Posted: | Comments: 1 | Categories: Security, Development

Interesting stuff on newest Romanian IT project GitHub account:

This commit has the database connection authentication data (user/password) in clear. It doesn't matter if it is a development or a production database, credentials should never be exposed this way.

spring.datasource.url = jdbc:mysql://
# Username and password
spring.datasource.username = stopcozi
spring.datasource.password = StopCozi1234!@
read more

Posted: | Comments: 0 | Categories: Security

GovITHub is the government program that proposes to create the community of those that believe in a digital future for Romania, by changing public services with the help of technology.

Few days ago I decided to do a security audit for since they are dealing with personal data and you know my stance on privacy; by checking the output from the server, reading the site code and using various tools I have identified the following issues with the site:

read more

Posted: | Comments: 0 | Categories: Security

If you don't give a crap about your Wordpress blog updates, your hosting account (or vps, droplet, instance) is probably infected with malware and one of them is the Shell File Manager. The script comes as an encoded PHP single file and can do serious damage to your server, it basically gives the attacker full access to the machine.

NOTE: do not, under any circumstances, run a PHP file that has eval-ed code inside. Always replace eval with echo so you can see what the actual code looks like, if you are eval-ing malicious code ... well ... you're screwed. Use a sandbox, chroot or virtual machine for your (computer) safety.

read more

Posted: | Comments: 1 | Categories: Development, Whoopsie

By now, you already read my last article about the whole story with their stolen theme. Well, since I've seen many of the people involved in the project (and its owner, Andrei Cismaru) denying anything strange happened with the theme or even implying I've had some dark and shady reasons for exposing them as the fraud they are, I decided to check today if anything changed. And guess what.

Archived version of the site is here (archived on July 29, 2016, as can be seen from the URL) so, obviously, the archived version of the main CSS file for the theme is here. Nothing fishy here, right?

read more

Posted: | Comments: 9 | Categories: Development, Whoopsie

Desperation is like stealing from the Mafia: you stand a good chance of attracting the wrong attention. - Douglas Horton

The story

When you think Romanian bloggers can't sink any lower ... they sure can. Here is their latest endeavor: the Hai la vot! website with the interesting domain

But the real interesting thing is not the name or the site or even the slogan: it's the fact that they're using a "nulled and stolen" theme called JustFit by MyThemeShop. Unfortunately for the site creators, Fabrica De Social Media (no website for them, I wonder why), the people that put the original theme for download on the Themekiller website added some code to the footer of the theme that links back to the website, as you ca see in the image below (the highlighted code). In case they remove the code from the page, you can always check the version from the Web Archive (view the source of the page, scroll to bottom), since it's more permanent than a Google Cache.

read more