Zach Queal zQueal

Abstract

In the 24 years since the creation of the world wide web there have been many severe security failures that have resulted in the exposure of sensitive data to the general public or malicious third parties. Most notably is the recent HeartBleed bug for OpenSSL v1.0.1 -- 1.0.2--beta in which a would-be attacker is able to exploit the implementation of the TLS heartbeat extension, which was originally meant to be used for keep-alive messages between client and server, to retrieve sensitive data stored in memory up to and including the server's private key. Already, HeartBleed is being regarded as the single most significant security bug in the history of the Internet; mainly because it was undetected by the community at large for such an extended period of time. The emerging details of HeartBleed revealed that the community of developers who on or with projects which depend on OpenSSL are beginning to rethink their position when it comes to traditional security.

Discovery

The official position fro

The Fappening

Many times have I been personal party to a vehement discussion about password security. The general consensus is, is that they're outdated, and a replacement needs to be found because passwords are bad! Personally, I think that's total poppycock. Passwords are not outdated, however, the mentality surrounding them definitely is.

Currently, the world wide media is an uproar over an event, currently labeled as "The Fappening." A crude but arguablly appropriate title to a massive breach in security affecting high profile celeberties such as Jennifer Lawrence, Kate Upton, Avil Lavigne, Lea Michael, and McKayla Maroney. "The Fappening" is simply the exploitation of passwords to gain access to iCloud (cloud backup service specific to apple devices) in which important information such as pictures of an unsavory nature wer

About

For this instructional tutorial we'll be exploring the installation and setup of both WordPress v4.0 and the required MySQL database used to support it. However, sometimes we find ourselves in interesting situations which either necessitate or involve remote instances of a MySQL server or database. Quite simply, most of the time remote databases or servers are used for security purposes--specifically security through obscurity and not having all of your eggs in a single basket.

Important: Please ensure that you are correctly modifying usernames, passwords, hostnames and IP addresses to suit your needs. If you do not, this setup will not work correctly for you.

The Setup—LEMP

LEMP (Linux, Nginx, MySQL, PHP) is one of the most stable and widely used production/development environments available to developers. Anything Apache can do, Nginx can do much faster. This includes PHP proc

	server {
	listen 80 default_server;
	root /usr/share/nginx/html;
	index index.php index.html index.htm;

	server_name web.dev; # FQDN

	location / {
	try_files $uri $uri/ =404;
	}

	TRASH_DIR=~/.Trash # Set the Trash directory
	mkdir -p "$TRASH_DIR" # Create it if it's not already created

	trash() {
	# list trash dir if no arguments given
	if [[ -z $1 ]]; then
	if _bash_trash_is_empty; then # call _bash_trash_is_empty function, then
	echo "$TRASH_DIR: trash is empty" # return that the trash is empty
	else
	du -csh "$TRASH_DIR"/* # else list the contents of the trash directory

	<?php
	/**
	* Edit a Word 2007 and newer .docx file.
	* Utilizes the zip extension http://php.net/manual/en/book.zip.php
	* to access the document.xml file that holds the markup language for
	* contents and formatting of a Word document.
	*
	* In this example we're replacing some token strings. Using
	* the Office Open XML standard ( https://en.wikipedia.org/wiki/Office_Open_XML )
	* you can add, modify, or remove content or structure of the document.

	function btc --description 'show the current buy/sell price of btc based on Coinbase prices'
	http GET https://api.coinbase.com/v2/prices/buy \| jq '{buy: .data.amount}'
	http GET https://api.coinbase.com/v2/prices/sell \| jq '{sell: .data.amount}'
	end

	‰PNG


	IHDR @ „ ùMý¢ ™¦IDATxÚìÝ˜TUºîñöÎ¹÷ÌÓ¨%Š:£H%Fc@pÌŠ

	’“€€ä(9# 9 HlrÎ (˜ã`ÖÑñ8óÝýíªU¬Þ½w…®nh6ÿßó¼ÝÕ¡Šª²k×z÷Z+C B&ƒ» „

	: t(@ @èP€ €Ð¡ ¡C B‡ „
	: t(@ @èP€ €Ð¡ ¡C B‡ „
	: t(@ @èP€ €Ð¡ ¡C B‡ „

	function! s:plug_gx()
	let line = getline('.')
	let sha = matchstr(line, '^ \X*\zs\x\{7}\ze ')
	let name = empty(sha) ? matchstr(line, '^[-x+] \zs[^:]\+\ze:')
	\ : getline(search('^- .*:$', 'bn'))[2:-2]
	let uri = get(get(g:plugs, name, {}), 'uri', '')
	if uri !~ 'github.com'
	return
	endif
	let repo = matchstr(uri, '[^:/]*/'.name)