WordPress Warnings

Posted by & filed under PHP, Programming, Web Development.

I recently updated some webservers to use PHP 5.4 from 5.3. For a few WordPress sites, this caused it to begin spitting out Warning messages on the website. The warning messages in some cases caused other issues because response headers were already written due to the error, etc.

While the real solution here is to refactor the code to not use deprecated functions, a simple quick and dirty workaround is to add the following directive to the wp-config.php file:

Survive the Deep End: PHP Security

Posted by & filed under PHP, Programming, Security.

As every target of a serious security breach will quickly note in their press releases and websites: Security is very important to them and take it very seriously. Taking this sentiment to heart before you learn it the hard way is recommended. Survive the Deep End: PHP security covers most of the major concepts that should be considered when writing secure PHP web applications.

Despite this, security is also very much an afterthought. Concerns such as having a working application which meets the needs of users within an acceptable budget and timeframe often take precedence over security concerns. It’s an understandable set of priorities, however we can’t ignore security forever and it’s often far better to keep it upfront in your mind when building applications so that we can include security defenses during development while change is cheap.

The afterthought nature of security is largely a product of programmer culture. Some programmers will start to sweat at the very idea of a security vulnerability while others can quite literally argue the definition of a security vulnerability to the point where they can confidently state it is not a security vulnerability. In between may be programmers who do a lot of shoulder shrugging since nothing has gone completely sideways on them before. It’s a weird world out there

phpsecurity.readthedocs.org/en/latest/in…

oclHashCat

Posted by & filed under Numbers, Programming, Security.

I was doing some webapp security audits and needed to use hashcat to attack a few hashes. Definitely a must have when dealing with hashes of any kind.

  • Worlds fastest password cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 15 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses dictionary based attacks
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 80+ Algorithms implemented with performance in mind
oclhashcat

Excel: Joining worksheet columns with vlookup()

Posted by & filed under Code Snippets, Programming.

Excel fun time! Today I had a rather large worksheet that had a column with a unique identifier. I had another worksheet with a matching column of UID’s and a second column that I wanted to “join” to the first worksheet. vlookup() is the function for the job.

  •  Parameter 1 is the column on the first workbook that contains the UID to match to the UID in the second worksheet. The UID for the second (source) worksheet has to be in the first column. The $ freezes the column reference and is needed.
  • Parameter 2 is a Named range from the second workbook. Highlight the UID and the column you want to merge and name the range.
  • Parameter 3 is the column position in the second workbook that should be merged in based on the UID match.
  • Parameter 4 dictates whether exact matches or similar matches should be applied.

That’s it. Drag the formula down the column to finish the join.