How to add content verification using hmac in PHP

Posted 25 CommentsPosted in PHP
Many times a requirement arises where we are supposed to expose an API for intended users, who can use these API endpoints to GET/POST data on our servers. But how do we verify that only the intended users are using these API's and not any hacker or attacker. In this blog post, I will show you the most elegant way of adding content verification using hash_hmac (Hash-based Message Authentication Code) in PHP. This will allow us to restrict possible misuse of our API by simply issuing an API key for intended users. Here are the steps for adding content verification...

Use crumbs to protect your Ajax calls from Cross-site request forgery (CSRF/XSRF)

Posted 18 CommentsPosted in PHP
Have your API calls ever being used directly by someone without your permission? If yes, read on to find out how can we protect our API's from such spammers and hackers. Before we go ahead and see a possible solution for this, lets try to list out a few cases, when our API's can be accessed without our permissions. Common cases of vulnerable API/Ajax calls Ajax calls having no user authentication: This is the first place where a spammer will try to find out a loop hole. Take this example, suppose I created a group chat plugin for my blog....

Warning for Google Chrome Users : Chrome’s ‘Save As’ Flaw Could Give Attackers Control

Posted Leave a commentPosted in Tech Giants
Bach Khoa Internetwork Security, a security-research firm in Vietnam, claims to be the first to discover a critical vulnerability in Google's Chrome browser. "This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system," the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the "Save As" flaw is the only one that can allow an attacker to launch remote attacks from a victim's PC. Other vulnerabilities just crash the browser. The vulnerability is caused by a boundary error when...

Gain admin access on Windows using your guest account

Posted 158 CommentsPosted in Web Development
Hello All, Ever thought of how to get into your friend's system and see the access denied files and folders? Or ever wanted to hack into someone's admin account? Well here is a method which exploits yet another windows bug. Have you ever noticed that if you press your system's SHIFT key >= 5 times continuously a pop-up Windows occurs with the name "Sticky Keys"? If it doesn't pop up on your comp, then maybe your shortcut is turned off. For enabling it, go to Control Panel -> Accessibility Options. In the accessibility options under the keyboard tab, in sticky...