PHPSecInfo
The PHP Security Consortium has release v0.1.1 of their PHPSecInfo tool. From their website: The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.As PHPSecInfo doesn't provide any new information, at least with this release, I see it as a useful tool for the one's that are not very familiar with php and only want to set up some downloaded scripts on their own web server. What I'd like to see in upcoming versions is a LOT more verbosity. Explaining the settings in depth and giving advices on secure programming linked to some of the settings they test (like input validation without
magic_quotes_gpc, handling globals with globals off etc.)
Poor Man's Website Monitor
OpenACS is providing uptime, a simple website availability monitoring service, since 1997 and it's free! Free from ads and free from overloaded graphics (actually quite naked). It just works. :)
You can set up monitoring for your website in five minutes.
You can set up monitoring for your website in five minutes.
- create a text file "uptime.txt"
- add the word "success" on the first line
- upload it to your webserver (usually the root of your website)
- add your url and complete the form with your e-mail, name and a password
- done
The uptime.txt will be requested about every 15 minutes, if the file is not reachable you will get an e-mail warning. Uptime will still try to reach your site every 15 minutes and e-mail you again, as soon as the file is reachable again.
Although there may be tons of reasons why Uptime can't reach your website other than your website actually being down, it's still a handy service to get an idea of the service availablity, especially on (shared) hosting.
Can you see the difference?
Which one of those logos is Web 2.0 compliant?
No! It's the one on the right! ;) there are about 3.5 years between them. I wonder if there is another website, which is in "beta" since April 2003 - let me know if you know one! (and yes, I should have updated my site since ages. Oh, well...
Upgrade your Logo to Web 2.0 - found via Matthias.
No! It's the one on the right! ;) there are about 3.5 years between them. I wonder if there is another website, which is in "beta" since April 2003 - let me know if you know one! (and yes, I should have updated my site since ages. Oh, well...
Upgrade your Logo to Web 2.0 - found via Matthias.
blog.ch re-launched
We are supporting blog.ch in creating a new community with the latest and greatest LifeType 1.1 (check out this flash movie for previews of new features).
While we are still bug hunting, the new version is already very stable and usable and blog.ch is probably the first big fast growing blog community providing their users free weblogs powered by LifeType 1.1.
BTW: For those interested in reading some feedback about the newly released blog.ch you may follow the discussion on Matthias Metablog
While we are still bug hunting, the new version is already very stable and usable and blog.ch is probably the first big fast growing blog community providing their users free weblogs powered by LifeType 1.1.
BTW: For those interested in reading some feedback about the newly released blog.ch you may follow the discussion on Matthias Metablog
LifeType News
There's an article giving a little review of the first LifeType meeting. And while we are still working hard on the release of version 1.1, another security update has been released.
Phishing for Postfinance (Part 2)
They are phishing for Postfinance logins again. And although the e-mail looks much nicer this time, they still have too many typos in it. ;-)
Another not so clever idea they had, was to use port 8081 for all their links, be it for the logo (yes, they didn't link it from the original site, but from their phishing server!) or the phishing URL (http://219.163.9.224:8081/index.php?email=plog@hu-gi.to [modified email domain]) itself. According to a whois query the ip range belongs to an ISP from tokyo: (More)
Another not so clever idea they had, was to use port 8081 for all their links, be it for the logo (yes, they didn't link it from the original site, but from their phishing server!) or the phishing URL (http://219.163.9.224:8081/index.php?email=plog@hu-gi.to [modified email domain]) itself. According to a whois query the ip range belongs to an ISP from tokyo: (More)
LifeType 1.0.5 - yet another security update
24 hours after the first SQL Injection vulnerabiltiy was reported, the development team released version 1.0.5, hopefully the last release before the shiny new version 1.1 is out.
Speaking of the new version: If you don't have the time to try one of the nightly builds, you may want to have a look at this LifeType 1.1 preview. It shows the impressive usability improvements in version 1.1. The beta testing will start soon, so keep an eye on announcements - either here or at lifetype.net.
Speaking of the new version: If you don't have the time to try one of the nightly builds, you may want to have a look at this LifeType 1.1 preview. It shows the impressive usability improvements in version 1.1. The beta testing will start soon, so keep an eye on announcements - either here or at lifetype.net.
