http://blog.s6y.org/ notes and hints... en Serendipity 1.2.1 - http://www.s9y.org/ Thu, 06 May 2010 14:06:06 GMT http://blog.s6y.org/templates/default/img/s9y_banner_small.png http://blog.s6y.org/ 100 21 http://blog.s6y.org/index.php?/archives/9-TrumanBox-development-continues-at-SourceForge.html security http://blog.s6y.org/index.php?/archives/9-TrumanBox-development-continues-at-SourceForge.html#comments http://blog.s6y.org/wfwcomment.php?cid=9 0 http://blog.s6y.org/rss.php?version=2.0&type=comments&cid=9 nospam@example.com (christian) After a couple of requests about TrumanBox 0.1.03 which is available at <a href="http://trumanbox.s6y.org" title="TrumanBox">trumanbox.s6y.org</a> I would like to point you to <a href="http://trumanbox.sourceforge.net" title="trumanbox.sourceforge.net">trumanbox.sourceforge.net</a> where you may find the latest development version provided via subversion. It has many new features and many parts of the code have been rewritten/-structured by Lothar Braun who continued development since July 2009. The only reason for keeping the version at trumanbox.s6y.org online is that it was pretty stable, when I submitted it as a result of my thesis work in July 2007. Thu, 06 May 2010 11:50:03 +0200 http://blog.s6y.org/index.php?/archives/9-guid.html http://blog.s6y.org/index.php?/archives/8-RFI-Project.html security http://blog.s6y.org/index.php?/archives/8-RFI-Project.html#comments http://blog.s6y.org/wfwcomment.php?cid=8 1 http://blog.s6y.org/rss.php?version=2.0&type=comments&cid=8 nospam@example.com (christian) As I have mentioned in my <a href="http://blog.s6y.org/index.php?/archives/7-Once-up-on-a-time-I-had-a-closer-look-on-RFI....html" title="previous posting">previous posting</a> I have had a look at RFI attacks some time ago and planned to publish my results. Since those results were quite outdated we decided to alse collect come new data. Here one of my colleagues had a great idea, which he has also published on his <a href="http://zeroq.kulando.de/post/2009/03/10/collecting-rfi-data" title="blog">blog</a>. By proposing certain .htaccess configurations we allow others to easily protect themseleves from being rfi attacked while in the same time increasing our data feeds regarding RFI attacking attempts. By now we have put some more work on this and came up with a simple <a href="http://link.informatik.uni-mannheim.de/rfi" title=""rfi project" page">"rfi project" page</a> where we also present some statistics. If you would like to contribute you can do so <a href="http://link.informatik.uni-mannheim.de/rfi/index.php?site=htaccessgen" title=".htaccess generator">here</a>. If there are any questions don't hesitate to drop us a line... Mon, 06 Apr 2009 14:47:46 +0200 http://blog.s6y.org/index.php?/archives/8-guid.html http://blog.s6y.org/index.php?/archives/7-Once-up-on-a-time-I-had-a-closer-look-on-RFI....html security http://blog.s6y.org/index.php?/archives/7-Once-up-on-a-time-I-had-a-closer-look-on-RFI....html#comments http://blog.s6y.org/wfwcomment.php?cid=7 0 http://blog.s6y.org/rss.php?version=2.0&type=comments&cid=7 nospam@example.com (christian) While enjoying my first coffee this morning I read about one <a href="http://asert.arbornetworks.com/2009/01/quick-rfi-analysis/" title="Quick RFI Analysis">"Quick RFI Analysis"</a> Jose Nazario published on "The Arbor Networks Security Blog". This reminded me of some research I have been doing at the beginning of last year. Remote File Inclusion (RFI) is an attack usually exploiting vulnerabilities within PHP scripts, allowing to include PHP code from another (remote) server. Even though RFI is well known already for a couple of years it still seems to be an issue, particularly since, as Jose writes in his Quick RFI Analysis: "AV is rarely ever invoked". I am going to publish some of my results in this field as soon as I find some time... Thu, 29 Jan 2009 10:43:08 +0100 http://blog.s6y.org/index.php?/archives/7-guid.html http://blog.s6y.org/index.php?/archives/3-TrumanBox-Internet-Emulation.html security http://blog.s6y.org/index.php?/archives/3-TrumanBox-Internet-Emulation.html#comments http://blog.s6y.org/wfwcomment.php?cid=3 0 http://blog.s6y.org/rss.php?version=2.0&type=comments&cid=3 nospam@example.com (christian) Last week I uploaded the result of my thesis - TrumanBox. Even though it is more than one year ago, I still get requests for the source code every now and then. Hence I uploaded a small website providing the source code and the corresponding thesis. Both can be found <a href="http://trumanbox.s6y.org" title="TrumanBox">here</a>. Tue, 02 Sep 2008 07:59:30 +0200 http://blog.s6y.org/index.php?/archives/3-guid.html