API for Troy Hunts passwords list

TL;DR version: https://github.com/ryanschulze/password-check-api

I threw together a small API that can make the data from Troy Hunts 320 Million passwords easily query-able (or any list of SHA1 hashes for that matter). It’s nothing special, a MySQL backend, a Webserver and an API application using the Slim framework. It’s also stupid fast because there is nothing fancy or special about it. Since it uses a well documented framework it is also easy to change/extend/adjust to your specific requirements. […]

Setting up multidomain DKIM with Exim

I was recently setting up SPF, DKIM and DMARC for multiple domains and was having trouble getting Exim to sign emails for the different domains. I found an article here explaining the steps. But I kept getting the following error in my exim logs: failed to expand dkim_private_key: missing or misplaced { or } The suggested configuration was the following:

I’m not quite […]

What was and wasn’t fixed in bash after the Shellshock vulnerability (CVE-2014-6271)

By now there are a few websites/blog posts online that explain CVE-2014-6271 (code being executed that was inserted after the function definition) and  CVE-2014-7169 (parser error that also led to code being executed). Both CVEs have been patched. Check out “Quick notes about the bash bug, its impact, and the fixes so far“, “Shellshock proof […]

What plugins is that website running?

While having a look at nikito yesterday I stumbled accross cms-explorer. It’s an interesting little program that checks the themes/modules/plugins installed in common CMS systems (Drupal, WordPress, Joomla! and Mambo), with automatic exploration for Drupal and WordPress. It also has some nice bonus features like providing a list of known issues for plugins found by […]