With the proliferation of smartphones that support powerful cameras, it’s not surprising to see an increase in the number of iPhoneographers worldwide. If you’re a camera enthusiast looking for a way to use both devices on your next shoot, read on. We’ll provide you with the steps in using your iPhone 5S to control your DSLR with the help of CamRanger.
Read the full story »
I attended a SecTalks meetup last night which talked about the dangers of Content Delivery Networks being compromised (CDNs).
Lots of websites source their javascript and css resources from CDNs to improve their website’s performance. Examples of CDNs are jquery, bootstrap, google api and Amazon S3.
This implicit trust of external/third party resources can put those websites at risk of being compromised, even without those web servers being hacked.
Well through the CDN being compromised, the website might be sourcing infected javascript files with malicious code (such as keyloggers) or with css stylesheets that can deface your website.
A well known example of this sort of attack was when Reuters’ website got hacked back in 2014 and had their website redirected to somewhere else. Reuters itself wasn’t hacked, but the CDN it used was.
A recent W3C specification, Subresource Integrity (SRI), allows websites that include javascript to stop working if that file had been modified. This allows websites to benefit from the performance gain of using CDNs without the fear that a CDN compromise can harm their website.
This can be done using the integrity attribute. See examples below.
The value of the integrity is basically the hash of the file. Currently the supported hash functions are SHA-256, SHA-384 and SHA-512.
You can run the sha256sum, sha284sum or sha512sum command on a terminal to generate the hash.
Alternatively, there are websites which does the same thing too, such as the SRI Hash Generator. However with this option, it might lead you to ask how you can trust that those SRI generator websites aren’t compromised themselves.
On top of that some common CMS have plugins for doing SRI, such as the WordPress SRI manager plugin.
The specification is currently only supported on Firefox, Chrome and Opera. So those using Internet Explorer and Safari don’t currently benefit from SRI.
However looking at the recent browser statistics, those three browsers make up for almost 90% of the browser market share.
SRI allow websites to enjoy the performance benefits of using CDNs and give companies peace of mind that the content they are using have not been compromised.
Mac OS have case preserving and case insensitive file systems. This little handy tip will talk about that does that mean and also mention the gotchas from having such a file system and what can be done to prevent it.
If you try to create a generic array in Java, you will notice that it will throw an error. Here’s how to get around that.
Have your Facebook posts and updates been getting less attention than it used it? Well Facebook has gone through a number of changes and it has changed the way it determine what posts appear on each individual user’s news feed. This three part article series will explain to you how Facebook determine what posts gets displayed on which individual’s news feed.
Have your Facebook posts and updates been getting less attention than it used it? Well Facebook has gone through a number of changes and it has changed the way it determine what posts appear on each individual user’s news feed. This three part article series will explain to you how Facebook determine what posts gets displayed on which individual’s news feed.
This article is a howto for setting up your server to use the RTC (Real-time Clock) alarm to have your Linux box automatically shutdown and boot up at a given time each day.