PHP

How to add content verification using hmac in PHP

Posted on

Many times a requirement arises where we are supposed to expose an API for intended users, who can use these API endpoints to GET/POST data on our servers. But how do we verify that only the intended users are using these API’s and not any hacker or attacker. In this blog post, I will show you the most elegant way of adding content verification using hash_hmac (Hash-based Message Authentication Code) in PHP. This will allow us to restrict possible misuse of our API by simply issuing an API key for intended users. Here are the steps for adding content verification […]

PHP

Web Security : Using crumbs to protect your PHP API (Ajax) call from Cross-site request forgery (CSRF/XSRF) and other vulnerabilities

Posted on

Have your API calls ever being used directly by someone without your permission? If yes, read on to find out how can we protect our API’s from such spammers and hackers. Before we go ahead and see a possible solution for this, lets try to list out a few cases, when our API’s can be accessed without our permissions. Common cases of vulnerable API/Ajax calls Ajax calls having no user authentication: This is the first place where a spammer will try to find out a loop hole. Take this example, suppose I created a group chat plugin for my blog. […]

Tech Giants

Warning for Google Chrome Users : Chrome’s ‘Save As’ Flaw Could Give Attackers Control

Posted on

Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google’s Chrome browser. “This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system,” the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the “Save As” flaw is the only one that can allow an attacker to launch remote attacks from a victim’s PC. Other vulnerabilities just crash the browser. The vulnerability is caused by a boundary error when […]

Web Development

Gain admin access on windows system using your guest account

Posted on

Hello All, Ever thought of how to get into your friend’s system and see the access denied files and folders? Or ever wanted to hack into someone’s admin account? Well here is a method which exploits yet another windows bug. Have you ever noticed that if you press your system’s SHIFT key >= 5 times continuously a pop up windows occurs with the name “Sticky Keys”? If it doesn’t pop up on your comp, then may be your shortcut is turned off. For enabling it, goto Control Panel -> Accessibility Options. In the accessibility options under the keyboard tab, in […]