Monthly Archives: April 2014

Heartbleed OpenSSL – Where to change or not the passwords

April 10, 2014Sh*tsPF

Change these passwords now (they were patched)

Google, YouTube and Gmail
Facebook
Yahoo, Yahoo Mail, Tumblr, Flickr
OKCupid
Wikipedia

Don’t worry about these (they don’t use the affected software, or ran a different version)

Amazon
AOL and Mapquest
Bank of America
Capital One bank
Charles Schwab
Chase bank
Fidelity
E*Trade
HSBC bank
Microsoft, Hotmail and Outlook
PayPal
PNC bank
Scottrade
TD Ameritrade
Twitter
U.S. Bank
Wells Fargo

Don’t change these passwords yet (still unclear, no response)

American Express
Apple, iCloud and iTunes
Citibank
LinkedIn

Protect your Server Against the Heartbleed OpenSSL Vulnerability

April 10, 2014LinuxHeartBleed, opensslPF

Update your System

PLEASE NOTICE: Backup all your system before big updates!

Ubuntu and Debian

sudo apt-get update
sudo apt-get dist-upgrade

CentOS and Fedora

yum update

Checking your Version Numbers

Debian and Ubuntu Releases and Fix Versions

dpkg -l | grep "openssl"

Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
Ubuntu 12.04: 1.0.1-4ubuntu5.12
Ubuntu 12.10: 1.0.1c-3ubuntu2.7
Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
Ubuntu 13.10: 1.0.1e-3ubuntu1.2

Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
Debian 7 (Wheezy): 1.0.1e-2+deb7u6
Debian testing (Jessie): 1.0.1g-1
Debian unstable (Sid): 1.0.1g-1

If you are using Ubuntu 13.04 its HIGHLY RECOMMENDED for you to upgrade your version.
PLEASE NOTICE: Backup all your system before big updates!
Check for your OpenSSL version
dpkg -l | grep “openssl”

Check for your Ubuntu version
lsb_release -a

root@localhost:~# dpkg -l | grep "openssl"
ii libcurl4-openssl-dev 7.29.0-1ubuntu3.4 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libgnutls-openssl27:amd64 2.12.23-1ubuntu1.1 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1c-4ubuntu8.2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools
root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 13.04
Release: 13.04
Codename: raring

CentOS and Fedora Releases and Fix Versions

rpm -q -a | grep "openssl"

CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
CentOS 6: openssl-1.0.1e-16.el6.5.7
Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
Fedora 19: openssl-1.0.1e-37.fc19.1If your OpenSSL Fedora version number doesn’t ends in .1 you are vulnerable!

Check for your OpenSSL version
rpm -q -a | grep “openssl”

Check for your Ubuntu version
cat /etc/redhat-release

[root@stream4 ~]# rpm -q -a | grep "openssl"
openssl-1.0.1e-16.el6_5.4.x86_64
[root@stream4 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

Revoking and Reissuing your SSL Certs/Keys

regenerate your certificate using a new private key

create new key and then create the certificate or send CSR to certificate authority issuer to create the new certificate

replace the old certificate and start using the new ones.

Continue reading Protect your Server Against the Heartbleed OpenSSL Vulnerability →

Dreamhost HeartBleed – infected?

April 10, 2014DreamhostHeartBleed, openssl, panelPF

Dreamhost Forum

Hello There, We can confidently let you know that our shared servers and VPS guests are NOT vulnerable to it since they run Debian Lenny and/or Squeeze . The most common version of OpenSSL on our network is 0.9.8o-4squeeze14. “HeartBleed” vulnerability in OpenSSL’s heartbeat module in versions 1.0.1 and 1.0.2-beta

Cheers!
Matt C

From https://discussion.dreamhost.com/thread-140702-post-174286.html#pid174286

Dreamhost Status

As soon as we learned of the “Heartbleed” OpenSSL vulnerability, we began to patch any and all systems that it may have affected. Fortunately this was a very small subset of our systems and was mostly isolated to a small group of mail machines. As of early yesterday, all of our systems are patched. As a preventative measure, we are also re-keying the certificates on any systems with that bug. We have no reason to believe that any of those machines have been compromised, but in the interest of proactive security, we feel that changing SSL certificates is the best option.

