Bad Pratice With Web Site Registration Emails

To vent a little bit about security, I come to you now. DO NOT send passwords in emails.

Emails are either plain text or HTML/CSS. Even with an encrypted path to the receiving person, it can still be tampered with. Also as a website owner you should never be able to look in your database and see anyone’s password anyways(hash that, salt that)… So why would you send it to them in an email, specifically when they register?

It is a fact that this is bad practice. Therefore any websites created as of 10/10/2014 and later.. heck like 10/10/2008 and later, I will not be using if such logic is overlooked.

Thank you for your time.

TOTD: Fix A WordPress Site URL From The Database

Here is the script I used today, to fix the site URL from my WordPress installation when I accidently messed it up today.

 

Hack This Site Thought Process Part 2

Last time I left off with basic mission 7. By now, I hope you’ve learned some important skills in critical thinking. Lets go ahead and review what is in our “toolbox”. First off we now understand a bit about what HTTP means and what it allows us to do. Second you now realize the importance of mathematics in algorithms. Last but not least, you have a little bit of knowledge on UNIX commands. Lets pack all that up and move on.

Basic Level 8:

Time has passed and Sam’s daughter has be introduced. Make sure you’ve read the entire challenge from top to bottom. After doing so, go ahead and enter in your name and press the submit button. In fact do it a few times till you understand what is happening.

Quick Lesson

For this tutorial you need to know what an SSI is and what it does. SSI stands for Server Side Includes. The concept behind it is to allow a developer or designer the ability to make an .shtml file which is close to an .html file except it is first scanned by the server to include any information that the owner needs to be generated on the fly. Kind of a middle ground between server side pages, and an HTML content page.

So why does this matter? Well, SSI seems to have a very interesting way to overcome it’s ways… Perhaps this is where you sound do some searching on the internet. Think about it though, you have a form and submit button. There must be something you can type into there to get the desired result of the obscured file.

Maybe now, you can pull something out of that toolbox and complete the task!

Basic Level 9:

Use the form on basic 8 to get the information from the /9/ directory.. This might take you two or three times. Just don’t give up. The key to success is right in front of you.

Basic Level 10:

This level isn’t all that difficult, however you do need to know a bit about food first. This exercise will challenge not only your self but your browser as well. Start by finding someone that is a food item that tastes really good… Then make sure you find the one that is from hackthissite.org. Once you find what you are looking for change the “no” to “yes”. You might require an browser add-on to complete this task.

Basic Level 11:

I’ll leave this one up to you for now ;)

And that completes this look into my brain when critical thinking around the basic security challenges on hackthissite.org. Hope you have enjoyed and learned something along the way. If you have any more questions, feel free to post them in the comments below. 

Hack This Site Thought Process.

First off this isn’t going to be a blog post on the answers to the hackthissite.org basic missions. This is just going to be my thought process on some of the missions I feel needed to be covered.

I am only doing this to help others learn to think more out of the box.

Basic Level 5:

You will notice that you can no longer make a form that resides locally on your machine. Instead you need to think of a new way to “inject” your form into their page. For when you do not do this you result in a “Invalid Referer” (which is spelled wrong) error. This comes from the fact that the server is now trying to protect it’s self. It is checking to see what domain the form POST request is coming from. My hint to you is that you use something(possibly a browser add-on or built in utility) that allows you to modify the HTML it’s self in the browser before submitting the request… There is also another option as well you could choose.. Such as tampering the data of the request as it is submitted via it’s respective HTTP protocol.

Basic Level 6:

Encryption is an interesting thing. By now I suspect you’ve tried submitting things such as “abcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()” and this my good reader is a good start, just not the road you need to take. Instead think of what each character on a machine is made of and the type that it is… BAM, now you are thinking correctly. ASCII… But what to do with it? Google or Bing good boy.. Find a chart.. examine each letter of the given encrypted password. See if you can see any resemblance between them and any random input you type into the encrypting form.

Basic Level 7:

Make sure you read the description very carefully. The thing that should pop out to you is the “UNIX cal command”. This text is important.. I suggest you google or bing an Unix command if you are not yet familiar with them. Then look into what the cal command can do. You might play around with this for a bit. Then remember that the password is stored in an obscurely named file. How do you find that file? You need to look in the very directory that the cal command is being called in. So how can you inject a new command RIGHT AFTER the cal command is called… hum…

 

Alright, that is enough insight for one day… Have a good rest of 2013! And peace to all.

Which Video Site Should I Choose?

Over the past few years I have solely relied on YouTube as my main source of hosting for the videos I have wanted to place online. However, after coming home for winter break I have realized that maybe YouTube isn’t the right choice. Now I am not sure if I am going to personally switch sites right yet. But I am going to take a tour and try out other sites and post my thoughts about them. Check back for videos from each site, and if you have a suggestion feel free to submit your idea in the comments section below.

How to: Secure your Wireless Router

First off you should know why you’d want to do this. The reasons simple. It’s so war drivers and your neighbors can’t go online at your house, search child pornography and then when the cops show up to your house, you say “oh it wasn’t me”.. cause with it secured, they couldn’t of used your internet anyways. So lets get started with the security.

