Halaman

Minggu, 27 Januari 2013

5 easy tips to accelerate SSL

. Minggu, 27 Januari 2013 .

http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/

(Read More..)

dump windows password from memory WCE v1.3beta 32bit released

.

WCE v1.3beta 32bit released 

 

 http://hexale.blogspot.com/2012/03/wce-v13beta-32bit-released.html

(Read More..)

password storage (and attacking) in PHP

.

http://www.slideshare.net/ircmaxell/password-storage-and-attacking-in-php

(Read More..)

Comfortable PHP Editing With VIM -7-

.

http://schlitt.info/opensource/blog/0739_comfortable_php_editing_with_vim_7.html

(Read More..)

PHP : Application Logic Security

.

https://joind.in/7814

(Read More..)

Rails SecureHeaders

.

The gem will automatically apply several headers that are related to security. This includes:

https://github.com/twitter/secureheaders

(Read More..)

Python Shortcuts for the Python Beginner

.


Python Shortcuts for the Python Beginner

http://maxburstein.com/blog/python-shortcuts-for-the-python-beginner/



(Read More..)

Kamis, 24 Januari 2013

Vaurien, the Chaos TCP Proxy

. Kamis, 24 Januari 2013 .

Vaurien, the Chaos TCP Proxy

Ever heard of the Chaos Monkey?
_images/monkey.png It’s a project at Netflix to enhance the infrastructure tolerance. The Chaos Monkey will randomly shut down some servers or block some network connections, and the system is supposed to survive to these events. It’s a way to verify the high availability and tolerance of the system.
Besides a redundant infrastructure, if you think about reliability at the level of your web applications there are many questions that often remain unanswered:
  • What happens if the MYSQL server is restarted? Are your connectors able to survive this event and continue to work properly afterwards?
  • Is your web application still working in degraded mode when Membase is down?
  • Are you sending back the right 503s when postgresql times out ?
Of course you can – and should – try out all these scenarios on stage while your application is getting a realistic load.
But testing these scenarios while you are building your code is also a good practice, and having automated functional tests for this is preferable.
That’s where Vaurien is useful.
Vaurien is basically a Chaos Monkey for your TCP connections. Vaurien acts as a proxy between your application and any backend.
You can use it in your functional tests or even on a real deployment through the command-line.


http://vaurien.readthedocs.org/en/1.5/

(Read More..)

emmet (ex : zen coding ) cheat sheet

.

http://docs.emmet.io/cheat-sheet/

(Read More..)

JavaScript Quiz Set

.

http://blog.bolshchikov.net/post/40917260776/javascript-quiz-set

JavaScript Quiz Set

JavaScript quiz is the good instrument to distinguish between  JS ninjas, JS developers, and JS experts. Here is a set of JS tests, sorted by difficulty.
Beginner:
http://madebyknight.com/javascript-scope/
Intermediate:
https://github.com/nathansmith/javascript-quiz
http://www.nczonline.net/blog/2010/02/16/my-javascript-quiz/
Expert:
http://dmitrysoshnikov.com/ecmascript/the-quiz/
http://perfectionkills.com/javascript-quiz/

(Read More..)

Android Candy: WiFi Analyzer

.

Android Candy: WiFi Analyzer

http://www.linuxjournal.com/content/android-candy-wifi-analyzer

(Read More..)

nginx TLS SNI support enabled

.

http://nginx.org/en/docs/http/configuring_https_servers.html#sni

(Read More..)

Understand the Favicon

.

http://www.jonathantneal.com/blog/understand-the-favicon/

(Read More..)

ngx_pagespeed

.

http://ngxpagespeed.com/ngx_pagespeed_example/

(Read More..)

metasm : The METASM assembly manipulation suite

.

http://code.google.com/p/metasm/

(Read More..)

Hiding files in GIF comments

.

http://www.floyd.ch/?p=616

(Read More..)

Automated generation of code alignment code for Unicode buffer overflow exploitation

.

http://www.floyd.ch/?p=629

(Read More..)

Sabtu, 19 Januari 2013

The #Tor Guide for Hidden Services And Staying #Anonymous

. Sabtu, 19 Januari 2013 .

http://57un.wordpress.com/2012/10/09/the-tor-guide-for-hidden-services-and-staying-anonymous/

(Read More..)

