Generic vardenafil canada What a SQL Injection Attack Looks Like In Your Server Logs

I had some spare time to do maintenance to the web sites I own, they were feeling very neglected, I must say.

Part of that maintenance involved looking through logs to determine what was causing a spike in resource utilization, since I have a shared resource plan and get hate mail when the hoster detects sustained usage over the level that I pay for.

At any rate, I discovered an attempted SQL injection attack from an IP in the Ukraine… here is the log entry (with the source IP left unedited):

Doing some research, it looks like this was probably someone using Kali/Metasploit to use a canned attack against a known issue with WordPress Photo Gallery.

For more, see:

Generic propecia online cheap packetstormsecurity.com

securityfocus.com

 

Shame on you, bad guys.  Shame on you.  I did the obligatory “right thing” and reported the abuse to RIPE.  It won’t make any difference, but it felt like doing nothing was a poor response.

LinkedInTwitterDeliciousShare

Going into Debt, One Penny at a Time

According to the 2012 Annual Report of the United States Mint (p. 12), in that year the cost to produce each minted coin was as follows:

One-Cent (1¢) $ 0.0163
Five-Cent (5¢) $ 0.0829
Dime $ 0.0415
Quarter $ 0.0943
Dollar $ 0.1802

Fortunately, every purchase you make of the Millard Fillmore Presidential $1 Coin and First Spouse Medal Set offsets the instant debt created for each penny and nickel created!

Perhaps it’s time to send pennies and nickels out to pasture with half-cents and other outdated denominations.

LinkedInTwitterDeliciousShare

DoD granting network access to Android and Blackberry… !?!?!

Multiple media outlets, including FederalNewsRadio.com and Reuters are reporting today on a DoD announcement that it has granted permission for use of Samsung’s Android Knox and Research in Motion (RIM)’s Blackberry 10 and Playbook tablets.

The sad news is that no one told any IT implementers within the DoD, so essentially nothing has changed (yet).  Use of any IT device is subject to applying the DoDs Security Technical Implementation Guides, or STIGs.  As of this writing, the STIGs needed to actually deploy these devices are not available… so they are “approved” but no regulation-compliant means to put them into service exists at this point.

Additionally, the service components (Departments of the Army, Navy and Air Force) typically need to put their specific “spin” on guidance issued at the DoD department level.  This means that for most of the DoD, nothing has changed for the time being… though the department’s gears seem to be turning in the right direction.

It should be noted that use of Android on DoD networks is not really new.  A STIG for Android 2.2 on Dell devices was released in December of 2011.

LinkedInTwitterDeliciousShare

DARPA Targeting Limited Future Dollars to Cyber

In an interview with FederalNewsRadio.com, the director of the Defense Advanced Research Projects Agency (DARPA) — most famous for the creation of ARPANET (also called DARPANET), which formed the initial core of what we consider to be the Internet — says that the agency is targeting limited future dollars in part to the exploration of expanding Cyber capabilities.

Firstly, it’s worth noting that the DoD has struggled with use of the term Cyber.  The doctrine to back the term’s use up was a long time in coming to some, and in the interim a host of non-doctrinal definitions have developed in that vacuum.  Now that doctrinal terms exist, the DoD has struggled with getting everyone back on “the same sheet” of doctrinal “music.”  This was a significant enough problem to warrant creation of a U.S. Government Accountability Office (GAO) report on the lack of focus.

From a doctrine standpoint, the DoD divides “cyber” computer network operations into three categories:  attack, defense, and exploitation (to include activities that enable that exploitation).

In the interview, Dr. Arati Prabhakar, DARPA director, discusses that even in a fiscally challenging environment in which we find ourselves — some of those limited funds to “cyber” efforts is a priority, using DARPA’s “Plan X” (which is in the “attack” portion of the attack/defense/exploit “three-legged stool” mentioned above) as an example of that prioritization:

“…Plan X, is a program that is specifically working toward building really the technology infrastructure that would allow cyber offense to move from the world we’re in today, where it’s a fine, handcrafted capability that requires exquisite authorities to do anything with it, that when you launch it into the world, you hope that it’s going to do what you think it’s gonna do, but you don’t really know.

We need to move from there to a future where cyber is a capability like other weapons capabilities, meaning that a military operator can design and deploy a cyber effect, know what it’s going to accomplish, do battle damage assessment and measure what it has accomplished, and, with that, build in the graduated authorities that allow an appropriate individual to take an appropriate level of action. That’s the vision.”

Plan X is only one of a number of programs that fit into DARPA’s newly-published operational framework entitled Driving Technological Surprise: DARPA’s Mission in a Changing World.  The new framework… only 16 pages in length… is available at http://www.darpa.mil/WorkArea/DownloadAsset.aspx?id=2147486475.

LinkedInTwitterDeliciousShare

500 Error in WordPress After Plugin Installation

I had a fright after installing a new plugin into WordPress via the normal (inside WordPress) procedure… a ‘500’ error in every part of the web server that WordPress touched.

I did some searching and the fix was easy… log into the web server file structure and delete the offending folder under ../wp-content/plugins/.  The server came back up immediately and wp-admin worked once again.  Naturally, the admin interface noticed that the deleted folder was gone and removed the plugin from the installed plugins list.

Mischief managed!

LinkedInTwitterDeliciousShare

Using PHP and JSON with the Steam Web API

Since I’ve been struggling quite some time with this, I thought I would post this and hopefully speed a frustrated searcher along to their next coding conundrum.

Given the following:

1. A web server that supports PHP, and the dangerous knowledge to use the same.

2. The Steam Web API, and a current and valid API key to query it.

3. A valid Steam Community ID (mine is 76561197979917193 and is used below).

What PHP code can you use to get the Steam Web API to respond with valid JSON and display that on a web page? Note that the example below is sanitized to mask my actual API key. Use the link above and get your own!

Which results in:

TO BE POSTED SOON

Enjoy!

 

LinkedInTwitterDeliciousShare

A Guide to Boy Scouts of America (BSA) Special Awards

This is my obligatory (o-blog-atory?) first blog post.  Rather than write something mundane and predictable, I decided to do something that I’ve wanted to do for some time — yet had no real mechanism to accomplish.  I explain:

In 2009, I was fortunate enough to participate in BSA Wood Badge as part of SR-967 in the Last Frontier Council.  One of my tickets was to write, publish and disseminate a guide to many of the Special Awards available to Boy Scouts and adult Scouters as a part of participation in the program.  I did this because I could find no guide available for purchase from the BSA that provided this information — only snippets here and there in some of the field manuals and publications.

To complicate things, the BSA web site (at that time… again this was 2009) was little help.  Since then, the site has improved a bit as evidenced by the links here, here and here.  Also, they have added a sizable section on Training Awards to the official BSA Guide to Awards and Insignia, Item number 614937.  Remember — this was not available back in 2009.

At any rate, I’ve recently updated the content in the original version of the Guide to Boy Scouts of America (BSA) Special Awards I compiled, and it remains a reasonably good all-in-one reference that pulls information from a variety of sources into a single document.

Get the guide here.

LinkedInTwitterDeliciousShare