Archive for March 27th, 2008
Hacker Super Bowl
At this year’s CanSecWest, there are three computers set up for open hacking, one running Vista, one running OSX, and one running Ubuntu Linux. Hacks must be done with a new zero-day exploit (that is, it can’t be an already known-about crack).
Organizers have worked to make the attack surface area the same on each system. That’s important because each OS comes with a different amount of pre-installed software — from Vista’s “it’s up to you to install anything useful” to OSX’s “We’ll give you a common set of simple tools” to Ubuntu’s “What do you want to do today? It’s already installed or available with a click.”
Day 1, the cracks must only be done over the network in non-user-interactive mode, and the prize is $20,000
Day 2, the cracks must only be done against software which is already installed, but it can involve tricking the user. Prize is $10,000
Day 3, the cracks can be done against a suite of commonly installed software, but the prize is only $5,000.
Update: Two minutes into day two, the Macbook Air was the first of the three systems to fall, due to an exploit against Safari.
Update 2: Late into the third day, the Vista laptop fell to a exploit against Adobe Flash. Ubuntu wins the contest.
Regular Expression for Validating Email Addresses
Posted by Eric in Programming, Regular Expressions on March 27th, 2008
This is the regular expression I use to validate email addresses:
Thought it might be useful to some folks. Most email validation regular expressions fail to allow all the valid characters before the @ sign (for example, you can have a +, an & slashes, a single quote, =, ?, ^, _, {, }, ~, *).
In ColdFusion, you can test an address with:
In Javascript, you can test with:
In PHP, you can test with:
Real Time Command Execution Feedback
Posted by Eric in ColdFusion, Programming on March 27th, 2008
Did you ever write a utility ColdFusion script which uses <cfexecute> to run a command and send output back to the browser? It makes for convenient and monitorable remote execution of certain repetitive tasks. My most common use for this sort of thing is for example an rsync process which can be invoked from anywhere in the world, and most recently I’ve been working with Selenium-RC to set up regression test scenarios which can be initiated by business users and business analysts without having to have Selenium IDE installed or know how to use it.
I’ve always found it frustrating though when the task is long-running, and potentially error-prone to not know the success or failure, until the entire command has been executed, and even more frustrating not knowing if it has hung up for some reason today, or does it just have a lot more work to do today than normal?
This little snippet will use Java runtime to capture and pipe the output of the program back to the browser in real time. There’s a couple of caveats surrounding needing to not be used inside a forced-buffer area (like <cfsavecontent>), but otherwise this should work just fine. That means you can’t really use it inside most modern CF frameworks which depend heavily on <cfsavecontent> and the like.
Standard input (stdin) is shut down right at the start of execution; if you wanted to interact with the program in some way (such as to script some responses to prompts), you could undo that and write to it. Standard output (stdout) and standard error (stderr) are sent to the browser and flushed in nearly real time (stderr outputs in red to boot). I use a non-busy sleep via a Java thread to check in on the running program once a second for new output. Return value is a structure containing the elements exitValue, stdOut, and stdErr, so you can do further processing with it after the fact.
Anyway, enough blather, here is the code. This is not hyper-efficient (too many string concatenations and HTMLEditFormats), so I don’t recommend you use it in any high volume situations, especially if there’s a lot of output expected from your command, but it’s been sufficient for my needs.
Example usage:
Recent Comments