There’s a growing risk of maliciously crafted npm modules wreaking havoc on our Node.js applications. I wrote a post over on my employers blog entitled The Dangers of Malicious Modules which explains a lot of these dangers. For example, did you know that a module which is loaded anywhere in your application’s dependency chain can… Read more »
Posts Categorized: Security
While looking into creating an OAuth 1.0a provider using PHP, I came across this article by Rasmus Lerdorf on using the PECL OAuth extension. He had some code in place for generating a consumer key and private key pair, and it would chop up a sha1 hash and use those, which works fine and provides… Read more »
Here’s my extension to the classical pigpen (Freemason’s) cipher. It is backwards compatible with the old version. I simply add numbers into the diagonal parts of the graphic, which adds 10 extra symbols, coincidentally the same as the numbers we use to count with. The thing that makes the Pigpen cipher so cool is that… Read more »
I just saw this kickass post on password security. It is a bit better than my old article, as it provides some better examples more technical examples. Check it out for some great explanations on password encryption.
Quick Warning: I started to write this article, then went and consulted with one of my co-workers. He explained to me the bcrypt library. PHP implements bcrypt as the crypt() function. When using the blowfish algorithm in bcrypt, an argument can be passed for the complexity of the hash, where each increment increases the complexity… Read more »
SOCKS5 is a simple, eloquent method for getting yourself a proxified connection to the internet. All you need to get a proxy connection working is to run an SSH server somewhere, run a single command locally, and configure your software (or OS) to use this proxy.
Spidering, in its simplest form is the act of transferring data from one database to another. Spidering requires the use of Regular Expressions, the cURL library (if POST data or cookies are used), and the cron libraries (if we need to download information with a schedule).
Renowned Media has had several questions about password security, one way encryption, password hashes, salting hashes (not a food reference I swear!), the risks of having a database hacked, and the like. This non-technical article will go into detail about these concepts, and will contain a few examples but will not contain any code. Feel free to apply these concepts with any programming language you please.
Originally written by Thomas Hunter as a homework assignment in college. The object of the assignment was to hide data inside of a word document. The Microsoft Word version that I used is 2007 as that is the version that I own. Several months I read an article about Microsoft’s attempt to turn its new… Read more »