The Hungry Hacker's Explanation of Everything

Home » Archive

Articles in the Security Category

Operating Systems, Security, Software »

[19 Sep 2007 | No Comment | ]

OpenBSD’s spamd – A lightweight spam-deferral daemon. Spamd works directly with SMTP connections, and supports features such as gray-listing. It minimizes false positives compared to a system that does full-body analysis. It is not a replacement for spam-filters, but an elegant method of segregating the spammers.
This HOWTO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ©2008 Strykar
The lowdown
I hate spammers; I mean …

Security »

[10 Dec 2005 | No Comment | ]

Cross-Site Scripting, or XSS for short, is a method used to compromise user access of a third party website in one manner or another. The actual result of the attack – ranging from session theft (you don’t log out, and the evildoer returns to the site using your credentials) to elaborate automated account hijacking – is unimportant for the purposes of this discussion. What’s important is the understanding that any small vulnerability (in either browser or web service) can easily be escalated into …

Security »

[18 Sep 2005 | 2 Comments | ]

Notice: This is an historic article, something on the order of a decade old now. Most of the information in here still holds true, but there may be some stuff that’s outdated – it’s archived simply because it was a popular article for many people.
foreword
this article is intended to be an almost complete guide to cracking and protecting websites which utilize the .htaccess/.htpasswd method for controlling access to data. it’s not intended to be a how-to guide for hacking websites. if you’re looking for a simple howto …

Security »

[16 Sep 2005 | One Comment | ]

Note: This is a historic article, kept around for archival purposes only. It’s probably still somewhat relevant, as it serves pretty well for a primer on social engineering – but don’t expect everything listed here to work without a little brain-work involved. Do not email us with questions about this article, unless you want to take the chance of being publicly ridiculed.
This is one of the most awful questions we ever get asked, and it generally happens about once a week. The reasons vary, but not as widely as you …