  1. Begin with clicking Start>All Programs>Accessories then select the program named “Command prompt”. (If you have Win. Vista or higher just press start and type in “cmd” then press enter.”
  2. Now you need to find what your routers IP Address is by typing “ipconfig” into the command prompt. Look for the “Wireless LAN adapter…” with all the information after it(Figure A).
    Now look for your routers “Default Gateway”, this is the number that represents your router on your LAN(local area network).

    image

  3. Open your favorite web browser and enter the “Default Gateway”(Figure B) into the URL box and press enter. Now you should see an alert box that is asking for a password and username. Enter the information in(if you can not find it try “admin” as the username and password or contact the company of your wireless router.

    image

  4. Once the webpage and pulled up, select the “Wireless” tab. And press the “Wireless Security” Node underneath that.

    image

  5. Now change the “Security Mode” to WPA Personal(or to your preferred setting). Change the “WPA Algorithms” to your preferred setting, I choose TKIP usually. Set your shared key, and leave the group key renewal alone. Press the “Save Settings” button and there you have it! Security!

    image

  6. Last but not least is you need to be able to find your wireless router when at your desk so make sure to have a simple but catchy word that describes you or your family and go back into the “Basic Wireless Settings” node, Select your “Wireless Network Mode” to Mixed. Change your “Wireless Network Name(SSID)” to the name you want to show up to all the neighbors and snoops; press the save button and BAM! You can now connect to your router securely.

    image

Enjoy!

Virtual box! SHUT UP!

Virtual box is a program that allows you to run a second + operating system inside of your host computers OS via emulation software and hyper hardware. I am always getting the question of how do I install … on my computer using virtual box. Well thanks to this site, I won’t have to be guiding people through the entire installation process anymore. The site it’s self allows downloading of VDI files which are the hard drive files that VB runs off of. It’s a really new concept for a site so I suggest go check it out!

Ad’s are OK on some Websites

Ad’s are annoying at heck, and I admit I’ve had them on my site before, however not past a certain point. The point of being over whelmed with ads is a very simple and yet wide observation. Here is a list of things to know if your a web developer or any software owner at all.

When are ad’s OK on your website, and when are they not?

  • Ad’s are never OK with any user, so don’t use to many of them. The amount of ads on your website should be an appropriate number such as 3 or 4, no more!
  • Ad’s should never and I mean NEVER slow down a users computer. A good example of poor use of ad’s on a website would be the famous Chris Pirillo’s website. It’s full of clunky and horrible ad’s that not only are annoying but are also placed where you can’t even tell if it’s part of the content or not. This is a horrible way to trick users into thinking your actually providing them with usable content.
  • Pop-ups, this is a widely debated type of ad. When a user loads a webpage or clicks a link to a site, a pop-up launches which is a webpage that sits in the background of your computer or in front of all the users WebPages they may have launched. I suggest you not use pop-ups because that’s just  another reason for a user to not use your site ever again. I’ve seen several friends and family that are just like forget this site, it’s so slow when the reason for the speed of their computer is because the site is trying to open an unwanted pop-ups.

I need ad’s on my website, it’s my only want of income. Where should I place ad’s on my site and how can I use them correctly?

Well first let me tell you there is no correct way to place ad’s on any website but if you must here are some Tips:

  • If the ad’s slow up the users computer then consider those users to of not even seen any of the content of your website before they shut their browser down. Flash and Silverlight ad’s use 3rd party plug-ins to view their content, try avoiding these kind’s of ads. If you must have animation in your ad try just making a simple GIF animation. You can make them using unfreeze GIF animator or even in Adobe Flash.
  • Don’t have to many ad’s on the face of your website. This is a no-no! Your user is more likely going to click an ad if there aren’t many to click and if your site has good content, mainly because they want your site to stay online for them to use again and again.
  • Misplaced ad’s are the worst, most people who misplace ad’s on WebPages or in applications are the people that use to many ad’s on their site in the first place. Please don’t be one of these people. If users and your mother can’t tell the difference between content on the web and the ad’s on your site then you defiantly need to place them in different spots. The sidebar is a nice place to put ad’s but put it at the bottom of everything else and don’t put more than one simple ad there. Maybe a square, but if a skyscraper ad is wanted then do so, just make sure the content is on top.
  • Site headers is a natural place to put ad’s. However putting more than one can start to get tricky. Try only having about one ad at the top of your page, and one at the very bottom of your page.
  • Blogs like to have ads between every post, and this is good because it keeps the blogger blogging and people like us getting useful and good information, however a good way to put ad’s in a blog would be to have one in the header and footer of your pages like I mentioned before but don’t put an ad between each post on your home page. Make the user click the blogs title or link to get to the page where they can only see that one single blog post, then have an ad under the post but on top of the comments.

Anyways, that’s just my opinion on ad’s floating around on the internet so tell me what you like and dislike with ads by leaving a comment below!

How to enable IIS 7 to Allow Downloading of .DMG files through the Web Browser

Today in the world of PC’s and MAC’s we must make some of our files and compressed folders are compatible with both, or maybe even have a separate download for each type of hardware/software. Today I’m going to guide you through a simple process of making IIS 7+ able to send files across http:// access for download at the users end.

Now this is a simple process and there isn’t much work to do so don’t get down if you can’t figure it out the first time.

  1. First off go ahead and open your IIS 7 manager from the administrative tools folder, located in your control panel.
  2. Next is to go into the tree of nodes in the left hand sidebar. Go down till you get to your websites application folder. Make sure this is the website you have the .DMG files located in.(You only need to go to the root of the site for this to work. Going to the sub-folder isn’t required.)
  3. Now once you’ve single clicked on your websites root folder in the nodes, select “MIME Types” from the icons in the middle stage.
  4. Now click the “Add…” button on your right hand side and add the text exactly as below.
  5. You’re done! Go head to that http:// address that you have and now the file will download from the IIS 7 web server correctly!

Enjoy!