24 RESULTS IN TAG "no cover":

It was her first night, and she could feel the eyes watching.

Prelude I am a social animal, and would prefer to participate in any opportunity I get to interact, learn and share experiences. Whether that be a cafe, or a bar; underground or over the top! Now, recently I got to know about a meetup group 'Writers cafe' in Hong Kong, and voila! I joined them. Yesterday I attended their session for the first time, and I would like to share my work via this blog-post. To understand what we did there, here is a snippet from their page, We select a one sentence prompt at random and write based on...
Read More

DDOS, it's time to turn your toasters off

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites felt little sluggish. Anyways, this brings us to a number of question(s), Should I be surprised? I think NO. We knew this sh*t is coming. It's high time to check/ restrict your refrigerator, TV and lights for internet connectivity. Is there a silver bullet to beat this?I...
Read More

Custom URL Shortner in NodeJS

Recently I wrote an article on Ghost blog integration with a URL shortener (the dirty way). This is in sequence to it but with custom URL shortener running on my own machine. While most of this code is shared from codebyte article, I have enhanced it to serve three purposes, Authenticate using API Key Validate URL(s) or ID(s) for duplicate Response support in JSON or TXT format At present the setup is running with the following configuration, Backend is running on port X @ IP 127.0.0.1 so it has no reach from outside. NGINX webserver is...
Read More

Image Alignment within Ghost Blog CMS

Its around 2:00 AM, and before I call it a day (a long day), I thought to post a quick blog on custom image alignment in Ghost Blog Platform. Without further ado, as of Sep, 2016 Ghost doesn't support custom image alignments and ruling. It means all images in the blog are aligned default (none) and text breaks around it. Default Alignment It means the images are aligned with the page, and the text breaks around it. The text is above and below the image. Left Alignment (left float) It means the image is floating on the left side,...
Read More

Custom URL Shortening in Ghost Blog CMS

It's been 2 years and Ghost Blogging Platform is doing well and the downloads are going up. Kudos to the team. While the platform is doing good, we[1] are miles from reaching the point where we have apps, plugins and smooth migrations/ customisation etc. And in this blog I would mention one such thing which I personally like - URL Shortener(s); specially when we share the links over social media. I have had discussions with some people on Ghost Slack on it, and thought why not do some dirty coding ;) Oh yeah, but why dirty coding? The Ghost...
Read More

The infamous issue of target _blank code

This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What is "target="_blank"? If you have done the HTML coding you must be aware of the target=_blank when you write your links via href. As per definition[1], the target attribute specifies where to open the linked document. The issue is very much when it tells...
Read More

Digital Authentication and Password Rules by NIST

Passwords are important and it's no secret that we are bad in finding complex passwords during sign-up processes. The initial idea of OneID, or OAuth is not doing very well for the common user, and therefore people are registering on 100s of websites - commercial, social networks, banks etc. without managing well with password complexities. While the tools to crack 8-10 characters passwords are speeding up the process, people are still resenting to keep passwords more than 6 characters long with minimum complexity. Digital authentication is all around us and is exponentially accelerating with the advent of IOT devices. All...
Read More

Linux Issue with TCP ACK (Part 1)

A flaw in the Linux kernel[1] used since late 2012 allows adversaries to inject malicious traffic, without MITM. In a Wednesday presentation at the USENIX Security Symposium researchers showed that this flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. In their research paper - Off-Path TCP Exploits: Global Rate Limit Considered Dangerous, the researchers document possible use cases, and attack scenarios on how this global limit be exploited to perform connection drop and/or injection attacks. With so much buzz in the world, I will attempt to cover some network 101201 basics on...
Read More