Baking Pi - Operating Systems Development

.

http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/os/

(Read More..)

Bran's Kernel Development

.

http://www.osdever.net/bkerndev/Docs/title.htm

(Read More..)

MySQL security tasks easily solved with common_schema

.

http://code.openark.org/blog/mysql/mysql-security-tasks-easily-solved-with-common_schema

(Read More..)

Navigator: Geographic calculation library for PHP

.

http://simonholywell.com/post/2013/01/navigator-geographic-calculations-library-for-php.html

(Read More..)

ngrep kill connections

.


ngrep -qK 1 -t 'GET ' 'dst host 75.126.153.206 and dst port 80' #Kill GET connections requests by sending 1 RST segment pic.twitter.com/0iMVdlOI

(Read More..)

PSR-Huh?

.

http://net.tutsplus.com/tutorials/php/psr-huh/

(Read More..)

PaaS under the hood, episode 5: Distributed routing with Hipache

.

http://blog.dotcloud.com/under-the-hood-dotcloud-http-routing-layer

http://blog.dotcloud.com/tag/underthehood

https://github.com/nodejitsu/node-http-proxy

https://github.com/dotcloud/hipache

https://github.com/samalba/hipache-hchecker

http://code.google.com/p/cirruxcache/

https://github.com/samalba/hipache-nginx

http://zerorpc.dotcloud.com/

(Read More..)

Javascript Source Maps 101 :

.

http://net.tutsplus.com/tutorials/tools-and-tips/source-maps-101/

(Read More..)

Python Scripts as a Replacement for Bash Utility Scripts

.

http://www.linuxjournal.com/content/python-scripts-replacement-bash-utility-scripts

(Read More..)

SQUASH : bug smashing tool

.

http://squash.io/

(Read More..)

Heap Layout Visualization with mona.py and WinDBG

.

https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/

(Read More..)

Minggu, 13 Januari 2013

Abusing MySQL string arithmetic for tiny SQL injections

. Minggu, 13 Januari 2013 .

http://blog.kotowicz.net/2013/01/abusing-mysql-string-arithmetic-for.html

(Read More..)

Retrieving List of MySQL Users and Grants with Perl

.

http://scriptingmysql.wordpress.com/2013/01/10/retrieving-list-of-mysql-users-and-grants-with-perl/

(Read More..)

B+Tree index structures in InnoDB

.

http://blog.jcole.us/2013/01/10/btree-index-structures-in-innodb/

(Read More..)

The physical structure of records in InnoDB

.

http://blog.jcole.us/2013/01/10/the-physical-structure-of-records-in-innodb/

(Read More..)

On learning InnoDB: A journey to the core

.

http://blog.jcole.us/2013/01/02/on-learning-innodb-a-journey-to-the-core/

(Read More..)

Sabtu, 12 Januari 2013

Solution for: MySQL 5.6 password expired, PHP can’t connect, application stops

. Sabtu, 12 Januari 2013 .


Solution for: MySQL 5.6 password expired, PHP can’t connect, application stops

 http://blog.ulf-wendel.de/2013/solution-mysql-5-6-password-expired-php-cant-connect

 

(Read More..)

The Facebook Loading Animation in CSS

.

http://css-tricks.com/the-facebook-loading-animation-in-css/

(Read More..)

Airbnb JavaScript Style Guide() {

.

https://github.com/airbnb/javascript

(Read More..)

75 Free Buttons For Online Payment Service Providers

.

75 Free Buttons For Online Payment Service Providers

 

 http://pepsized.com/75-free-buttons-for-online-payment-service-providers/

(Read More..)

Wilson is a pure ruby x86 assembler. No, really. Worst Idea Evar.

.

https://github.com/seattlerb/wilson

(Read More..)

My eighteen MySQL 5.6 favorite troubleshooting improvements

.

https://blogs.oracle.com/svetasmirnova/entry/my_18_mysql_5_6

(Read More..)

chrome developer : DOCK to Right

.

https://github.com/mauricelam/DockToRight



dev tools vertical
https://github.com/melat0nin/chrome-devtools-vertical

(Read More..)

A quick introduction to innodb_ruby

.

http://blog.jcole.us/2013/01/03/a-quick-introduction-to-innodb-ruby/

(Read More..)

