Arnold’s wor(l)ds

If you have a system where users can subscribe and choose there own passwords, you are probably a target for brute force attacks like a dictionary attack. You can limit this problem by showing user how strong their password is. However forcing users to enter a really strong password will annoy them, since they like something they can remember.

Another way wall you can put up is blocking an IP address for a few minutes upon a number of login failures. This is not a waterproof protection, but the hacker now requires a botnet to perform the brute force attack. To rent a botnet is quite expensive and to create one is quite difficult, so your average script kiddie doesn’t have one of those. So based on the data you’re protecting this should be a decent defense.

Setting up this defense isn’t difficult. I’ll show an example how to do this with APC.
Continue Reading »

I’ve just used Yahoo Pipes for the first time, creating an RSS feed of DZone articles with everything a Web2.0/PHP developer might like to see. Half the articles are about Java or Ruby, so you will have less crap to go through when trying to stay informed.

http://pipes.yahoo.com/pipes/pipe.run?_id=VpIdIkp43BGAK5q4zKky6g&_render=rss

The iPhone only plays well with iTunes and not with other Music Players like Amarok. However after hacking the iPhone, there is a way around this. When OpenSSH is installed on the iPhone, we can use sshfs to mount the filesystem of the iPhone on our PC and copy the music.

This article assumes your working with Ubuntu (or Debian), but it’s almost similar for other distributions.
Continue Reading »