OpenStack is a very fashionable word in today’s IT media space. Virtually everyone heard about it, but not so many have seen it in action. Moreover, only a few dared to taste it in a “serious way”. In our company, we took this risk and, today, I’ll tell you what happened to us and why the fashion often runs ahead of prudence and stability.
If I started the article with describing all the advantages of cloud storage of data, you would think that I had been just thawed after twenty years of anabiosis, or that I use overdoses of hypnotics :). Therefore, I will put it briefly, in a programmer-like fashion: when I was faced with the task of making a program that could operate without being bound to the API of a particular service, enabling work with files located in a number of storage spaces (its purpose was backup), it turned out that it was not that simple. I decided to tell you about all the intricacies and pitfalls of that work in this article.
Often, you find yourself in a situation when it is not convenient to use your smartphone or get it out of pocket, such as when it rains, while driving a car, at a meeting… Or you may simple feel a bit lazy to get up from a warm couch to see what has arrived to your phone. In this article, I’ll show you how to configure the notifications, customize and use the full power of Pebble, one of the most popular smart watches.
As you can remember ( and as a must to remember for each good administrator) it is not a good idea to work as a root user on Linux. In a perfect world you should use it only to configure a server, to install or to update software, by and large, only for purely administrative purposes. The problem is that we live in the real world that is, actually, quite far away from a perfect one. So, the situation is quite common and, generally, because of negligence, wherefore, the Linux users had no choice but to figure out how does their software works. However, if you know how does the system work and understand its safety mechanisms then you will never work as a root user. Anyway, today we are going to review the ways of raising authorities up from the unprivileged user to a root one, unlike the situation with Windows where we were considering the ways of running with administrative privileges. So, let’s start.
Android devices are good by any definition, but sometimes they extremely lack features and utilities available in desktop Linux. Separate instruments, such as Terminal IDE, partly help, but anyway they do not have some of the desired functionality. How can we remedy the situation?
Let’s start with the configuration of the Indian who gained recognition on many servers on the web. The first setting we select is the one that prevents an attacker from recognizing the version of Apache. To do this, you can use two directives that have to be set to the following values:
ServerSignature Off ServerTokens Prod
The second step is to make sure that Apache runs under its own separate user and group. If the same user also manages something else, e.g. DBMS, an attacker who manages to compromise the web server can have access to the database as well.
One of the few interesting exploits that I could find includes the ability to download the source code of ASPX pages whose address is known in advance and accessible from outside. This vulnerability exists only in SharePoint 2007, and the exploit is quite simple:
http://www.example.com/_layouts/download.aspx?SourceUrl=/Pages/Default.aspx&Source=http://www.example.com/Pages/Default.aspx&FldUrl=
This could be useful, if the website has proprietary code. But you still need to know the address of specific page.
