December 2006 Archives

MIME Injection Attacks

By Robbie Bow on December 28, 2006 12:40 AM | | Comments (0)
Ever since the dawn of Matt's formmail.cgi, there has been people wanting to use your CGIs to send emails to people you didn't intend them to. MIME Injection attacks continue this tradition. They work by sending MIME headers in one of the form fields and following these by two new line characters. Providing the form field input is used by your script in the email headers (e.g. an email address supplied by the form used as the from: value) then this can result in your MTA thinking it has all the headers and everything after the two new lines is the body of the email.

An easy and effective way to make sure your script are safe from this sort of attack is to check the form data for MIME headers. I use a simple regex to do this and check any the form field that will be used in the email header with something like this in my scripts:
    my $regexp = '(bcc|cc|content-type|to|from)\s*:';
    foreach (qw(last_name first_name email)) {
        if ($input->{$_} =~ /$regexp/is) {
            warn Dumper($input);
            die;        
        }    
    }
Why would anyone put "to:" or "bcc:" or "content-type:" in a name or email address field on a web form? I can think of no legitimate reason, so I just log the form submission for bedtime reading and crash out. If I'm running under FastCGI, I don't die, I just return the thank you page and do nothing else seeing as killing off a script under FastCGI is a costly exercise in terms of resources to start it back up again.

Successfully reclaimed bank charges

By Robbie Bow on December 7, 2006 12:10 AM | | Comments (0)
Hurrah! I've just learnt that my bank have repaid me £2004.25 worth of penalty charges from the last six years banking with them. I heard that bank penalty charges were unlawful a while ago. I looked around for more information and found Money Saving Expert had the info I needed. That led me to the excellent Consumer Action Group which is basically a consumer support group with advice on how the law stands, how to go about reclaiming your money, and even has templates for letters and spreadsheets to get you through to success.
Continue reading Successfully reclaimed bank charges.

Optimizing MySQL

By Robbie Bow on December 6, 2006 5:57 PM | | Comments (0)
One of the best ways to speed up any system that relies on a database is to optimize the database. So that's what I did the other night for MySQL 5.0.24 running on a Windows box with a 3.2GHz processor and 2GB of RAM. The server uses a mixture of table types (InnoDB and MyISAM) and gets hit a lot with queries against tables that don't change an awful lot. The resultant my.ini config should give you some ideas on how to optimize MySQL in a similar situation

Protecting your PC against spyware, popups, diallers, viruses

By Robbie Bow on December 5, 2006 2:04 AM |
One of the most common problems friends ask me about is spyware, popups, diallers, viruses, trojans - all forms of "malware" (Malicious Software) having infected their PCs. My advice is to use a small army of anti-malware applications that between them can eliminate and prevent almost all of these problems. Here's what I recommend they use:

Comodo Personal Firewall

Free and reliable, this provides you with better protection than the standard Windows Firewall that comes with XP.

http://www.personalfirewall.comodo.com/

If however, you connect to the net via a router (e.g. a WiFi router) then chances are that has a built in firewall already and the majority of  inbound  attacks are blocked at that point before they even get to your PC. In which case you might opt to have no firewall switched on on your PC at all.

Avast! Anti-virus

If you don't have one that's up to date, you're in for trouble. Lots of people (including my dad much to my infuriation) don't keep their anti-virus (AV) up to date, mostly because they have one that you have to pay for and haven't paid for it. Avast! home is a free AV application that is easy to use, reliable and updates regularly. You need to register (provide basic contact details) to get a year long licence key and once you've entered the key into the application, that's it.

http://www.avast.com/eng/avast_4_home.html

McAffee, Norton, Sophos, Panda, TrendMicro, Kaspersky all produce good payware AV applications and if you're happy with them and paying for them, they're fine. I use Kaspersky at home as my main anti-virus application.

SpyBot

Okay, you're probably reading this because your PC is already infected and you need a cure. SpyBot is a free spyware disinfector. Run it a few times, immunize your system, run it every fortnight or month, and chances are it will solve your problem.

http://www.safer-networking.org/en/download/index.html

AdAware

Like SpyBot, this is a spyware disinfector. You can pay for extra bits or just use the basic free version. If SpyBot doesn't solve your problem, AdAware might do. Using both Spybot and AdAware increases your chances of destroying the pesky infection on your PC.

http://www.lavasoftusa.com/software/adaware/

SpywareBlaster & SpywareGuard

These two are preventative applications designed to stop spyware installing on your PC in the first place. They work by filling in the security holes that spyware uses, or "immunizing" your system, and secondly by monitoring for spyware trying to install in the first place. There's a small fee to have automatic updates for SpywareBlaster and I think it's worth it knowing that most people will forget to do the manual update regularly. That's up to you.

http://www.javacoolsoftware.com/products.html

With all those installed you'll be a lot less vulnerable. Happy hunting!
« November 2006 | Main Index | Archives | March 2007 »

Search

About this Archive

This page is an archive of entries from December 2006 listed from newest to oldest.

November 2006 is the previous archive.

March 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.1