If you would like to use same PHP code to handle both AJAX and non-AJAX requests, here is a quick and simple trick that you can use to check if the incoming request is AJAX. For our trick we will use a HTTP header called HTTP_X_REQUESTED_WITH. It is supported by all modern browsers that support AJAX. Therefore, it should work in 99% of cases.Continue reading
On Monday April 24, 2017 the HipChat Security team has advised their users that there was a security incident detected which affected a server in the HipChat Cloud. The incident lead to a leak of some account information such as names, email addresses and hashed passwords. For a small number of instances (less than 0.05% according to HipChat), messages and content in rooms may have been accessed too.
HipChat automatically reset user passwords for those accouts that they believe were affected and some users were asked to update their passwords manually.
In their statement the HipChat team assured that no other of Atlassian services were affected:Continue reading
In 2016-2017 pretty much all media were talking about hacking that happened during the US presidential campaign (did it actually happened or not - that's a different story). You can see many articles in the Internet and in paper books about how it is important to have a strong password. Seems like everybody should know this now. However, security professionals regularly meet passwords that are ridiculously unsafe.
Guys from Keeper Security, authors of the Keeper Password Manager, have compiled a list of the most commonly used passwords involved in data breaches in 2016. According to this blog post, these unsafe passwords are using in about 50% of 10 million password that were analyzed! Mostly, there are no surprises. People still use passwords like "password", "123456", "qwerty", etc. Nevertheless, there are some interesting examples such as “18atcskd2w” and “3rjs1la7qe”. Those passwords seem relatively strong, right? It seems like those passwords were created by bots for spam or flood activities and those passwords were used over and over in different sites.Continue reading
There was an interesting news just in the end of January 2017.
On January 31th, 2017 Gitlab accidentally deleted their production database (git repositories were not affected though).
What happened. For some reason, replicatation started lagging (PostgreSQL). One of the Gitlab employee some tried to fix the problem by playing with different settings but it did not help. Then, at some point, that employee decided to delete everything and rebuld the replica again. He (or she) tried to delete the folder with the replica data, but mixed up servers and removed the folder on the master (rm -rf on did db1.cluster.gitlab.com instead db2.cluster.gitlab.com).
It could have been not as bad but they realised they had no backups:Continue reading
First time I heard about Docker was beginning of 2016. Finally, I got a chance to try Docker in "wild nature".
One of the most common things you might need from time to time is to stop or remove all your Docker images in one shot. Here are some simple and useful commands to stop or remove all of Docker containers.
Before deleting Docker containers we need stop them:
$ docker stop $(docker ps -a -q)
Now, when our Docker containers are not running, we can delete them:
$ docker rm $(docker ps -a -q)
Also there is a nice untility to clean your Docker images, volumes and networks. It's called Docker Clean.
Recently, I have searched for a an online service that suggests available domain name by keywords. I was really impressed by one website that I found.Continue reading
Yesterday received into my Gmail inbox a couple of SPAM messages with animated email subject! Didn't it's possible, have never seen it before...
From very first look it seems like a big secirity whole in gmail!
News agencies reported yesterday and today that a group of Russian hackers has stolen a huge number (1.2 billion!) of usernames and passwords using a botnet. This is apparently could be the largest collection of stolen user credentials in the history (if this fact is actually truth).
According to the news, the theft was discovered by an american security company called Hold Security. They did not disclose exactly what web sites have been attacked, but it was mentioned that it is a number of websites from small to big ones.
I am scratching my head trying to understand two things: 1) How did they discover this theft? 2) How do they know that it was Russian group of hackers?Continue reading