Server Move

I wanted to install Gallery so that I can easily share some of the “art” that I shoot :). The server I was on did not have some settings (it has php – safe_mode on) that stopped me from installing Gallery. The good people at 3-95.com , where I host this site, offered to move me to a new server that would allow me to install Gallery. So here we are on a brand new server. I will be posting some new pictures soon.

MySQL – Setting up initial privileges

Ever install MySQL and wondered what to do next? Well, the first thing is to secure the root user (Note: The MySQL root user is different from the OS root user). These three simple steps should deal with it.

shell> mysql -u root mysql
mysql> SET PASSWORD FOR [email protected]=PASSWORD(‘new_password’);
mysql> FLUSH PRIVILEGES;

MySQL has really good documentation on their website. It is can be accessed here.

IE Bug – Pretty Scary

During my daily visit to Richard Bejtlich’ blog, I came information about this flaw in IE which can be exploited to make people believe that they are viewing/visting one site (URL) when in fact they are located on another website. To quote from the “Zap The Dingbat” (who actually discovered the bug)


Vulnerability
There is a flaw in the way that Internet Explorer displays URLs in the address bar.
By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.Exploit
By opening a window using the http://[email protected] nomenclature an attacker can hide the real location of the page by including a non printing character (%01) before the “@”.
Internet Explorer doesn’t display the rest of the URL making the page appear to be at a different domain.


For example, if you click on this button, you will see the URL http://www.microsoft.com in the address bar if you are using IE. But the full address of the URL is http://www.microsoft.com%[email protected]/security/ex01/vun2.htm.

Pretty scary eh.. Just imagine how much this can be abused. People can be tricked into entering their credit card information, usernames/passwords etc.. by mimicking valid sites. And as if though this is not bad enough, Micro$oft hasn’t even released a patch for this yet. So for now, either you type in all addresses manually in the address bar or use trusted saved bookmarks. I would recommend scrapping IE and to start using Mozilla Firebird as your default browser. It is fast, small, adheres to standards and is FREE [as in beer].

The Tao Of Security

I came across this blog by Richard Bejtlich while I was researching for security related sites. Richard is a principal consultant at Foundstone and his knowledge and methodology just amazes me. I visit this site everyday if not more :). I hope to add more bits about technology as I come across interesting things.

New blogging software!

In the spirit of New Year, I decided to try a new blogging software . Apparently the one I used before is not being actively developed anymore. And WordPress is the continuation of the older B2 project. The interface looks a lot cleaner and it has a lot more features in the background. Only problem was that I couldn’t figure out how to import all my old posts. I did make a backup of the old database. Will try to see if I can manually import them. Isn’t life wonderful 🙂 .

WikiPedia

Isn’t technology great :). For those in search of a free Encyclopedia, look no further. “WikipediA” is a web based collaborative effort to create a free content encyclopedia. Take a look and if you can, contribute 🙂 to the project and give back to the world.