Firesheep Should Be A Call To Arms For System, Network & Web Admins

Author Archives: Dave

Dave Drager+ is the VP of Technology Development at Razor Servers. He has written previously for the blogs Lifehacker and MakeUseOf.

Dave lives in the Philadelphia are with his wife, three girls, and multiple gadgets.

You can reach Dave by using the comment form below, on twitter @ddrager or on Google+.

Published:: October 25, 2010 – 6:49 am
Author:: By Dave

Firesheep Should Be A Call To Arms For System, Network & Web Admins 3

Firesheep by Eric Butler has just been released to the world. This Firefox plugin does a few things that have already been fairly easy to do for a while, but rolled up in one easy to use package:

Sniffs data on unencrypted Wireless Networks
Looks for unencrypted login cookies sent to known popular insecure sites
Allows you to login to that account with ‘One Click’

So what sites are impacted by default? Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, and Yelp are among the few. A plugin system allows anyone to add their own sites (and cookie styles) to the plugin.

Yikes! It goes without saying that this is a major security problem for anyone who uses unencrypted wireless networks. Includes on this list are many universities and companies such as Starbucks.

Categories: Security,System Administration

Tagged: http, Security, wireless

Published:: October 22, 2010 – 5:06 pm
Author:: By Dave

Fixing ip_conntrack Bottlenecks: The Tale Of The DNS Server With Many Tiny Connections 0

I manage a server which has a sole purpose: serving DNS requests. We use PowerDNS, which has been great. It is a DNS server whose backend is SQL, making administration of large numbers of records very easy. It is also fast, easy to use, open source and did I mention it is free?

The server has been humming along for years now. The traffic graphs don’t show a lot of data moving through it because it only serves DNS requests (plus MySQL replication) in the form of tiny UDP packets.

Read on to follow my story of how I fixed this tricky problem. No kittens were harmed in the writing of this post.

Categories: Linux,System Administration

Tagged: DNS, kernel, Linux, tcp/ip

Published:: October 21, 2010 – 9:13 pm
Author:: By Dave

How to Stop an Apache DDoS Attack with mod_evasive 4

The first inkling that I had a problem with a DDoS (Distributed Denial of Service) attack was a note sent to my inbox:

lfd on server1.myhostname.com: High 5 minute load average alert – 89.14

Apache DDoS

My initial thought was that a site on my server was getting Slashdotted or encountering the Digg or Reddit effect. I run Chartbeat on several sites where this occasionally happens and I will usually get an alert from them first. A quick look at the Extended status page from Apache showed that I had a much different kind of problem.

Categories: System Administration

Tagged: apache, ddos, mod_evasive, sysadmin

Published:: October 19, 2010 – 4:45 pm
Author:: By Dave

Using Google Analytics Or Other Javascript With Smarty Template Engine 0

On a website I was working on recently I added the Google Analytics tracking code to the footer of a Smarty template, like this: footer.tpl: 1234567891011121314151617<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-XXXXX-XX']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html> However, since the javascript used by Google Analytics includes { and } tags, also used by the Smarty template engine, it tries to interpret this code and depending on your settings will either fail silently or or with an error such as this: Smarty error: [in footer.tpl line 148]: syntax error: unrecognized tag ‘var’ The fix is simple. Enclose your Google Analytics code, or other javascript code, with {literal} and….

Categories: Code Samples,JavaScript,Webdesign

Tagged: google analytics, JavaScript, smarty

Published:: October 9, 2010 – 3:10 am
Author:: By Dave

Per Channel Cable Subscriber Rates 0

Categories: Site Updates

Published:: September 22, 2010 – 10:28 pm
Author:: By Dave

The Ultimate Guide to DVD Encoding with Handbrake 3

It’s no secret that I’m a huge fan of Handbrake. After committing to copying my DVD collection to my storage array, I’ve tried and tested just about all software out there for converting video to H.264 with an emphasis on quality and speed. Many software packages have problems with quality or desynchronized audio, Handbrake is my hands-down favorite when it comes down to converting video — and that includes both free and commercial software.

One of the complaints I hear about Handbrake is that there are too many options. Well, the good news for someone looking for simplicity is that the built-in presets mostly take care of them for you. And for anyone who likes to dive into the nitty gritty of video compression, it also allows for a lot of tweaking to get the most out of your movie while maintaining small file sizes and high quality.

Read on for my full guide to Handbrake features.

Categories: Software,Windows

Tagged: dvd, encoding, video

Published:: September 20, 2010 – 12:21 pm
Author:: By Dave

Google Adds Two-Factor Authentication To Google Apps (For Real, This Time) 0

I’m not trying to say I had anything to do with Google adding two-factor authentication to Google Apps. I’m really not. But on September 9th, MakeUseOf published an article named How To Secure Your Google Apps Account with Two Factor Authentication. In this article, I wrote: All of this brings up the question: why doesn’t Google enable a direct way to use two factor authentication with their Gmail, Calendar and other services? Many folks such as myself use Google services for all too many things in their lives, and that login is potentially the most important one of their online life. I would suggest that Google gets onto the security boat and enables this as an option for everyday folks. Today, 11 days later, Google released their own Two-Factor authentication scheme for Google Apps account (Premier, Education and Government). An example of accurate prognostication? Or just dumb luck? Either way,….

Categories: Google,Security,Software

Tagged: authentication, Google, Security