November 14, 2012 - Categories: IT/Software Projects,How-to Guides
When I was still working at the University of Wisconsin, a co-worker of mine showed me a way to find unprotected directories indexed by Apache and web cameras. Not those kind of web cam feeds - these are usually security cameras in innocuous places, like restaurants, streets, tops of buildings... etc., that are so benign (usually) that whoever set them up decided they didn't need to be secured (or didn't know how to secure them).
Anyway, the way he found these was the interesting part. At the time, it was termed "Google Hacking" although now it is sometimes called "Google dorking." It is simply using Google to find unsecured web content with targeted search terms.
November 12, 2012 - Categories: How-to Guides
This one is pretty much a no-brainer, but I wasn't aware of it until very recently so I thought I'd share.
Source code, as you've probably seen on lots of web pages, is treated special. And for good reasons, like readability, syntax highlighting, and to protect against the use of formatted instead of plain-text characters.
November 10, 2012 - Categories: How-to Guides,Utilities And Other Useful Things
Recently ran into an issue at work where a single database was creating A LOT of trace files. 54 gigabytes of trace files to be specific. Well, this was a problem because the system disk was only 56GB, preventing me from building new databases. No problem, its a dev environment, I'll just delete the trace files that are older than 3 days. Except that the trace file naming convention wasn't consistent, so there was no way for me to delete the oldest files based only on file name.
What about the system timestamp on each file? It seemed like a good solution, but I didn't want to write a shell script to do something so minor. Then I got lucky on Google, and found this useful little gem:
November 4, 2012 - Categories: How-to Guides,Utilities And Other Useful Things
Be advised This post is quite old (04 Nov 2012) and any code may be out of date. Proceed with caution.
September 15, 2012 - Categories: Utilities And Other Useful Things
I think this topic has been covered, in varying levels, by many people on the internet. Still, I felt like I was bashing my head against the wall trying to figure this out. To prevent head trauma to some other sys admins, I thought I'd post this.
First, some assumptions. Let's assume you're a sysadmin, working mainly in a LAMP environment (or at least Linux and MySQL). Let's also assume you have a reasonable number of hosts, between 5 and 50. You don't really have the right scale to warrant setting up RADIUS or TACACS authentication systems, but it is a real pain in the ass to reset passwords on a regular basis. Last, let's assume that for some good reason, you use the same password across many machines, both for the OS and DB authentication. To change all of those passwords, you would have to SSH into each box, run a couple password change commands, and exit each host.