I have a situation where I’m able to download a CPAN module distribution, but I’m behind a firewall and I therefore can’t install the module using the cpan installer. The recommended offline solution is to use the CPAN Mini Mirror. But that presents the same problem: It expects to have Internet access.
The solution is simple – don’t use the CPAN installer! Just do the Makefile yourself. Here is how I installed the Test::Class module:
tar xzf Test-Class-0.37.tar.gz cd Test-Class-0.37 perl Makefile.PL make make test make install
If you can’t do it the easy way, don’t forget you can do it the “Old School” way!
Categories: Perl Webmastery Tags:
My son Jakob Barnard recommended the NextGEN plugin for WordPress. If you’re pressed for time in learning to use it, I recommend you find a tutorial via Google. I found
- NextGEN Gallery Tutorial for Beginners, with nicely done screen shots by WordPress Ninja
- NextGEN Gallery Tutorial, a video by Taking Aim Marketing
The WordPress Ninja tutorial gave me a great overview of what the workflow is in setting up a gallery. The video tutorial was well worth the additional 12 minutes. The author takes the time to generate errors and show how you see what is going wrong. Very helpful!
Having just put up my own first NextGEN gallery, I have additional tips for you.
Fix For NextGEN Gallery Slide Show Not Working
A google search showed numerous complains that the Slide Show feature was not working. Answers included conflicting plugins and Go Daddy hosting. My solution was quite simple: Work your way through all of the NextGEN settings! I’ve gotten spoiled by all the great plugins out there and have begun to expect everything to work well enough “out of the box.” Wrong answer! Read more…
I find Apple’s Time Machine backup system to extremely annoying. After five years, it finally paid off!
Hard Drive Failures Do Happen
To be sure, when my MacBook hard drive failed four years ago, restoring from backup was extremely easy. Getting the hard drive replaced was, in theory, easy. I went to the Apple store at the Mall of America and they replaced it under warranty. Unfortunately this was the same weekend the iPhone 3G was released. We spent all day waiting for the hard drive replacement!
But once I got my MacBook home, I plugged in the backup hard drive, which is maintained by the Time Machine backup system, and it restored everything from there. I lost up to four hours’ worth of email, but absolutely everything else was preserved. Nice!
How does Time Machine work and why do I find it so annoying? Read more…
Today I upgraded the The Strong Family Association of America, Inc. theme. I use Atahualpa, and it’s been years since I updated the theme. I needed to move my favicon and logo from theme folder atahualpa333 to atahualpa. Fortunately, the theme carried my options forward to the new version.
Here is a hint: Turn on Firebug and let it tell you what images are broken or missing!
I found that the sticky note graphic was missing. Here is the fix: Go to the Atahualpa theme options. Click on the section Style POSTS & PAGES. The second section is POST Container: STICKY. There is a space in the background image url. For my site, it reads:
background: #eee url(‘http://strongfamilyofamerica.org/wp-content/themes/atahualpa /images/sticky.gif’) 99% 5% no-repeat;
Whereas it should read:
background: #eee url(‘http://strongfamilyofamerica.org/wp-content/themes/atahualpa/images/sticky.gif’) 99% 5% no-repeat;
The problem is that pesky space after atahualpa and before /images/sticky.gif. Remove the space, save your settings, and you’re good!
I have been trying out the SearchStatus plugin for the past week, and I like it! It’s been several years since I watched Google PageRank for our Web sites. Google Page Rank is important, but it tends to be invisible. The higher your Page Rank, the more likely you are to show up in Google search results.
SearchStatus sits on the bottom row of your FireFox browser. It shows Google PageRank, Alexa site rank, and has a little icon you can click for a large number of features such as seeing what sites link back to you, keyword density, etc.
There is even a short 4-minute YouTube demo showing how to use the plugin. It’s well worth the four minutes:
Eclipse is a programmer’s text editor originally developed by IBM.
When you try to install and launch the Eclipse IDE (Integrated Development Environment) on Windows 7, it may tell you that it can’t find Java or JRE (Java Runtime Environment). After you install Java from http://www.java.com/ it may STILL tell you that it can’t find Java or JRE.
Here is the secret: If you are running 64-bit Windows 7, you will need to install BOTH 32-bit and 64-bit versions of Java. You can get the Java downloads here. The problem is that Eclipse (or the Yoxos Eclipse installer) do NOT tell you that you need both, or what the problem is. They only tell you that they can’t find Java.