Percona Toolkit by example – pt-stalk

.

http://www.mysqlperformanceblog.com/2013/01/03/percona-toolkit-by-example-pt-stalk/

(Read More..)

The basics of InnoDB space file layout

.

http://blog.jcole.us/2013/01/03/the-basics-of-innodb-space-file-layout/

(Read More..)

More on global transaction ID in MariaDB

.

http://kristiannielsen.livejournal.com/17008.html

(Read More..)

PHP Session ID’s – The Risks

.

http://news.thehackernews.com/4391

(Read More..)

Selasa, 01 Januari 2013

Nokogiri

. Selasa, 01 Januari 2013 .

An HTML, XML, SAX, & Reader parser with the ability to search documents via XPath or CSS3 selectors… and much more

 

 

http://nokogiri.org/

(Read More..)

architecture-of-messagepack

.

http://www.slideshare.net/frsyuki/architecture-of-messagepack

(Read More..)

MessagePack : It's like JSON. but fast and small.

.

MessagePack is an efficient binary serialization format. It lets you exchange data among multiple languages like JSON but it's faster and smaller. For example, small integers (like flags or error code) are encoded into a single byte, and typical short strings only require an extra byte in addition to the strings themselves.
If you ever wished to use JSON for convenience (storing an image with metadata) but could not for technical reasons (encoding, size, speed...), MessagePack is a perfect replacement.

http://msgpack.org/

(Read More..)

List of All Countries in All Languages and All Data Formats

.

http://dev.umpirsky.com/list-of-all-countries-in-all-languages-and-all-data-formats/

(Read More..)

Python For Beginners

.

http://www.pythonforbeginners.com/

(Read More..)

proper PHP session setup

.

    <?
    /* In a nutshell, this is a quick way to ensure your sessions are difficult to attack. There may be
     * ways to improve this configuration but it's a good starting point, I feel.
     *
     * Code released in accordance with the ZAP > http://tlwsd.info/LICENSE.txt
     *
     * Requirements: HTTPS (get a free cert from StartSSL.com if you have no money :P)
     * A well-configured webserver (see: Calomel.org)
     * Access to server config is a bonus because you can just change php.ini and not have to make a bunch of runtime calls to ini_set() thus boosting performance
     */
    ini_set('session.cookie_httponly', true);
      # Above: Tells the user's browser to not expose session cookie contents to Javascript
    ini_set('session.cookie_secure', true);
      # Above: Tells the user's browser to not expose session cookie contents to unencrypted HTTP
    ini_set('session.entropy_file', '/dev/urandom'); // On BSD systems, you may wish to use use /dev/arandom
    ini_set('session.entropy_length', '32');
    ini_set('session.hash_function', 'sha256');
    ini_set('session.hash_bits_per_character', '6');
     # Above: Use strong pseudorandom data in the session IDs to prevent session fixation
    ini_set('session.use_trans_sid', false);
    session_start();
      // All configuration must be set before session_start();
    ?>

(Read More..)

Face Down

.

Description

Face Down | is a Facebook Cookie / Session Hijack Bash (sh) script that depends on two well know sniffers (Ettercap) and (TShark) "the Terminal based version of (Wireshark)" ,the basic job that it does is that it sniff the cookies all over the (HTTP) protocol all over the network.
This script was made as a POF (proof of concept) script for school project.
KEEP IN MIND THAT:
This tool/script is meant only for educational purposes on user's own computer/network or computers/networks the user has permission of owner thereof to use the tool/script on. The creator assumes no responsibility for any damage caused from misuse of the software.

Special Thanks to the web developers:
Mahran Omairy & Ibraheem Abu-kaff


This script was written by:
Noras Salman & Ali Shatrieh

(Read More..)

SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability

.

http://resources.infosecinstitute.com/slaac-attack/

(Read More..)

PHP Session ID’s – The Risks - proper SESSION SETUP

.

http://news.thehackernews.com/4391

(Read More..)
.

http://philsturgeon.co.uk/blog/2012/12/why-do-some-php-devs-love-static

(Read More..)

Jingle BOFs, Jingle ROPs, Sploiting all the things… with Mona v2 !!

.

https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/

(Read More..)
 
{nama-blog-anda} is proudly powered by Blogger.com | Template by Agus Ramadhani | o-om.com