Some time ago I was looking for a password vault and came across some recommendations for KeePass. KeePass is open source and free. It's a nice password manager and some of the features I like are:

• Strong encryption of the password database
• The ability to use a password, key file, or the combination of the two to secure access to said password database
• A password generator with a multitude of options
• The ability to copy the password to the clipboard (without ever showing it) and have it clear the password after a set amount of time
• Organize password entries by groups and subgroups (think folders)

A new version, 1.09, released in October. There is also a …

For a variety reasons, including personal/family concerns and workload, I've not been able to write as often as I'd like. That doesn't just include the blog, but also writing articles. It's been a long while since I've written an article for SSC. I want to get back to writing at least monthly, if not more often. One of the keys to writing well is to write every day. Therefore, I'm going to provide some structure to the blog in order to make it easier to post every weekday with something that will hopefully be useful. Here's the types of posts that should be present based on the day of the week:

• Monday - Career Development
• Tuesday - Tips, Tricks, and SQL Scripts
• Wednesday - Tools, Tools, and More Tools
• Thursday - Tips, Tricks, and SQL Scripts
…

Recently I had some trouble with the server where all of my websites are hosted.  Business site, various blogs, there is lots of stuff on there, not to mention backups of work, email, and all sorts of things I do not really want to lose.

I first noticed the trouble when I couldn’t login through the command line.  Strangely the websites were still running.  I called the hosting company, and after talking with them for a while, managed to login as root.  That was working.  But it was acting quite odd.  There were some errors in the /var/log/messages about ssh not being able to set uid 10003, the uid of my login, shull.  I pondered.  I thought.  I sat circumspect.

I investigated for a while, and called up 1 & 1 again.  I have a root server, but they’re not really supposed to support maintaining the machine itself.  Then I got to thinking, I could spend hours diagnosing …

I read a lot about MySQL backups using LVM Snapshots on Linux, WAFL Snapshots on NetApp and more recently ZFS Snapshots. But did you know you can do the same under FreeBSD?

FreeBSD has had snapshot capability since around 2001 allowing administrators to take a frozen image of a filesystem at a given instant in time with minimal impact on the server / filesystem. So how does …

Basically, if you need a job, or hate your current job, and have time to commit, and if you’re a professional, or just disciplined and care about every little thing you do..Or, if you just want to work with me.. :

Geneva Data, an Internet Security company is looking for PHP developer to work on a unique project in San Antonio, Texas.
We?re open to a full-time, part-time, contract, consulting or project work. We just want the most innovative local PHP programmer available (with experience.)

“Experience” means you can show us proof of your work … whether you have been in the workforce for 6 months or 60 years.

“Innovative” means that you?ve never encountered a problem that you couldn?t solve. We appreciate individuals who experiment with new technologies on personal projects. Creativity is a plus with us.

? MySQL and/or Linux proficiency is a further plus.

? Experience …

I've spent my spare time the last few weekends helping a non-profit called Fast Forward here in the Columbia, SC area. I don't post this here to blow my own horn but rather to point out the need many non-profit organizations have for quality IT support. Most non-profits operate on a limited budget meaning they take help where they can get it. Often times there just isn't money left in the budget for a services contract, etc., even for an organization like Fast Forward.

This is where knowledgeable folks can really make a difference. I know the usual excuse: after spending all week looking at a computer screen, the last thing anyone wants to do is spend the weekend working on computers. I've been there, so I understand that feeling completely. However, I have to say that the time I've spent working at Fast Forward has been personally rewarding. There's a sense of accomplishment …

On Tuesday our CIO, Johann-Peter Hartmann, gave a Web-seminar about security issues in the Web 2.0 era. We had about 140 participants and some very good questions in the following Q&A Session. We would like to thank you for the response and also we´d like to thank Jürgen from MySQL, our webinar-host.

We uploaded our slides as promised. To download them, click here.

If you missed the Web-Seminar you get a chance to see the recording of it here.
But be aware: It´s in german!!!

For english readers/speakers: Johann held an english security talk some time ago. Find it here

We already heard that …

Hi Folks,

This is an announcement for a webinar in German. Therefore only written in German. If you are interested in the security topic be sure to see the english webinar, which is stored here.

Web-2.0-Anwendungen absichern

Die verbesserte Einsatztauglichkeit der Web-2.0-Anwendungen wird auf Kosten von neuen Sicherheitsproblemen erworben. Sowohl die mächtige Logik im JavaScript als auch der permanente Login auf vielen Sites bergen Risiken, die anders und gezielt beantwortet werden müssen. Dieses Webseminar gibt einen Überblick, bewertet die Probleme und stellt Lösungswege vor.

Wenn Sie Web 2.0- und AJAX-Anwendungen entwickeln, ist dieser Vortrag genau das Richtige für Sie! Hier erfahren …

It has only been two years since Tim O'Reilly coined the phrase Web 2.0 and even shorter time since Jesse James Garret created the shortcut AJAX for the base technology of modern internet applications. In this period the nature of web applications underwent a major change in user experience and development methods.

It is the age of integrated communication. Content is created using rich interfaces by users for others users, collected by feed aggregators, collaboratively bookmarked, tagged, complemented by maps and delivered as a service for mash-ups. A good portion of this services a supplied by the LAMP (Linux, Apache, MySQL, PHP / Python / Perl). Since every technology has its dark companion, new security risks arose, and others grew more important.

If you are developing Web 2.0 and AJAX applications and want to know about the old and new security risks, …

Looking for code inclusions?
The versatile google cluster has a solution for this, like for many other tasks.
This search

lang:php \secho\([^)]*_REQUEST[^)]*\); lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in an SQL query, for instance with lang:php \smysql_query\([^)]*_REQUEST[^)]*\); .
This alone yields 50 results for each query, but it may be varied with printf() instead of echo() or just …