You really have three problems: The sharks, the crackers, and the exploiters.
First, you need to keep the sharks out. Once a live password has been posted for your site, the feeding frenzy kills your server, and you’ll be stuck with the bandwidth bill. So, given that your passwords have already been cracked, you must protect yourself from the freeloaders trying to get in. Your financial survival depends on it. (Several companies offer excellent shark-protection services.)
A good password-choosing policy will keep the crackers from feeding the sharks. It’s that simple! The master crackers themselves confirm that they depend on people (including billing companies) using poorly-chosen passwords. When the passwords become uncrackable, they must either find another way in, or intercept them as plain text. (We’ll discuss a possible password-choosing policy below.)
The exploiters are a very different situation. The exploiters are what we mean by “hackers” in the traditional sense of the word. All software has weaknesses, and those weaknesses can be found. Read more…
Exploiting fits into two stages:
- Finding the security hole (called scanning for exploits)
- Using the security hole (called exploiting)
Scanning is easy. Pick a paysite and run through a list of URLs which might be interesting. You can download your own scanning program for free. You can do the same with other peoples’ URL lists. You’re supposed to then shorten your list to include only URLs that you personally know how to exploit. If you’ve noticed a bunch of weird off-the-wall URLs in your server logs from time to time, you’ve seen people scanning your site for exploits. You can safely ignore the scanning – unless they find something.
What they found, with the information necessary for its use, is called an exploit. Exploiters post lists of working exploits on the hackers’ boards, the same as crackers post lists of working passes, as a means of sharing information. At the same time as the sharks are using the passes, the other crackers are adding those passes to their John the Ripper word list. Read more…
The next step would be to apply your skill and experience to the specific password file at hand. If you know all passwords are eight random digits, for example, you can search accordingly. John the Ripper has its own programming language wherein you can tell it what approaches to take.
Suppose you have managed to crack a few passwords, and discover that when the username is firstname.lastname, the password is first initial followed by last name followed by 1-5 random digits. You can crack the rest of the file almost instantly! Tell John the Ripper to keep the first letter, drop everything up to the dot, drop the dot and keep everything following the dot.
With a bit of experience, you can make this example even simpler. Many paysites use standard unix-type passwords, called DES encryption. Only the first eight characters of the password are encrypted! So, to use the example above, if the person’s last name is seven characters or more, you know the password. No guessing is needed.
Do you see why this is so? The password (according to our assumed rules) is first initial followed by last name followed by digits. But… only the first eight characters are used. So, if the name is seven letters or longer, all the leftover characters (including all the digits) are ignored. So far as the paysite is concerned, the password is that person’s initial followed by the first seven characters of their last name.
In the same way, if the person’s last name is six characters, you need only try adding a single digit. That gives you a mere ten possibilities to try. Even if the last name is a single character, you only have a hundred thousand combinations to try. Since John the Ripper can run millions of trials per second, the worst possible case will still have you seeing dozens of passwords cracked per second. Read more…
«Ï» çÅñ H@Çk ¥°Ü·
What the hackers do, and how to keep them from doing it
The Making of a Hacker
Picture, if you will, a parasite that calls itself an “immunity tester.” Our immunity tester travels from host to host, “testing” to see if it can feed off that particular host. When the feeding is good, our parasite tosses a few chunks of meat in front of the sharks. The feeding frenzy begins.
You’ll know the feeding frenzy when it happens. You’ve been hit by the password traders. Unless you have frenzy protection, your bandwidth use will go through the roof. Someone needs to pay that bandwidth bill – but it won’t be the sharks or the parasites.
In spite of the feeding frenzy, our parasite is a responsible parasite. He’s careful to not destroy or otherwise damage the host. Sure, he starts the feeding frenzy, but the frenzy itself is not his concern. He’ll add one or two passwords to your members area rather than two hundred. Two hundred might get noticed.
If he’s cracked hundreds of your passwords, he’ll only post a few at a time for the sharks. You’ll focus on the few without realizing that hundreds are known. As our parasite trickles out the “fresh” passes, he remains a hero for continually doing such great work.
Almost every hacker board calls itself the top resource for “security testing.” They are “educational” in nature, and not for profit. If you’re a webmaster, you can ask the board owner to remove all references to your site from their board – and they will. Read more…
Categories: Web Site Security Tags: