In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.
Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines.
To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!
Procrastineering - Project blog for Johnny Chung Lee: More Wiimote Projects - A Brain Dump
Topic: Technology
7:01 am EDT, Jun 23, 2008
It’s been a while since I’ve posted anything. That’s largely because I’ve been traveling a lot, giving talks, and most recently relocating to a new city. It became clear to me a while ago that I wasn’t going to get around to making more videos anytime soon. So, I figured I would make a post about the projects that I would probably make videos of if I had more free time. The content of this post has been in the talks that I’ve been giving, but I’m just sitting down to write it out now for my trusty blog readers.
Florida Proposes $75 Million for Startups, Venture Capital Article - Inc. Article
Topic: Technology
7:18 am EDT, Jun 22, 2008
In an effort to give Florida startups a boost, Gov. Jeb Bush has proposed that the state legislature earmark $75 million to provide startup and early-stage funding for fledgling companies.
The $75 million is part of a $630 million economic development package that the governor asked legislators to include in the 2006-2007 budget. The package is aimed at helping diversify Florida’s economy and reduce reliance on tourism. The state legislature has 60 days to respond from Bush’s March 7 State of the State address.
Video: Amazing NERF office war - Boing Boing Gadgets
Topic: Technology
5:33 am EDT, Jun 21, 2008
This video, which from the wealth of weapons used in its creation I can only presume is a sanctioned viral commissioned by Nerf, manages to break every rule of good internet video: it's over five-minutes long; it is a commercial; it's trying to be funny. Against all odds, it manages to be completely awesome. It's enough to almost make me wish I worked in an office.
Mac OSX Software - MultiFirefox 2.0 | Code Contortionist
Topic: Technology
10:08 pm EDT, Jun 19, 2008
For those of us who work on the ‘front end development’ side of things, there’s a careful balance we hang in regarding new browser releases. The short version is that as new browsers approach their release candidate status, we need to be checking and double checking our work in them to make sure that their change logs don’t break our work.
At the same time, there’s a known issue with the fact that, more often than not, running the latest beta or release candidate alongside with the production version (and, if you’re a really good developer, one previous version back from the most current production release to take care of things). Internet Explorer is notorious for this and I recall the headaches I went through beta testing it. I essentially resolved to (and continue to resolve to) use multiple virtual machines, one for each version of IE.
[Dave Martorana] created a little launcher app that, when copied to your Apps folder along with the accompanied Firefox3.app file (appropriately renamed so it wont overwrite the stable version), will let you create and/or select an additional profile, as well as the version of Firefox that you wish to use. It’s clean, it’s simple, and it works.
Neat. I have to run 2.0 for web development, but the rest of my crap can go in 3.0
Rose is a set of Perl modules focused on web application development. The modules that make up Rose include a DBI abstraction layer, an object-relational mapper (ORM), an HTML widget toolkit, and (eventually) an MVC-style web application framework.
Ever had the desire to display your digital pictures in a frame without going through the hassle of printing them and re-framing? My inspiration came from the write up on Applefritter and I decided to take the plunge and destroy a hand-me-down IBM Thinkpad 560X in the name of science ;)
Over the space of a couple of days, I disassembled the laptop and carefully assembled only the bare minimum required parts on the back side of a wooden picture frame. I’m quite pleased with the result if I say so myself :)
