Wednesday 27 June 2012

Denial of service via hash algorithm collision

A variety of programming languages suffer from a DoS via hash algorithm collision. If the implementation of the hash calculation is expensive, then creating POST request with many collisions can cause DoS. POST request has no limit then 8GB.
Java is affected. Webservers Tomcat and Jetty have been protected by limiting number of POST Request parameters.
More info on: http://www.ocert.org/advisories/ocert-2011-003.html

Friday 22 June 2012

Spring Framework Known Vulnerabilities and Issues

Here is the page where we can read about critical insecure versions of Spring Framework. If you use them better upgrade Spring Framework version. http://www.springsource.com/security/spring-framework

Thursday 14 June 2012

Lucidchart - Comments

Lucidchart has new features:
  • Commenting system - Comments panel for adding comments to the diagram
  • Integration to Confluence OnDemand
More on: http://www.lucidchart.com/blog/2012/06/12/introducing-comments-and-lucidchart-for-ondemand-confluence/

Usefull git commands

  • git config --global color.ui auto - add coloring for git command line
  • git pull --rebase - it makes sense to be the default for pulling from the remote repository
  • git merge --no-ff - does not forget about branch which was merged in even if it was fast forward one
  • git rm --cached file - removing file only from git, not form file system
  • git diff --cached - see what will go in the next commit
  • git branch --no-merged - branched that are not merged
  • git rebase master - rebasing current branch against master
  • git mergetool - invoking tool for merging
  • git stash - hiding temporary files changes e.g. for rebasing
  • git stash pop - uncover changes hidden by stash command
  • git reset HEAD file - reset staged changes to the file
  • git checkout HEAD file - removing changes to the file