Just recently I found a post that described using the ipseccmd in Windows. I honestly had no idea that this tool existed for Windows. I found this article while searching for a way to block outgoing traffic on the local computer as apposed to making firewall policies. This was the perfect solution for network testing, forcing productivity, optimization and security in Windows.

To get the firewall for Windows you will need to download, Windows Support Tools. When installing make sure you select the complete option. Read more »

So recently a friend of mine, had a client that had a very odd problem. His website was working fine when you go to it directly by typing in the domain name; however, if you searched for the site in Google and clicked the link for the site it would take you to a hijacked page.

So the page only appeared hijacked when the referral was coming from Google. The hijack could go unnoticed for months. You would either have to be googleing yourself or wait until a good samaritan sends you an email warning you of the problem. I must say this sort of attack is quite clever on the hijacker’s part. The hijacked page gets the original site’s page rank and Google visits while the site owner has absolutely no clue. Read more »

Email addresses are one of trickiest input types to validate because there are multiple ways emails can be written according to the RFC2822 specification. You could have me@gmail.com, or me+spam@gmail.com, or “mark@server”@marksanborn.net, common on Linux/BSD systems.

A lot of times people will use a regular expression like:

(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})

This regular expression would work for almost all email addresses but would fail for others. For example mark@gmail.co.uk would not match. Either would mark+spam@gmail.com. Which by the way is a very useful feature for email hosts that support it. Read more »

Ever wonder how websites can tell you made a mistake entering your credit card number before you even submit it? Like most identification numbers credit cards have checksum digits built into them. Just like barcodes.

If you ever look at a EAN-13 UPC barcode (on all retail products) you will notice there is a digit outside of the regular set on the right. If any digit is out of order or mistyped you can tell that the barcode is wrong based on this checksum. It also allows barcode readers the ability to “guess” what the barcode if part of the barcode got riped or damaged. This is also how PAR files can repair corrupt damaged or even missing files. Read more »

Well for the short answer all you have to do is ask your self this simple question. Would you give your mail, credit cards and other personal information to a complete stranger? Probably not. By connecting to someone else’s internet connection you are giving them complete control over the data that you send from your computer. This may include mail, credit card information, and personal information.

Although crucial information like bank passwords are transmitted through SSL (encrypted) almost all traffic is sent in plain text. For example this blog and all blogs running Wordpress don’t use SSL to encrypt the credential exchange. Thus if you were connected to a untrusted internet service like your neighbor’s wireless they could easily see your blog’s password. This is just one out of thousands of examples where personal information could be hijacked on the account of YOU hijacking their service. Read more »

For security purposes, all user input should be validated before accepting. In this case we are going to run a regular expression to determine whether or not an IP address is valid. This function could be used on forms or web applications where you ask the user for an IP address. Read more »

A new era of credit card protection is here! Paypal is offering disposable one-time use credit cards free of charge. You don’t even need to even own a credit card to use them. A simple Paypal membership will suffice. Read more »

Often times we, as developers are required to create authentication systems. When developing an authentication system it is always best to make it as secure as possible. One of the problems that arise when creating an authentication system is storing the username and password of our users. One way to store the username and password would be to simply make a column in a table called usernames and a column called password and store each user’s login credentials in plain text. Read more »