Most of my work is available publicly, but some development is hosted on a private SVN that’s hidden behind a firewall. Unfortunately, my primary development server is on the wrong side of that particular firewall, so I use the following command to bridge the gap:
ssh -R 1980:svn_host:80 username@dev_server.com
That creates a reverse tunnel through my laptop [...]

Posted October 15, 2009 by Casey Bisson
Categories: Technology. Tags: networking, security, SSH, tunnel, tunneling. One Comment.

A quick Google search of klaomta.com reveals more than a few people wondering why it’s iframed on their websites. The answer is that the site has been compromised.
Unfortunately for the fellow who asked me the question at WordCamp, solving the problem can be a bit of a chore. Keeping your WordPress installation up to date [...]

Posted October 9, 2009 by Casey Bisson
Categories: Dispatches, Technology. Tags: cracking, klaomta.com, security, web site, web spam. Be the first one.

Stefan Savage, speaking in a segment on March 13’s On The Media, asked:
The question I like to ask people is, what are you going to do to the highway system to reduce crime. And when you put it that way, it sounds absolutely ridiculous, because while criminals do use the highway, no rational person is [...]

Posted March 31, 2009 by Casey Bisson
Categories: Politics & Controversy, Technology. Tags: crime, highways, internet, metaphor, security, social problems, technical problems, trust. Be the first one.

This is an old one, but because I’m in the air again today it’s worth digging up this up. Defense Tech long ago pointed out The Identity Project’s position on showing ID for air travel:
If a 19 year-old college student can get a fake ID to drink, why couldn’t a bad person get one, too? [...]

Posted March 11, 2009 by Casey Bisson
Categories: Politics & Controversy. Tags: air travel, airport security, homeland security, identity, insecurity, security, transportation security. Be the first one.

WordPress 2.7 requires that plugins explicitly white list their options using a couple new functions. WordPress MU has required this security measure for a while, and it’s nice to see an evolved form of it brought to the core code. Migrating Plugins and Themes to 2.7 article in the codex offers some guidance, but here’s [...]

Posted December 17, 2008 by Casey Bisson
Categories: Technology. Tags: compatibility, form validation, plugins, security, wordpress, WordPress 2.7. 6 Comments.

Presidential Limos are armored, yes, but Gregg Merksamer reveals that George W. Bush’s limos sport five-inch thick glass, more than twice as thick as in Clinton’s limo. Merksamer should know, he wrote the book on so-called “professional cars”. He says half an inch is enough to stop a .44 magnum at point blank range, and [...]

Posted November 4, 2008 by Casey
Categories: Dispatches, Planes, Trains, & Automobiles, Politics & Controversy. Tags: armor, armored car, bulletproof glass, fear, limo, limousine, politics, presidential limo, security, vehicles. 2 Comments.

GreenSQL promises to protect SQL databases against SQL injections.
GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).

Posted September 10, 2008 by Casey
Categories: Dispatches, Technology. Tags: firewall, security, sql, sql injection. Be the first one.

Amanda Mooney posted a note about being told she needed corporate permission to take a picture in a store. Mooney’s interest was in telling others how much she likes the products and the brand — exactly the sort of word of mouth advertising most brands are anxious for, but imagine some more pedestrian uses: what [...]

Posted August 18, 2008 by Casey Bisson
Categories: Photoblog, Politics & Controversy, Technology. Tags: corporate, photography, police state, retail, rules, security, social communication, terrorism. One Comment.

I’ve been pretty aware of the risks of SQL injection and am militant about keeping my database interactions clean. Mark Jaquith today reminded me about the need to make sure my browser output is filtered through clean_url(), sanitize_url(), and attribute_escape(). Furthermore, we all need to remember current_user_can(), check_admin_referer(), and nonces.

Posted August 16, 2008 by Casey Bisson
Categories: Technology. Tags: coding standards, Mark Jaquith, php, security, SQL injections, web security, WordCamp, wordpress, XSRF, xss. Be the first one.

Corporate networks are defenseless against the growing threat from instant messaging, and the government warns WiFi is insecure and easily sniffed.
Experts suggest we take precautions against the growing risk of p2p software that’s exposing sensitive documents and threatening national security.
Businesses blame security problems on their employees, their mobile devices, and other consumer technologies.
And now we [...]

Posted November 19, 2007 by Casey Bisson
Categories: Politics & Controversy, Technology. Tags: im, myspace, networking, networks, p2p, security, Technology, threat, threats, wifi. One Comment.