Recent Concerns about Node.js Security

Posted by & filed under Node.js, Security.

There’s a growing risk of maliciously crafted npm modules wreaking havoc on our Node.js applications. I wrote a post over on my employers blog entitled The Dangers of Malicious Modules which explains a lot of these dangers. For example, did you know that a module which is loaded anywhere in your application’s dependency chain can… Read more »

Extended Pigpen Cipher to Include Numbers

Posted by & filed under Security.

Here’s my extension to the classical pigpen (Freemason’s) cipher. It is backwards compatible with the old version. I simply add numbers into the diagonal parts of the graphic, which adds 10 extra symbols, coincidentally the same as the numbers we use to count with. The thing that makes the Pigpen cipher so cool is that… Read more »

External: Salted Password Hashing

Posted by & filed under Security.

I just saw this kickass post on password security. It is a bit better than my old article, as it provides some better examples more technical examples. Check it out for some great explanations on password encryption.

Per-User Password Hashing Algorithms

Posted by & filed under Security.

Quick Warning: I started to write this article, then went and consulted with one of my co-workers. He explained to me the bcrypt library. PHP implements bcrypt as the crypt() function. When using the blowfish algorithm in bcrypt, an argument can be passed for the complexity of the hash, where each increment increases the complexity… Read more »

Really simple SSH proxy (SOCKS5)

Posted by & filed under Linux, OS X, Security.

SOCKS5 is a simple, eloquent method for getting yourself a proxified connection to the internet. All you need to get a proxy connection working is to run an SSH server somewhere, run a single command locally, and configure your software (or OS) to use this proxy.

Web Spidering

Posted by & filed under PHP, Security.

Spidering, in its simplest form is the act of transferring data from one database to another. Spidering requires the use of Regular Expressions, the cURL library (if POST data or cookies are used), and the cron libraries (if we need to download information with a schedule).

Password Encryption, Hashing, Salting Explained

Posted by & filed under Security.

Renowned Media has had several questions about password security, one way encryption, password hashes, salting hashes (not a food reference I swear!), the risks of having a database hacked, and the like. This non-technical article will go into detail about these concepts, and will contain a few examples but will not contain any code. Feel free to apply these concepts with any programming language you please.

Data Hiding in a Word Document

Posted by & filed under Security.

Originally written by Thomas Hunter as a homework assignment in college. The object of the assignment was to hide data inside of a word document. The Microsoft Word version that I used is 2007 as that is the version that I own. Several months I read an article about Microsoft’s attempt to turn its new… Read more »