Tag Archives: Software Sagacity

Using Wget with Cookies

October 30, 2014 Andrew Palczewski 6 Comments

One of the powerful tools available in most Linux distributions is the Wget command line utility. With a simply one-line command, the tool can download files from the web and save them to the local disk. While this capability might initially seem only moderately useful (Why not just use Chrome or Firefox to download the file?) – most Linux servers are managed remotely through a tool called SSH. SSH normally offers only a command line interface without any graphical components, so all the server maintenance needs to be done through the command line. Wget is used constantly throughout the installation process to download files from the Internet and install new programs on the system.
Continue reading →

Why Salt is Critical for Data Encryption

October 27, 2014 Andrew Palczewski Leave a comment

From banking and finance to healthcare, as highly sensitive database applications have migrated to the Internet, it is absolutely vital to ensure that their data is properly protected. Sensitive data that is stolen can be used to not only damage the reputation of the originating company, but also wreak havoc on the personal lives of individuals. As has been seen from the massive-scale data breaches that have recently proliferated the news, from Target to Home Depot, even multi-billion dollar companies that follow multitudes of data security protocols cannot be kept safe from breeches. With swarms of bots searching the web for vulnerabilities in any and every web application and publicly accessible machine, it is vital to follow hold all sensitive data to a high level of security.
Continue reading →

Multiple SSL Certificates on One IP Address

October 21, 2014 Andrew Palczewski 1 Comment

Whether due to network configuration requirements or load-balancing, configuring multiple SSL sites on a single IP address can often provide more flexibility and ease of maintenance. The challenge with the implementation is that older browsers can only interact with one SSL site per IP address on port 443. Addressing this problem are two primary solutions: port redirects and virtual directories.
Continue reading →

Could Windows Servers Be More Secure than Linux?

October 18, 2014 Andrew Palczewski Leave a comment

Over the past fifteen years, Linux has built its brand around security and flexibility. The open source community and many technology aficionados berate Windows for its security flaws, and hail Linux and Apple as the platforms for serious, reliable computing. Few serious studies have rigorously compared the platforms in the wild, and those that do are often accused of bias. Temporarily setting aside the prejudice that most have regarding the issue, could it be possible that in certain instances, Windows Servers are indeed more secure than Linux?
Continue reading →

Automatically Securing a Web Folder

September 15, 2014 Andrew Palczewski Leave a comment

Web applications often store dynamic data in folders together with the application. From WordPress to Magento, many open source apps default to intermingling the data with the application folder structure. Although this provides a simpler deployment and ease of installation for newcomers, it also provides a significant security loophole for exploit by hackers.
Continue reading →

PayPal Payment Processor Integration

September 14, 2014 Andrew Palczewski Leave a comment

One of the factors that has led to PayPal’s growth and ubiquity is their well-built API for payment processor integration. The API enables online stores to directly process credit card transactions on their websites, using PayPal as the back-end gateway for the transactions. Throughout the process, the users themselves are kept isolated from the fact that PayPal is used as the payment gateway through an intelligent and transparent API.
Continue reading →

WordPress Shopping Cart – How to Use Custom Meta Variables

June 30, 2014 Andrew Palczewski Leave a comment

While the WordPress Shopping Cart plugin is far from a comprehensive online store, it still provides an easy and cheap way to sell products online. Although the stock implementation might work well for a simple product catalog, many users will need to customize the product listing based on product settings. In order to accomplish this, the cart as a feature called “Custom Meta” variables; we will explore how to use these variables to change the way products are displayed.
Continue reading →

The Secret Message within Wikipedia

June 16, 2014 Andrew Palczewski Leave a comment

At the University of Taiwan, several researchers are bringing message encoding to the next plateau. Funded by Taiwan’s Ministry of Education, under the “Aiming for the Top University” (sic) program, two researchers have uncovered a way to hide secret messages in the revision log of Wikipedia. Their findings are detailed in the paper “A New Data Hiding Method via Revision History Records on Collaborative Writing Platforms.”
Continue reading →

Encrypting Passwords for the Web

May 23, 2014 Andrew Palczewski 1 Comment

ASP.NET, PHP, and most web platforms offer a variety of techniques for data encryption, ranging from simple hashing to fully reversible encryption algorithms. Developers will need to choose the algorithm that offers the most security possible, while sacrificing the least amount of capability.
Continue reading →

Enable and Test URIDNSBL DNS Blocklists with SpamAssassin

May 22, 2014 Andrew Palczewski 1 Comment

SpamAssassin, the most popular open-source spam fighting software, is used by email server administrators to reduce spam and improve user productivity. One of the features of SpamAssassin is dynamic lookups of domain names to see if they are on a DNS blocklist maintained by web authorities.
Continue reading →