jimmahdigital.com

• Home
• About

Macs don’t get viruses? Think again

Posted by James | Filed under Geek, Security

Oh how the PC users have longed for this day. One of Apple’s main (and much trumpeted) marketing points being that Mac is practically virus free, many have held the view that this stems largely from Macs (and OS X) being less prominent on the market than Windows-based PCs.

As a long time PC user, I cannot deny that I consider some of the applications in Windows a security train wreck (*cough* IE6 *cough*), but I do agree that the myth about Macs being immune to viruses is overrated to some degree.

Now, many reports say that some pornography sites hold a Mac trojan pretending to be a video codec.

Granted, this is not the first Mac trojan nor the first Mac malware. But, this one seems to be particularly nasty.

Named OSX.RSPlug.A, it appears to Mac users as they’re lured into thinking they’re viewing a video, and acts as a necessary video codec. The computers of users who proceed with the installation will be infested by a DNSChanger that hijacks web requests sent to eBay, PayPal and several online banking websites. Not nice.

Tags: internet, mac, osx, Security, trojan, virus

Read more | Comments (5) | November 1st, 2007

Protecting against SQL injection attacks

Posted by James | Filed under Code, Geek, Web

SQL injection is a serious concern for web developers, as an attacker can use this simple hacking technique to gain access to sensitive data and/or potentially cripple your database. If you haven’t secured your applications, get familiar with the following method and grind it into your coding routine!

I’ve read a lot of guides, and they seem to tend to overcomplicate this, so I’ll be as straight forward as possible. In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable. Take a look below at the example of what to do and what not to do.

// This is a vulnerable query. $query = "SELECT * FROM products WHERE name='$productname'"; mysql_query($query); // This query is more secure. $query = sprintf("SELECT * FROM products WHERE name='%s'", mysql_real_escape_string($productname)); mysql_query($query);

Another safe way of performing MySQL queries in PHP is to use the included mysqli library (you can read up on all the functions at http://php.net/mysqli):

$name = $_GET[’product’]; $db = new mysqli(”localhost”, “user”, “pass”, “database”); if ($stmt = $db->prepare(’SELECT price FROM products WHERE name = ?’)) { $stmt->bind_param(’s’, $name); $stmt->execute(); $stmt->bind_result($price); $stmt->fetch(); echo ‘The product costs $’, $price, ‘.’; $stmt->close(); } $db->close();

The most important part of protecting yourself is stopping users from being able to pass unaltered database manipulative special characters, like single quotes.

MSDN - SQL Injection Article
Wikipedia - SQL Injection
SecuriTeam - SQL Injection Walkthrough
SitePoint - SQL Injection Attacks, Are You safe?

Tags: mysql, php, programming, Security, sql

Read more | Comments (0) | October 31st, 2007

Twitter

• Is it coz i'm gettin old i don't like music played from a mobile phone, or because its incredibly irritating? 20 hours ago

Categories

Select Category Code  (19) Data Portability  (1) Events  (2) Future  (20) Geek  (39) Linux  (1) Mobile  (7) Music  (4) Open Source  (2) Play  (6) Privacy  (5) Search  (1) Security  (3) Semantic  (5) Social  (5) Tube  (4) Uncategorized  (1) Web  (48)

Tags

.net 2008 analytics android api business conference dataportability development digg drm facebook firefox firefox extension fowa functional future of web apps gdrive Geek google html5 ie8 java javascript microsoft Mobile mozilla Mozilla Firefox Music mysql nin nine inch nails opensocial Open Source Privacy programming research Security semantic web trent reznor video Web web applications yahoo youtube

Blogroll

• Dave Mills
• ElectricBiro

Meta

• Register
• Log in
• Entries RSS
• Comments RSS
• WordPress.org