Tag: security

The Dog That Didn’t Bark
Life: , , , ,
Comments Off on The Dog That Didn’t Bark

Silver Blaze is one of the most popular Sherlock Holmes stories, in part because (spoiler alert for a 118-year old story you can read by clicking that first link) the mystery is in part solved by Holmes recognizing that something didn’t happen:

Continue this post

Cambrian Development
Biz: , ,
Comments Off on Cambrian Development

Since I posted about Cambrian House last night, they’ve responded to me. I sent a heads-up mail to them (because I saw their blog didn’t pick up the trackback I sent) and got a brief thank-you note back from the CEO/founder saying they’d fix their permissions problem.

Continue this post

Pre-Cambrian House
Biz: , , , , ,
Comments Off on Pre-Cambrian House

I was poking around reddit and followed a link to CambrianCode.com, an all-Flash (ugh!) puzzle game. There’s a few of these “guess how to get to next level” games online and they all just annoy me. Yes, you’re so clever. No, I find patronization alluring. Yes, I’ll spend my time on this for no discernable reward.

The puzzle is run by Cambrian House, a mysteeeeerious stealth startup that has only a teaser page online. If there’s one thing that annoys me more than Flash puzzle-level games, it’s stealth startups.

So I went poking around some more and found a development copy of their website. And much to my surprise, it’s actually a darn cool business idea. So cool that after I wrote a whole “Mwaha, I’m raising the curtain early!” post I thought better of it and am only going to post this for now. It was clever and fun, there’s going to be a ridiculous amount of buzz around this company when it launches. And I got to register as user #9, which was damn funny when I noticed their “About Us” page lists 17 employees.

Confidential to CH in Calgary: it’s really tacky to litter your URLs with “.php” and get variables. Put the following in your .htaccess file and have index.php take apart the URL with the PHP code below and route to your different pages. URLs like “/community/member/Harkins” look much nicer than “/community/member-profile.php?users_id=9”. (Or ask me about mod_rewrite.) 

<Location /secret_development_environment>
    Order Deny,Allow
    Deny from all
    Allow from 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 .cambrianhouse.com
</Location>

RewriteEngine On
RewriteCond    %{REQUEST_FILENAME}  -d [OR]
RewriteCond    %{REQUEST_FILENAME}  -f
RewriteRule     ^(.*)$  - [L]

RewriteRule ^(index.*) - [QSA,L]
RewriteRule ^([^.]*)$ /index.php [QSA,L]


function url_parse() {
$url = $_SERVER['REQUEST_URI'];

// we don't want to pass get vars or anchor tags on to the script
if (strpos($url, '?'))
$url = substr($url, 0, strpos($url, '?'));
if (strpos($url, '#'))
$url = substr($url, 0, strpos($url, '#'));

//remove leading slash and possible trailing slash, store in $url
if (substr($url, 0, 1) == '/')
$url = substr($url, 1);
if (substr($url, -1) == '/')
$url = substr($url, 0, -1);
if ($url == '/')
$url = '';
$url = explode('/', $url);

return($url);
}

Cambrian House house responded to me.

NDAs: Fear and Shame
Biz: ,
Comments Off on NDAs: Fear and Shame

The two fundamental reasons NDAs exist are fear and shame, and that’s only halfway a bad thing.

Continue this post

Defeating Hardware Keyloggers
Code: , ,
Comments Off on Defeating Hardware Keyloggers

Keyboards
Last week I saw a nice article on building hardware keyloggers and today I saw a response on how to defeat them.

Continue this post