Most coders don't sanitize code coming from a trusted source. They sanitize input from users, but something like a SQL injection is generally an effect of improper user-san anyway.
Imagine you have a script that just includes a user's profile data (user.php) from a flat file (stupid i know but its an example), by entering in a remote file to a field, it might be sanitized, however in a sql injection you could over right "user.php" with http://www.evilsite.com/evilscript.php
Myspace ran into this issue when they launched their mobile service. The mobile service wasn't properly stripping out javascript and the main site didn't sanitize already input data, under the assumption that sanitization had already happened. As a result, you could enter javascript into the mobile client and it would be executed on any web browser.
Yah from that comment it would seem correct however you have to TRY to open up mysql to outside connections. I just find it dumbfounding that anyone would.
Are you (or he, i haven't read his comment) trying to say that mysql was accessible from the outside to arbitrary connections directly? I find that pretty hard to believe.
Uh...no. The article states they just used SQL injection to insert an include to a remote php file (the idiots apparently hadnt disabled remote file includes). The included file was basically a dashboard that did directory listings and file transfers. I did a contract cleaning up a similar mess (URL-RFI Injection). The hardest part about the entire hack was probably finding the SQL injection point.
"Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux."
The vast majority of webserver hacks have nothing to do with the OS. The most common attacks are remote file include, cross site scripting, and sql injection, all of which are platform independent.
2 million people showed up. Someone has to pay for porta potties, police, private security, all the big screen tv's so people a mile back on the mall could see.
It's not like the inauguration was handing out cigars and caviar.
uh...HPV is NOT herpes. Herpes simplex virus versus Human PapillomaVirus. HSV doesnt even cause the same symptoms. And hpv generally goes away on its own after a couple years
It's possible that it only seems to run in families because families tend to share drinks or other objects. There could also be a hereditary gene that increases susceptibility to this particular disease but that it requires the herpes virus to trigger it
and when you look up the vaporization temp of a substance that is the MINIMUM temperature that the substance will vaporize. PERIOD. EVEN ONE ATOM.
If a single atom is heated/pressurized to vapor point then yes, you will have trace amount aerosoled.
ok apparently slashdot hates the less than sign, it cut off half that post. Anyway, lead melts at 600 degrees and doesn't vaporize till over 2000 degrees. You are just flat out wrong man.
They have lead free alloys for use now. The ONLY reason to use lead these days is to keep a classic car "original" with period body filler.
Also, nobody gets lead poisoning from leaded body filler unless they are eating it. And no, it doesn't get nearly hot enough to vaporize.
Slashdot Mirror
Most coders don't sanitize code coming from a trusted source. They sanitize input from users, but something like a SQL injection is generally an effect of improper user-san anyway.
Imagine you have a script that just includes a user's profile data (user.php) from a flat file (stupid i know but its an example), by entering in a remote file to a field, it might be sanitized, however in a sql injection you could over right "user.php" with http://www.evilsite.com/evilscript.php
Myspace ran into this issue when they launched their mobile service. The mobile service wasn't properly stripping out javascript and the main site didn't sanitize already input data, under the assumption that sanitization had already happened. As a result, you could enter javascript into the mobile client and it would be executed on any web browser.
Yah from that comment it would seem correct however you have to TRY to open up mysql to outside connections. I just find it dumbfounding that anyone would.
Are you (or he, i haven't read his comment) trying to say that mysql was accessible from the outside to arbitrary connections directly? I find that pretty hard to believe.
Im just saying your description of the hack was entirely inaccurate.
Uh...no. The article states they just used SQL injection to insert an include to a remote php file (the idiots apparently hadnt disabled remote file includes). The included file was basically a dashboard that did directory listings and file transfers. I did a contract cleaning up a similar mess (URL-RFI Injection). The hardest part about the entire hack was probably finding the SQL injection point.
BREAKING! THIS JUST IN! There is no evidence to prove the hackers were not, in fact, members of the elite "girl scouts".
Its pretty simple to write a tool that appends a couple bytes of garbage to the end of the file past EOF which will change the hash.
Yah... cause we all know that lyrics make kids go out and have lots of promiscuous sex.
Personally I use Nero Burning Rom
there are several variants of cross-site scripting. I was referring to persistent XSS.
"Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux." The vast majority of webserver hacks have nothing to do with the OS. The most common attacks are remote file include, cross site scripting, and sql injection, all of which are platform independent.
I dunno about your state but in california you can legally change lanes even INSIDE the intersection
"For EARTH to "shed" anything except perhaps hydrogen or helium," Fixed that for you. It's not just gravity alone that traps atmospheric gases
BUSTED
2 million people showed up. Someone has to pay for porta potties, police, private security, all the big screen tv's so people a mile back on the mall could see. It's not like the inauguration was handing out cigars and caviar.
uh...HPV is NOT herpes. Herpes simplex virus versus Human PapillomaVirus. HSV doesnt even cause the same symptoms. And hpv generally goes away on its own after a couple years
It's possible that it only seems to run in families because families tend to share drinks or other objects. There could also be a hereditary gene that increases susceptibility to this particular disease but that it requires the herpes virus to trigger it
And yet "remember 9/11" will never be as catchy as "remember pearl harbor"
uh...the japanese took out our entire pacific fleet almost. As bad as 9/11 was, it doesn't quite compare.
and when you look up the vaporization temp of a substance that is the MINIMUM temperature that the substance will vaporize. PERIOD. EVEN ONE ATOM. If a single atom is heated/pressurized to vapor point then yes, you will have trace amount aerosoled.
ok apparently slashdot hates the less than sign, it cut off half that post. Anyway, lead melts at 600 degrees and doesn't vaporize till over 2000 degrees. You are just flat out wrong man.
Seriously dude. I'm a machinist and Ive welding mig, tig, and arc for 15 years. Melting point http://www.insc.anl.gov/matprop/lead/pbcp.pdf
They have lead free alloys for use now. The ONLY reason to use lead these days is to keep a classic car "original" with period body filler. Also, nobody gets lead poisoning from leaded body filler unless they are eating it. And no, it doesn't get nearly hot enough to vaporize.
only old school purists still lead bodywork. It's 99% bondo these days.
fair enough