Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
Even though this article is written in response to SQL Injection attacks in/on ASP/IIS, it is just as relevant to PHP/MySQL.
Michael Howard writes: You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real attack was compromised Web pages that serve up malware to attack user's through their browsers. In essence, there were two sets of victims: the Web site operators and the users who visited the affected Web sites. In this post, I want to focus on what the first set of users, the Web site operators, can do to protect themselves.
The fact that the malicious payload was so generic shows that the science of SQL injection has not taken a back seat to research in other vulnerability types, such as buffer overflows or cross-site scripting issues.
I think the first lesson from this attack is this:
If you have a Web server (doesn't matter what type), and it's hooked up to a database (doesn't matter what type) you need to go in and review your code that performs the database work.
So now that you've determined the database access code, now what? The SDL is very specific about what do here, there are three requirements - they are requirements not recommendations, which means you must do the following coding requirements and defenses
* Use SQL Parameterized Queries
* Use Stored Procedures
* Use SQL Execute-only Permission
Posted by Raven on Saturday, May 31, 2008 @ 00:22:07 EDT (1420 reads) (Read More... | 6929 bytes more | Score: 0)
Top ten worst spam registrars notified by ICANN
Top 10 Illicit Domain Registrars CHINA - Xinnet Bei Gong Da Software, BEIJINGNN, Todaynic
GERMANY - Joker
USA - eNom, Inc., MONIKER, Dynamic Dolphin, The Nameit Co/AITDOMAINS.COM, PDR, Intercosmos/DIRECTNIC
More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database. With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints. ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations,” explained Stacy Burnette, Director of Compliance at ICANN. “Infringing domain names are locked and websites removed every week through this system.”
Preview the Conan Red theme at the PortalThemes RavenNuke(tm) Themes test site.
(Select ConanRed in the top left dropdown list.)
Includes a matching forum theme.
PSD file included for the header.
Posted by Raven on Sunday, May 25, 2008 @ 08:26:26 EDT (1830 reads) ( | Score: 0)
NukeSentinel(tm) 2.5.18 Released
2.5.18 CHANGES (2008-05-23): · Includes IP2Country 2008-05-19 updated imports. · Not in upgrade package. · XHTML compliance updates. (99% compliant) · Updated graphics. · Updated many of the admin scripts. · Renamed many files to better fit naming scheme. · Improved paging in admin pages. · Updated DB Maintaince functions. · Added DB Backup function. · Replaced <marquee> tags with javascripting for XHTML compliance.
Posted by BobMarion on Friday, May 23, 2008 @ 22:18:23 EDT (1254 reads) ( | Score: 0)
pancake.org : sergids.com : MP3player and Top Music Module - see online-demos
Features * Auto-link generation
* Stores pages in database
* Graphical editing of site
* Basic search engine
* Delete pages in edit mode
* Simple code
* Easy to install
* Modification time records
* Extensive docs as part of the wiki.
* Build-in editor
* Easy to install
* Simple to use.
* Index page function"
Posted by Raven on Friday, May 23, 2008 @ 08:05:33 EDT (2309 reads) ( | Score: 0)
FTC New E-mail Address for Deceptive Spam
nb1 writes "The Federal Trade Commission receives about 300,000 samples of deceptive spam – forwarded by computer users each day, and stores it in a database. The FTC and its law enforcement partners use the database to generate cases against people who use spam to spread false or misleading information about their products or services. To better handle the high volume of spam forwarded to the database, the FTC recently opened a new email box
The FTC’s spam database has served as the basis for FTC cases involving pyramid schemes, money-making chain letters, credit card scams, credit repair scams, bogus weight-loss plans, fraudulent business opportunities, and other scams that were promoted via email.
Consumers who wish to forward unwanted or deceptive spam to the FTC should use the New E-mail address. Whenever you complain about spam, it's important to include the full email header.
DESCRIPTION: Some vulnerabilities have been reported in FileZilla, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. The vulnerabilities are caused due to the precompiled packages including a vulnerable version of the GnuTLS library. The vulnerabilities are reported in versions prior to 3.0.10.
Posted by Raven on Wednesday, May 21, 2008 @ 15:45:33 EDT (1216 reads) (Read More... | 1272 bytes more | Score: 0)
ewebsite.biz: great hacks for articles, modules, blocks etc.
nukeevangelist writes "Hello dear friends on Ravenphpscripts.com.
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