DreamHost.com was not vulnerable, but the machines that redirected traffic to our actual site were. This was corrected quickly and those machines will also have their certificates re-keyed.

We can confidently say that our shared servers, VPS guests, and dedicated machines are NOT vulnerable to this issue because they run Debian “Lenny” and/or “Squeeze”. The most common version of OpenSSL on our network is 0.9.8o-4squeeze14, and the “HeartBleed” vulnerability in OpenSSL’s heartbeat module exists in versions 1.0.1 and 1.0.2-beta.

If you have any questions or concerns, please don’t hesitate to contact our support team.

OpenSSL Security Advisory [07 Apr 2014] – TLS heartbeat read overrun

April 10, 2014Linuxheartbeat, openssl, securityPF

OpenSSL Security Advisory [07 Apr 2014]
========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <[email protected]> and Bodo Moeller <[email protected]> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

PHP – Find uppercase/capitalized word in a string

April 9, 2014PHPcapitalized, strtoupper, uppercasePF

The funcion, using preg_mat_all

function getCapWords($string)
{
 preg_match_all('/\b[A-Z][a-zA-Z]*\b/', $string, $matches);
 return $matches[0];
}

Now the test and action!

$words = getCapWords(@string);
$words = array_unique(@$words); 

foreach ($words as $palavra)
 if ( $palavra == strtoupper($palavra)
 { echo 'uppercased word'; }

How to test server speed in your console/terminal

April 9, 2014Linuxspeed, speedtest, testPF

This is how!

wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py
chmod +x speedtest-cli
./speedtest-cli

This are what results might look like

[root@stream4 ~]# ./speedtest-cli
Retrieving speedtest.net configuration...
Retrieving speedtest.net server list...
Testing from Fundacao para a Ciencia e a Tecnologia (193.137.171.XX)...
Selecting best server based on ping...
Hosted by Vodafone PT (Porto) [56.28 km]: 12.239 ms
Testing download speed........................................
Download: 80.28 Mbit/s
Testing upload speed..................................................
Upload: 80.26 Mbit/s

MySQL: delete a row ignoring foreign key constraint

April 4, 2014Sh*tsconstraint, delete, fails, foreign, ignore, key, mysqlPF

Cannot delete or update a parent row: a foreign key constraint fails

DELETE IGNORE FROM `database`.`table` WHERE `table`.`tableId` = 16 LIMIT 1;

The IGNORE keyword causes MySQL to ignore all errors during the process of deleting rows. (Errors encountered during the parsing stage are processed in the usual manner.) Errors that are ignored due to the use of IGNORE are returned as warnings.

http://dev.mysql.com/doc/refman/5.0/en/delete.html

masonry – images stacked/overlapped on each other

April 3, 2014Sh*tsimagesLoaded, masonry, overlapped, stackedPF

Masonry is a JavaScript grid layout library. It works by placing elements in optimal position based on available vertical space, sort of like a mason fitting stones in a wall. You’ve probably seen it in use all over the Internet.

I had to use imagesLoaded to solve my problem

jquery.imagesloaded
//cdnjs.cloudflare.com/ajax/libs/jquery.imagesloaded/3.0.4/jquery.imagesloaded.min.js

$('.gallery-masonry').imagesLoaded( function(){
 $('.gallery-masonry').masonry({
 itemSelector: '.item',
 isAnimated: true,
 isFitWidth: true
 });
 });

Light Table

April 2, 2014Utilitieseditor, ide, LightTablePF

Light Table is a new interactive IDE that lets you modify running programs and embed anything from websites to games. It provides the real time feedback we need to not only answer questions about our code, but to understand how our programs really work.

Random Key Generator

April 2, 2014Utilitiescodigniter, generator, keys, passwordPF

Random Key Generator

Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. – all randomly generated, just for you! Simply refresh this page for a completly new set of keys.

It generates

Continue reading →

digitalwhores.net

yet, another geek blog