Blended Threats

It had never occured to me that security bugs in multiple pieces of software could be linked together and exploited. Not that I recall very well anyhow. But after reading this article from Threatpost, It made sense. (As much sense, I suppose, as it could have considering my limited investigation of the example given and the concept in general.) Billy Rios developed one of these “Blended threats“, as they are called, and presented a talk about it at RuxCon and BayThreat last year. I would suggest that anybody interested read his blog post. Slides containing the code are available there as well. This is interesting stuff. See video below. Oh yeah, theres a live demo up as well. See slides.

Will It Blend – Ruxcon/Baythreat PoC Demo

Install and use a LAMP Server on Ubuntu

If you’ve been wishing that you could install a web server on your Ubuntu PC, you will be pleased to find out that you can install one very easily. All you will need is an Internet connection, and a bit of time. I hope this guide is helpful.

Here’s how to install: Open Synaptic Package Manager. Choose Edit > Mark Packages by Task. Scroll down and check the box beside “LAMP Server.” This will mark apache2, PHP, and MySQL for installation. Apply the changes. You will be prompted for some configuration information. That’s it! Punch http://localhost into your browser’s address box to test your installation.

Now I suppose you want to add some files. The server’s root directory is /var/www. If you navigate there with your file browser you will see the files, and even be able to open them with gedit, but you will not be able to edit them. This is because the directory is owned by root. There are multiple ways to work with this. You can run Nautilus from a terminal (sudo nautilus /var/www), or even create a launcher on your desktop (for this command: gksudo nautilus /var/www). However, you will probably find it more convenient to change the permissions of the /var/www folder. To do this, run Nautilus as root (sudo nautilus), navigate to the /var folder and right-click on the www folder. Give yourself access under the permissions tab. Now you can create and delete files without running your file browser as root.

Feedback welcome!

Oh by the way, you can access the server from another computer on the network as well, provided that your firewall allows incoming traffic on  port 80. Just enter http://your-ip, where your-ip is the ip address of the computer that hosts the server.

CreativeTechs >> Training

I have attended a number of classes at creativetechs training and in general, have been quite impressed at their business model. They have classes on Lightroom, Photoshop, Photography, Dreamweaver and more. I recently finished the iPhone web apps course and today I attended the first class in the Android Java Apps course. They also have ongoing events like Retouch Live, and the John Greengo Photography Show. Now, I was not in Seatle, WA in person, but rather I was in the worldwide classroom on the internet. The live events are free, and they make money off the paid downloads. Rather than explaining it further, I’ll just send you there:

CreativeTechs also offers Seatle Mac support.