EnvironmentError: The environment options "TRAC_ENV" or "TRAC_ENV_PARENT_DIR"
or the mod_python options "TracEnv" or "TracEnvParentDir" are missing.

Yuck. What’s more, if you’re using SuExec (like I am) then your Apache directives are ignored.

Solution: Edit your trac.fcgi and prepend the following code.

# hack for SuExec
import os;
os.environ['TRAC_ENV_PARENT_DIR'] = ‘/var/lib/trac’

Some vulnerabilities in the Linux kernel where publicly disclosed on the 8th of February 2008. These can be exploited by any user to gain elevated privileges. A “local root” exploit was published Sunday which allows an arbitrary user to escalate to root privileges.

Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2
Read the rest of this entry »

Finally we have a truly portable, open source, encrypted filesystem. I’ve tested a fair share of encrypted filesystem solutions. The most promising probably being encfs since it could be used with Fuse, but that only works on OS X and Linux at best.

TrueCrypt, probably the best solution available, was only working on Linux and Windows… up to now.
Read the rest of this entry »

Here is a list of keyboard shortcuts or hotkeys available during the boot sequence of OS X on Intel based macs although some shortcuts also work on PPC.
Shamelessly ripped off apple’s documentation article:
Startup key combinations for Intel-based Macs.

But that’s impossible!!

HTTPS is just HTTP encapsulated inside an SSL tunnel. Apache’s virtual hosts are a clever “hack” whereby the Host header in the HTTP packet is verified. This alllows a single apache instance on a single IP/Port combination to serve a (not so) infinite number of differentes sites (aka vhosts).

Problem: The SSL tunnel is created before the first HTTP packet gets sent. Apache needs an SSL certificate but doesn’t have a Host header to match, hence cannot choose a virtual host.

Solution

This trick essentially does the matching of the Host header after the SSL connection has been established. How? Via some mod_rewrite magic!

Caveats

Although I said so, it’s not really that magical. There are a few things this trick does not solve.

• The SSL certificate used will be common to all SSL vhosts.
• Certain Apache directives may be common to all SSL vhosts (example: SuExecUserGroup). Basically anything you can’t override in a .htaccess file will be shared amongst vhosts.

Read the rest of this entry »

We all know Firefox is a great browser but what really sets it apart are its numerous extensions (or plugins).

With the right extensions, firefox can become much more than a web browser. But this isn’t about turning your firefox into a blogging platform or a social bookmarking application. It’s about turning your firefox into one of the best tools for web development, debugging and penetration testing web applications.
Read the rest of this entry »

To get a list of virtual hosts that run on a particular server (IP or domain), the following search engines are available:

• Live search engine from Microsoft. Use the ‘ip:’ keyword. Example: ip:207.46.30.24
• CRUSH rIP tool. Works only on domains (no IPs), only com, net and org domains and you need to answer a captcha. Nevertheless, it found results that live.com didn’t.