Programmer Competency Matrix
Here's a fun page I came across for gauging the skill level of a programmer: Programmer Competency Matrix
Feels good to be a strong Level 3 in systems programming, algorithms and data structures. Where do you stand?
Here's a fun page I came across for gauging the skill level of a programmer: Programmer Competency Matrix
Feels good to be a strong Level 3 in systems programming, algorithms and data structures. Where do you stand?
socat is a greatly versatile networking tool, though the man page is ridiculous and it's hard to find an example of exactly what you want to do if you search since socat can do so many things, usually the results you get are close but not really what you want.
Something I need to do often is either intercept SSL connections and be able to analyze them on a packet level, or provide SSL capabilities to a program that doesn't support the ability to communicate over SSL / encrypted streams. Here is the socat command to be able to do that:
socat TCP-LISTEN:LPORT,fork openssl:IP:PORT,verify=0
This binds a listening socket to local port LPORT, and tunnels that request through to IP:PORT over an SSL connection. So if this was to proxy an HTTPS request, you would connect to 127.0.0.1:80 and it would be redirected to domain.com:443 with SSL by socat, but the traffic from the browser to socat would still be in plaintext for you to analyze. You would need to set a custom Host: directive to make sure it all works.
This is also useful if, say, you have written some IRC bot without SSL support, but you want it to be able to connect securely without having to add in that support yourself, and you're not using a language where you can just import ssl, just run the command above with IP/PORT as the IP of IRC server on the SSL PORT, and connect your bot to localhost:LPORT and it will connect securely to the IRC. You would probably want to actually verify the certificate in this case.
Release by US-CERT. Another protocol downgrade attack. Similar to the OpenSSH downgrade attack from years ago. Of course, OpenSSL is the culprit again, as was with Heartbleed. What's the point of providing broken security for "legacy" reasons? It's broken.
Link with details of the issue: https://www.us-cert.gov/ncas/alerts/TA14-290A
Yet another exploit for one of the "everything and the kitchen sink" CMS. It really goes to show how wonderful dynamically typed languages are for security, especially PHP which is basically stochastically typed.
Another thing which has no effect on me, since I wrote this from scratch and I'm not stupid enough to construct objects directly from user input and pass them into an SQL generation function that sets the column names.
The best part is the description of what the exploit targets from Drupal's official site:
"Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks."
How's that working out for you? Prepared queries, careful programming and flattening objects before passing them directly into the field list would have prevented all of this.
Details of the issue here: https://www.drupal.org/SA-CORE-2014-005
Not affected because of suhosin + nginx + OpenBSD, chroot, extremely restrictive firewall and /dev/null as shell for nginx/php-fpm/pgsql user. Go layered security.
This whole thing seems blown out of proportion. If you're vulnerable to this you've been vulnerable to many other things for a while. This is simply easier as a mass-scan-and-exploit approach.