Posted: | Comments: 0 | Categories: Security

GovITHub is the government program that proposes to create the community of those that believe in a digital future for Romania, by changing public services with the help of technology.

Few days ago I decided to do a security audit for ithub.gov.ro since they are dealing with personal data and you know my stance on privacy; by checking the output from the server, reading the site code and using various tools I have identified the following issues with the site:

read more

Posted: | Comments: 0 | Categories: Security

If you don't give a crap about your Wordpress blog updates, your hosting account (or vps, droplet, instance) is probably infected with malware and one of them is the Shell File Manager. The script comes as an encoded PHP single file and can do serious damage to your server, it basically gives the attacker full access to the machine.

NOTE: do not, under any circumstances, run a PHP file that has eval-ed code inside. Always replace eval with echo so you can see what the actual code looks like, if you are eval-ing malicious code ... well ... you're screwed. Use a sandbox, chroot or virtual machine for your (computer) safety.

read more

Posted: | Comments: 1 | Categories: Development, Whoopsie

By now, you already read my last article about the whole letsvote.ro story with their stolen theme. Well, since I've seen many of the people involved in the project (and its owner, Andrei Cismaru) denying anything strange happened with the theme or even implying I've had some dark and shady reasons for exposing them as the fraud they are, I decided to check today if anything changed. And guess what.

Archived version of the site is here (archived on July 29, 2016, as can be seen from the URL) so, obviously, the archived version of the main CSS file for the theme is here. Nothing fishy here, right?

read more

Posted: | Comments: 7 | Categories: Development, Whoopsie

Desperation is like stealing from the Mafia: you stand a good chance of attracting the wrong attention. - Douglas Horton

The story

When you think Romanian bloggers can't sink any lower ... they sure can. Here is their latest endeavor: the Hai la vot! website with the interesting domain letsvote.ro.

But the real interesting thing is not the name or the site or even the slogan: it's the fact that they're using a "nulled and stolen" theme called JustFit by MyThemeShop. Unfortunately for the letsvote.ro site creators, Fabrica De Social Media (no website for them, I wonder why), the people that put the original theme for download on the Themekiller website added some code to the footer of the theme that links back to the Themekiller.com website, as you ca see in the image below (the highlighted code). In case they remove the code from the page, you can always check the letsvote.ro version from the Web Archive (view the source of the page, scroll to bottom), since it's more permanent than a Google Cache.

read more

Posted: | Comments: 0 | Categories: Entertainment

I've been playing Fallout 2 for the past ... 12-14 years or so, actually, Fallout(s) are the first applications that usually get installed after the operating system (for the past years I did not actually play vanilla Fallout, but Killap's Fallout Restoration Project since it fixes lots of the bugs in the original game). Not hard to guess, Fallout(s), Wasteland 2, Homeworld(s) and Dungeon Siege II are my favorite games.

Usually my characters are starting with the Fast Shot and Gifted traits and I'm trying to get the Awareness, Bonus Rate of Fire and Sharpshooter perks as fast as possible.

read more