PHP is working for a couple of years to ditch mysql_ extension from PHP. See this post: http://news.php.net/php.internals/53799 So if you are like me and have created hundreds of thousands of lines of code in the 'ol mysql_ extention, you might want to rewrite all that stuff before PHP6 comes out. Clever move, PHP. The object orientated folks know it all! They think that using mysqli or pdo
Forum: News and Links

Design your own genes, proteins, virus circuits with biobricks. http://partsregistry.org/Catalog http://www.neb.com/nebecomm/products/productE0546.asp https://www.dna20.com/genedesigner2/ How cool is that?
Forum: OMG Ponies

Tell me moar!
Forum: Search Engine Hacking and SEO

_Andy, that's fun for some lulz, but no lessons are learned there. Most pentesters will grab it and run it on some level of trust. I always make the distinction between hats (all colors) and pentesters, often pentesters are not versed in these things, since a lot of them are simply sysadmins or someone put in charge with a silly ISC2 / CISSP paper without any real world experiences. That said, mo
Forum: OMG Ponies

@Gareth Heyes Ah yes, that might be a good consideration as well. Personally I have no clue if his obfuscation is any good, I don't feel very at home at obfuscating stuff, let alone de-obfuscating it, although I do know that it's pretty much all the time pointless to pursuit cloaking JavaScript it from an attackers standpoint. Not to mention the valid argument of yours that it can break all sor
Forum: Obfuscation

I do must give fsilva some credit for putting this up for peer review, that is to be encouraged in my opinion.
Forum: Obfuscation

If you reason like; As long as I don't understand what I am doing, plus adding some pseudo complexity that might actually weaken it beyond your scope because of the false assumption that more insecure seeding is better than no seeding at all, frankly the answer would be: No.
Forum: Projects

Oh, if it's on a console you might try to dig up the schematics, or some published cracks of it, assuming others are looking for weaknesses in devices too.
Forum: Projects

Most useful is getting pr0n, of course. Then CIA/NSA ultra secret documents, and maybe whitehouse twitter passwords, probably in that order.
Forum: SQL and Code Injection

@sirdarckcat awesome pic dude.
Forum: News and Links

TRS80? Sounds like a drum-machine to me. Oh that was the TR-808
Forum: Intro

Short answer (since I'm going to bed in a moment) did you try to race the hash? i.e. by getting at least 5 to 10 pairs per seconds and try to find discrepancies? If you can trigger 5-10 requests per second with no difference, but in every Nth second, it could be that they use a UNIX time-stamp, micro-time is somewhat harder to race against, but not impossible. That's what I would do first in such
Forum: Projects

Wow the ol' marquee bug rears it's head again!
Forum: News and Links

Ok, well the threads reads: is it possible to view PHP files? so yes, that's possible.
Forum: SQL and Code Injection

@Reiners Of course, wasn't that obvious? Hence: "Another scenario" some might not be aware of.
Forum: SQL and Code Injection

Another scenario is that some scripts allow streaming of files, including PHP files in the form of attachments, you'll notice them with: download.php?file=blah.zip <- just locate a PHP or any other file.
Forum: SQL and Code Injection

I called that Chinese Nike spammer last month but forgot to save the call.
Forum: OMG Ponies

...and he is now part he & more of a she, or almost a she, to make it more complex. I'm like a chameleon right now, I'm all over the place (; anywhocares, my oldest account here is from 10/30/2006 man, can you believe it? almost 4 years slacking here!
Forum: Intro

hehe well he had about 3 other accounts here as far as I know.
Forum: Intro

<Thinking-OutLoud> I think the ultimate lesson to learn here is simple: Everyone who think that they don't make mistakes, eventually make inevitable mistakes. Maybe that's why peer review is so important in scientific circles? a comforting thought... </Thinking-OutLoud>
Forum: News and Links

LIVECONNECT - Some research I did couple of years ago, might be useful to share. This is gathered and not everything might work as it contains test cases I wrote, and snippets from other resources which maybe cannot be found elsewhere anymore. Introduction LiveConnect is a library that permits JavaScript and Java virtual machines to interoperate. Specifically, it enables JavaScript to access J
Forum: Projects

@nedsbeds That's a good example indeed. It could open up a big can of black SEO.
Forum: News and Links

Interesting Gaz. So only CSS? no JS? and does it needs to work in all browsers? most CSS3 is poorly supported yet (like: move-to for moving content for example), Opera excluded of course.
Forum: OMG Ponies

Playing around with the <keygen> tag a couple of minutes and found this. Later on after I posted it on Bugzilla (546308) I found that Thierry Zoller among others had discovered it already a bit earlier (Bug 469565). Practically the same, though in practice different. On first glance it might look an obvious denial of service, one key point has been omitted in the other bug in my opinion. Ke
Forum: DoS

I've been in graphic design and this is more common than one would want to believe. I've never been on very good terms with Stefan Esser, but this is somewhat notably funny imho. After visiting sektioneins I stumbled upon a very nice idea: a PHP security poster, to hang on your wall next to your pinups and playboy foldouts. However, as in code so in print: humans make mistakes. I instantly
Forum: News and Links

rvdh here to inform you, SAS(ha) is my new account under which I will be posting. id: I think I got added in in your ip tables, because I had to use a proxy to reach here after signing up and making a dozen queries to mark everything read on this board.
Forum: Intro