SiteCrafting, Inc.

Stefan over at Suspekt brought up some interesting security vulnerabilities based on MySQL's column truncation tendencies (when not in strict mode), so I thought I'd add my own to the pile, this one right in the grant tables.

MySQL's user table restricts user names to 16 characters (and hosts to 60). Any attempt to create a user with a longer login results in an error. However, unlike Stefan's example where a field is compared, then truncated and then inserted, MySQL actually truncates a login attempt before processing it.
Read more →

No matter how protected your website may be, sometimes you still need a helping hand when an accident happens. Delete a page while fumbling with FTP? Someone else in your office write over your work on a webpage? Heck, maybe your entire site is down! Google Cache may be able to help.

Read more →

When meeting with prospective new clients, we tell them that SiteCrafting uses PHP and MySQL as the development platform. Invariably this leads some of them to ask us what PHP and MySQL are and if they are safe and fast. Sometimes, this can lead to interesting conversations, where we explain to them why we think PHP and MySQL are safe and fast.

Occasionally, there's a client who remembers reading an article 4 or 5 years ago about PHP 3 having some security issues. We refer them to current articles on PHP and mention our own experiences, but the latter argument can come across as "Because we say so," which isn't a good way to get the point across.
Read more →

I've been a Facebook user for quite some time - even before they had the facebook.com domain. One thing that I absolutely love about it is the control they give you to limit what other people see about you. I've adopted a very serious set of controlls that limits only people I actually know to see anything about me. However, this is a false sense of security. Everything I post online that anyone besides me can access is inherently public. This is what initially drew myself and countless other people to Facebook.

However, their new advertising platform - Beacon - throws all this out the window. Beacon is a system that allows Facebook to track what you do on other websites. Let me reiterate that: Facebook tracks what you do online. They don't just track what you say you like on your profile, for example what movies you like; with Beacon they can track what movies you're actually renting.

Read more →

It begins with a letter or maybe even an "invoice". It ends with the transfer of your domain to another registrar and in some cases even the loss of your domain entirely.  The term for this is Domain Slamming.

The practice preys upon unsuspecting people who want to pay their bills and keep their domain names current. After all, we have our domain name printed on every invoice, business cards, painted on our trucks, and we advertise with Google Adwords, we don't want our domain to expire. This is exactly what they count on. 

Read more →