HEADLINES
ARTICLES
Custom URL Shortner in NodeJS
Recently I wrote an article on Ghost blog integration with a URL shortener (the dirty way). This is in sequence to it but with custom URL shortener running on my own machine. While most of this code is shared from codebyte article, I have enhanced it to serve three purposes,
Continue Reading
Image Alignment within Ghost Blog CMS
Its around 2:00 AM, and before I call it a day (a long day), I thought to post a quick blog on custom image alignment in Ghost Blog Platform. Without further ado, as of Sep, 2016 Ghost doesn't support custom image alignments and ruling. It means all images in...
Read More
Custom URL Shortening in Ghost Blog CMS
It's been 2 years and Ghost Blogging Platform is doing well and the downloads are going up. Kudos to the team. While the platform is doing good, we[1] are miles from reaching the point where we have apps, plugins and smooth migrations/ customisation etc. And in this blog I...
Read More
The infamous issue of target _blank code
This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What...
Read More
Digital Authentication and Password Rules by NIST
Passwords are important and it's no secret that we are bad in finding complex passwords during sign-up processes. The initial idea of OneID, or OAuth is not doing very well for the common user, and therefore people are registering on 100s of websites - commercial, social networks, banks etc. without...
Read More
Linux Issue with TCP ACK (Part 1)
A flaw in the Linux kernel[1] used since late 2012 allows adversaries to inject malicious traffic, without MITM. In a Wednesday presentation at the USENIX Security Symposium researchers showed that this flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. In their research paper...
Read More
Lessons from LinkedIn DB Breach
We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can...
Read More
NIST view on Cyber Threat Information Sharing
Reference: 800_150_Draft Document Note: This article summarizes the draft paper, and may contain snippet(s) from it. I love you NIST (National Institute of Standards and Technology). I admire the contribution and knowledge available @NIST and we all have gained a lot from these standards. Now, when I...
Read More