Made to Order Software Corporation Logo

security

Basic Website Development Tools Every Blockchain Developer Needs

Developers can choose from many advanced software applications in today’s environment of intensive research on potential uses for blockchain technology. Web development tools include Ethereum DApps Development where researchers and developers strive to build decentralized apps and smart contracts. Smart contracts have the built-in ability to adjust based on changes to key terms and to monitor compliance with the terms of the contract.

Blockchain development tools help to facilitate software development. If a developer is new to blockchain or lacks experience, he or she should become ...

3 Types of Software Every Business Needs

Are you struggling to stay on top of everything in your business? 

You don't need to handle everything all alone — there's software specifically designed to help your business thrive without you having to put in more hours. The right software will save you time by keeping everything organized and ready to go. 

Learn about the 3 types of software to keep your business running as it should while you focus on more important things. 

Accounting Forms (1099, W2, etc.) with a pocket calculator

What Type of Business Do You Have?

As we go through each type, understand that the software your business needs depends mainly ...

Tips for Downloading Software Safely

An Apple Office with a Mac and an iPad.

If you are downloading software online, are you taking the proper precautions to ensure your safety? You may be tempted to find links for downloading programs that cost a lot, but there is always the danger of exposing yourself to malware and data theft. It's possible to keep yourself safe from these risks while scrolling for the programs you need. You just have to know exactly what it takes to beef up your defenses when you are downloading a PC game or graphics design software. Here are a few tips to keep in mind:

1. Check if the website is trusted

The first thing you will need to ...

Don't Repeat Yourself When Writing Software

Nature tends to repeat itself, or reproduce with similar structure, but code should not.

For a very long time now, we have been using languages that support having functions that one can call. That was not always the case, although even really old versions of BASIC had a GOSUB instruction, which it had no concept of local variables so it was rather difficult to use safely.

Functions allow you to avoid repetition. You write a small snippet of code (or maybe not that small) within a function and then you call that function to reuse that snippet over and over again. Good programmers tend to do that even with one liners. However, many others often think: well, it's just one line, why don't I return copy & paste that wherever I need it, it's going to be faster.

How small are computers getting?

Mini-computer versus Mouse

Click on picture to see on Amazon.com (which I'm an affiliate of).

Computer Stick

Looking at Mini Computers, I found this Fanless Mini PC based on the Intel Atom Z8350 processor by SmallRT. The picture includes a mouse to give you an idea of the size of that thing. It's tiny! Maybe not what you want, but you can already do a lot with that little one.

The connector on the left side is an HDMI plug which spits out 4K of video graphics. It's just totally amazing to me. Of course, we had the Pi3 and now we have the Pi4... but those are computers for hackers. Here we're ...

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

PHP e-Fax requires valid SSL certificates (failed with code 1)

As e-Fax is updating their systems further to be compliant with various security systems, some new problems may arise on your servers.

The main one is an SSL error that is quite unclear.

Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /path-to-php-efax/http_request.php on line 294

As we can see, the error mentions a server certificate function and says it could not verify a certificate.

If your server is not 100% up to date with newest SSL versions or your web ...

Security Issue in many mail systems

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

A ...

Upgrade to PHP 5.3.3 or newer because of security issue

If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:

sudo apt-get install php5-suhosin

This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.

What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from ...