Paul Gregg

Jack of all Tech.

Leaving Menshn for good

I’ve decided to close my Menshn account, folks. It’s over. ¬†After four weeks of micro-menshning and meeting great friends and colleagues (largely not on Menshn), I’m off. It’s been amazing but it never provided the community feeling it once promised. So I’ll be posting my rants on twitter and my blog instead, and I’ll be […]

Read the rest of this entry »

Menshn: Another password design flaw

Ok – so I forgot my password on Menshn, again, and went to reset my password. Normal email address+token thing – except I noticed another problem. Menshn emails you a link in the form: pwreset.php?e=email@address.com&c=8chartoken At least they are not emailing plain text passwords again. But, I noticed that the token link can be used […]

Read the rest of this entry »

Menshn and another security issue

Menshn password database design flaw.

Read the rest of this entry »

tail -# file, in PHP

I read Kevin’s Read Line from File article today and thought I would add some sample code I wrote a while back to address a similar task in PHP – How to perform the equivalent of “tail -# filename” in PHP. A typical task in some applications such as a shoutbox or a simple log […]

Read the rest of this entry »

Comment: Why Firefox is failing in the corporate environment.

I’ve sat on this article for a number of years, hoping against hope that the Firefox development team would get off their elite self-indulgent asses and realise that, guess what? – the world doesn’t work the way they think it should. Don’t get me wrong, I love Firefox. I use it daily for nearly all […]

Read the rest of this entry »

TinyURL PHP “flaw” ?

The Register is running a story today TinyURL, your configs are showing which points out that TinyURL has a /php.php page displaying the contents of phpinfo(). The article then goes on to make some scary sounding claims from security consultant Rafal Los “Why would you want to run a web service as ‘Administrator’ because if […]

Read the rest of this entry »