"Action Pack in Ruby on Rails before, 4.x before, and 4.2.x before allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method."

Read more: CVE-2016-2098 Python POC

While hunting through 15,000 lines of CSS, I wanted to find and replace some text.  I thought it was going to be a simple task but there were numerous references and using 'find next' was getting tedious.  I dropped to a command line and used sed to complete the task.  Sed is a stream editor and the syntax is simple:

Read more: Sed Find and Replace

You have a website, you want to protect it from attacks, and you hide it behind a web application firewall (WAF).  If your site was already public and you move it behind a WAF, bad actors can find your site.  Depending upon which WAF you're using, your site's actual location could also be discovered regardless of whether it was previously public on another server.  And if you're not locking down access to the site exclusively to the WAF, bad actors can attack your site without the protection of the WAF.

Read more: Website Behind the WAF

Nikto is a great tool for scanning web servers for vulnerabilities but if you look at the logs, you can see its footprint:

"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)"

...which makes it simple to block. To change Nikto's user agent, we open the configuration file found in /etc/nikto.conf

Read more: Nikto User Agent Change

You receive the following error in Joomla:


The TinyMCE Editor Plugin has been updated. Currently it uses your existing configuration. By editing the plugin, you can now assign and customise various layouts to specific user groups.

Warning: when editing the plugin, you will lose all your previous settings!"

Read more: Warning: The TinyMCE Editor Plugin has been updated

With the recent talk about hijacking IP cameras for the purposes of creating a bot army, I decided to order a camera.   I'd seen this model or one like it in my local lunch place and I ordered one from Amazon.  Two days later, I got my target, a "D-Link DCS-930L Wi-Fi Camera with Remote Viewing".  Nothing fancy really.  Just a $30 camera that can be used wired or wirelessly, but apparently only good for "day use".  It will serve my purpose though.  Army of one.

Read more: Internet of Things -- D-Link DCS-930L