Text

smarter mail enterprise is pretty dumb.

Just spoofed my boss’s email address while emailing myself from basically one line of php on my own domain. This didn’t work when i tried emailing my yahoo address using another yahoo address and i wasn’t even going to attempt it but of course now I’m glad i did. A little look into the raw content though obviously shows the domain the email traveled from but how many times do you check that when you get a email from your_boss@yourcompany.com , most likely never. So my work uses smarter mail enterprise 11.7 which is in clear text on the login screen as well. A simple smarter mail search on yahoo turns up a ton of other subdomains on their sites using this mail client. Branding your software is a good thing but shouldn’t you take into account when a security bug is found how easy it is to find all the sites that use it? probably. For those of you who don’t know php all you have to do to send mail from php is basically

mail(“the send to email here”,”the subject here”,”the message here”, “From: ” . “and whatever from email you want here”);

simple & very useful but the email receiving side should check some of this integrity. Now since I’m on domain.com hosting do you think i could send a admin@domain.com email to someone there for some password phishing? I hope not. Either way emails this way get sent and are sent all the time across the wires its just the receivers job to check integrity. Now I’m going to go email my works billing department and make sure i get a raise, cheers!

Text

Vagrant and monetizing open source

I’ve noticed a theme lately with open source back ends.

It use to be the average joe looking for some pre made php awesomeness could upload a unzipped folder, run some install php that will go through some steps and most likely even setup the MySQL database scheme for the user.

Now I’ve noticed heavy use of vagrant with uncommon ports, uncommon database environments and dependencies that would make it hell for the average joe to get a package up and running on his basic server using common CPanel web hosting. At first i thought this was a coincidence and these devs just want to use a great product like vagrant to keep their dev OS standard, then i noticed how many people were disgruntled with hours and days of trying to transfer this stuff to their servers.

These open source devs aren’t stupid and some of them are running million dollar companies based off this now with tech support and hosting users backend all while bragging that they are open source. I like vagrant but some code out their could have been made more portable. Perhaps ill just start writing my open source ios apps in assembly.

Text

I wish everyone was blind so we didn’t need a GUI

How come adobe fireworks doesn’t use the adobe fireworks hotkeys? are there hotkeys? this is one of the 1000 implementation questions i had while switching between the two to create a layout for website…oh yeah and..

WINDOWS WHAT HAVE YOU DONE?!?!

it’s like a UI murder scene in that OS. 

Detective: Mam what happened?

Distraught lady: well i just ..i..i turned on the computer..

Detective: go on…its ok.

Distraught lady: I turned it on and this..this THING showed up.

Detective: You’re safe now..just step back and pick a mac or linux flavor.

Distraught lady: what’s going to happen to it?

Detective: I don’t know we thought bill gates would have said april fools by now..

Text

Heartbleed ssl vulnerability

topic of the week of course…and then I see this ridiculously titled article and had to read it http://www.theverge.com/2014/4/11/5604300/heartbleed-may-not-leak-private-ssl-keys-after-all

Or skip the read for this gem inside…

"Robert David Graham of Errata Security had come to a similar conclusion earlier this week, writing a post titled, “Why Heartbleed Doesn’t Leak the Private Key,” but he publicly retracted the claim after facing disagreement from the security community.”

from there the next line goes on to say “To prove it, CloudFlare has set up an intentionally vulnerable page and challenged hackers to use Heartbleed to pull the site’s private key” 

Funny part is by the time I read this article the sites private key was already retrieved by 2 people/sources, well done. Challenge is still on maybe if i have some time tomorrow ill grab it for myself as well. Here’s the link https://www.cloudflarechallenge.com/heartbleed

Photo
Went for the i5 came home with the i7, well played best buy…

Went for the i5 came home with the i7, well played best buy…

Tags: mac mini
Photo
I’m keeping an eye on you ARC. I know they say you’re “smart” but I still need proof you’re not gobbling up memory back there. Just say no to hoarding….views.

I’m keeping an eye on you ARC. I know they say you’re “smart” but I still need proof you’re not gobbling up memory back there. Just say no to hoarding….views.

Photo
About the only thing i use my iPhone for consistently over the years is the social chess app which dominates the “chess with friends” app. The photo was a game that just ended and I was rather happy with it since I had just lost a game to this guy ranked higher than me.
I “white pieces” was pretty on point letting his attacks position me right where I wanted to be. My king was on the bottom row and I had pawns on/by the H file until he sent a white space bishop to gobble them up and check my king. I took his bishop freeing up the horizontal for my queen, then he moved his rook beside my white bishop. From there I moved my queen “check” and let him know the game was over. I just know my brain is cranking on all cylinders today.
Back to listening to some 8tracks.com mixes, coding and an occasional move on our tie breaker.

About the only thing i use my iPhone for consistently over the years is the social chess app which dominates the “chess with friends” app. The photo was a game that just ended and I was rather happy with it since I had just lost a game to this guy ranked higher than me.

I “white pieces” was pretty on point letting his attacks position me right where I wanted to be. My king was on the bottom row and I had pawns on/by the H file until he sent a white space bishop to gobble them up and check my king. I took his bishop freeing up the horizontal for my queen, then he moved his rook beside my white bishop. From there I moved my queen “check” and let him know the game was over. I just know my brain is cranking on all cylinders today.

Back to listening to some 8tracks.com mixes, coding and an occasional move on our tie breaker.

Text

bududs asked: hi, can you make it possible to search a single track? then maybe show the playlists it is included.

8tracks:

Thanks for the suggestion! But where would the surprise of hearing a song be? Regardless I’ll share your suggestion with the team :) 

I’d use it. it was one of my initial 8tracks impulses to use a track to narrow down my mood and discover more music based off that and what users associated it with in their mixes.

Text

Web Console, one of those awesome scary things.

http://www.web-console.org/about/

What’s a awesome scary thing? Javascript is a nice example. It’s something useful and powerful but sits on that line of creator and user haven’t met yet but sure here’s the keys to my car and house…i have to trust you to meet you.

Web console isn’t anything new it’s just something I’m using right now on my host’s web server. Now if I was the host I would be cautious but there is no way to when you allow cgi/scripting these days the only way to protect yourself is to only allow html/text with no uploads “good luck getting clients with that..”.

There are thousands of reasons to use a web style command prompt if you have a limited web host like i do that’s pretty behind the times but also dirt cheap. This console is pretty loaded with most of the commands and abilities you’ll need and as i was testing it out i went back a few directories further then i should be able to then tried a “ls” command and received a nice permission denied as expected. Until i went all the way back to the root folder…i was allowed to list all files and directories…weird. Kind of curious now how this sandbox or ‘lack there of’ works…

from my folders i am basically root and can execute just about any script…if the latest iphone filesystem can be jailbroken as fast as it is reverse engineering bsd’s launch daemon im really second guessing using this dirt cheap yet well known host… 

I wonder if a email would get me permission to attempt beyond permission denied access. I have work to do how’d I get this side tracked…

Photo
So close #mondaynighthackathon sponsored by blue moon

So close #mondaynighthackathon sponsored by blue moon