Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - BoL

Pages: [1] 2 3 4
Traffic / Best way to get into wikipedia?
« on: July 21, 2018, 08:16:59 PM »
Pretty much as per title. I have a topic that IMO totally 'deserves' a page but on a previous attempt the editors deemed it wasn't worthy.

Water Cooler / More Data Leaks - Exactis, 340 million records
« on: June 29, 2018, 11:48:24 AM »

"simply used Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses. That returned about 7,000 results. As Troia combed through them, he quickly found the Exactis database, unprotected by any firewall."

"Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics: whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel."

Traffic / History of Search Engines Posts
« on: June 05, 2018, 10:00:01 AM »
Plenty of you I'm sure have read those mega long blog posts that cover the general timeline of search engine evolution, I remember reading some but never bothered to bookmark or remember who wrote them, they just seemed cool to read at the time. They tended to be written by SEOs who'd seen the day to day news and gradual changes implemented.

I'm interested in one that covers the general timeline of engines, mainly Google and how the real estate for organic has shrank, and how privacy has been eroded.

It'll be used by someone whose relatively inexperienced that can muster some context and facts from those articles

Do you recall any good ones (in the context of they covered the points you felt were most important)? Might need to check the wayback machine if it's older but relevant.

Web Development / Language Detection / Template Extraction
« on: May 18, 2018, 08:54:59 PM »
I'm in need of two tools or at least some inspiration for best practice

1st is detecting languages used on web page, as some tests show that lang attributes are accurate 80% of the time, so something more robust that actually looks at the content. I'm aware of a technique that looks at two-three character combos which apparently works well, also perhaps popular words from each language. Anyone seen an implementation (with code or explanation) that works well?

2nd is somewhat related, evaluating 1 or more web pages from a domain and being able to detect the main content area of a page. Seen anything that claims to work well (code or explanation would be great)

In an official statement Thursday, the European Commission announced it will cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, following Britain's eventual departure from the European Union

So hopefully there's no UK registrants of .EU domains with a prominent domain...

Best comment:
It's to all that, then?

Water Cooler / Google's shortfalls laid bare
« on: December 20, 2016, 07:31:28 PM »

Google has said it is "thinking deeply" about ways to improve search, after criticism over how some results - including ones discussing the Holocaust - were ranked.

If they'd stuck to showing 10 blue links and ads maybe it wouldn't be so bad...

Water Cooler / Distributed Card Hacking
« on: December 05, 2016, 08:56:25 PM »

Starting with just the first six digits of a card, the system guessed the remaining details and tried the combinations on many sites at the same time.

Sounds pretty clever, basically they are exploiting validation much in the same way messages about "wrong username" or "wrong password" instead of "wrong username or password" messages divulge TMI for login data.

From the paper linked to in the article

Moreover, if  individual merchants we re  trying to improve their security by  adding more payment fields  to  be verified on their site , they  potentia lly  inadvertently weaken the whole  system by creating an opportunity to guess the value  of another  field , as  explained later in the article

vulnerabilities described in this article apply to cards that do not enforce centralised checks across transactions from different sites. Our experiments were conducted using Visa and MasterCard only. Whereas MasterCard’s centralised network detects the guessing attack after fewer than 10 attempts (even when those attempts were distributed across multi ple websites) , Visa ’s payment ecosystem does not prevent the attack ( see Section VI. D ). Because Visa is the most popular payment network in the world, the discovered vulnerabilities greatly affect the entire global online payments system.

Guessing an expiry date takes at most 60 attempts(banks typically issue cards that are valid for up to 60 months), and subsequently,guessing the 3-digit CVV2 takes fewer than 1,000 attempts. Hence, expiry date and CVV2 are guaranteed to be obtained within 60 + 1,000 = 1,060 guesses.



Ivan Kwiatkowski knows plenty about how these shenanigans go down, and unfortunately for the would-be scammer on the other end of the remote connection he also knows a fair bit about social malware. Kwiatkowski played along, allowing a scammer named Dileep to connect to his virtual machine — which he’d intentionally left vulnerable —  and played dumb while various DOS commands were run to make him think his machine was riddled with malware.

Web Development / WebHostingTalk Hacked
« on: July 09, 2016, 11:33:48 AM »
Their database for sale, I don't think they've announced this anywhere yet.

Since we're all experienced here I'm sure we'd have used different passwords there if signed up already ;)

From the offer:
On TheRealDeal website, a vendor with a solid reputation is offering the Mac-Forums database for ~$775.00, which includes 291,214 accounts.

The Hot Scripts database, with more than a million users, is currently going for ~$1,900.00.

The Web Hosting Talk database, with 498,321 users, is also available for ~$1,900.00.

Hardware & Technology / Update your webmin/virtualmin
« on: May 26, 2016, 11:18:55 AM »
There's a security bug in Authentic Theme shipped with Webmin devel versions 1.794 and 1.795; if you use any other theme, you're not vulnerable; and if you're running a non-devel version (1.790) you're not vulnerable. We'd audited Authentic for security issues before adding it to the default Webmin package a few months ago, but a new feature got added to the theme recently without proper code review.

Since it's the kind of bug that could end up getting your entire server owned, best patch it if it applies to you.

Apparently it's being used in the wild and the devs have just been brought up to speed on it.

rm -rf

The beauty/horror of it is he was using something called Ansible, which is used as an extra layer in managing multiple servers. Not so convenient when it deletes absolutely everything on all your servers!

Hardware & Technology / Namecheap's "Move your domain day"
« on: February 03, 2016, 12:26:48 AM »

I believe the tl;dr is "transfer your domain for $3.98", limit of 50 domains... though they're headlining it as donating some of the proceeds to the EFF.


Global social media marketing company GoSocial has acquired PAR Program for $12 million. PAR Program was founded by Jeremy “ShoeMoney” Schoemaker in late 2012. This is Schoemaker’s 4th company sale in the last 7 years.

Unfortunately, no pictures in the article.

Hardware & Technology / IPv6
« on: October 14, 2015, 05:59:00 PM »
Are your sites/software configured for IPv6 yet?

In the past couple of months ARIN had ran out of IPv4 addresses to allocate, and maybe/not they will reclaim ranges from people not using them.

I've never paid much attention to configuring things with IPv6 in mind, but really should.

I think by default Apache/nginx will listen on port 80 for both IP versions.

Pages: [1] 2 3 4