}

select[readonly] {
/* CSS for select nodes with readonly attribute */
}

Disabled:

*[disabled] {
/* CSS for all nodes with disabled attribute */
}

input[disabled] {
/* CSS for input nodes with disabled attribute */
}

textarea[disabled] {
/* CSS for textarea nodes with disabled attribute */
}

select[disabled] {
/* CSS for select nodes with disabled attribute */
}

Notes:
Works with:
readonly=”[anything]”
readonly
disabled=”[anything]”
disabled

Steven

I made my new box out of bits found in my cupboard after my last cleanup.

All I needed it for was VMware Server.

However there came a time where I needed to hook it up to my projector, and play a video.

So here is the easy way to install the default Ubuntu desktop:

apt-get install ubuntu-desktop

Yep, that’s all!

Steven

P.S:

If you don’t want it to start at boot:

nano /etc/init.d/gdm

and make line 2: exit 0

Well, I finally made some time to go down the the testing centre. And I passed, becoming an Zend Certified Engineer!

This is just for the people who didn’t know, not that I care. FreeBSD to the max!

Link >