Ubikuity.net

Publish your tweets on you blog first! Then automate the copy to Twitter: no untrusted URL shortener & free backup

Last year, I had the chance to attend one of the excellent workshop “Hack Yourself First” presented by Troy Hunt: http://www.troyhunt.com/2016/02/more-europe-even-more-again-and-more.html

Now it’s time to practice again by using the (very simple) tool Havij and use the dedicated and deliberately vulnerable website http://hackyourselffirst.troyhunt.com/

To celebrate the unveiling of Tesla new car, I just played a little with Havij and I updated an existing car with Tesla Model S P90D characteristics: http://hackyourselffirst.troyhunt.com/Supercar/8

I guess the changes will be reverted soon, so I took a screenshot:

Just for reference, here is the SQL script I used:

UPDATE Make SET name=’Tesla Motors’ WHERE MakeId=8;
UPDATE Supercar SET Cylinders=’V0′ WHERE SupercarId=8;
UPDATE Supercar SET Description=’Model S acceleration is instantaneous, silent and smooth’ WHERE SupercarId=8;
UPDATE Supercar SET EngineCc=0 WHERE SupercarId=8;
UPDATE Supercar SET EngineLayout=’Dual electric motor’ WHERE SupercarId=8;
UPDATE Supercar SET Model=’Tesla Model S P90D’ WHERE SupercarId=8;
UPDATE Supercar SET PowerKw=568 WHERE SupercarId=8;
UPDATE Supercar SET TopSpeedKm=250 WHERE SupercarId=8;
UPDATE Supercar SET TorqueNm=967 WHERE SupercarId=8;
UPDATE Supercar SET WeightKg=2200 WHERE SupercarId=8;
UPDATE Supercar SET ZeroToOneHundredKmInSecs=2.8 WHERE SupercarId=8;

Some of the other attendees created a blog post to summarize what we learned at the workshop:

• https://theholyjava.wordpress.com/2015/06/17/notes-from-troy-hunts-hack-yourself-first-workshop/
• https://bjorncoltof.github.io/2015/06/26/ndcoslo-security-workshop/

Unfortunately at the moment (2015-11-03), U2F protocol is still not officially supported in Mozilla Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1065729

U2F protocol is mainly promoted by Yubico company (who is selling Yubikeys)

Finally, Firefox 57 (called Quantum) supports U2F protocol but for the moment (2017-12-17) it’s not enabled by default. Here is how to enable it:

• Type about:config into the Firefox browser.
• Search for “u2f”.
• Double click on security.webauth.u2f to enable U2F support (the value should be set to “true“)

Source: https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/

Lors des phases de test/recette, il est souvent utile de pouvoir se connecter en tant qu’un autre utilisateur sur une application, par exemple pour vérifier que les permissions et les différents rôles de l’application fonctionnent correctement.

Dans mon cas, j’avais besoin de pouvoir emprunter l’identité d’un autre utilisateur sur une application Intranet ASP.NET MVC dont le mécanisme d’authentification est de type Windows NTLM (<authentication mode="Windows" />)

La solution que j’ai trouvé est de créer un cookie qui contient le nom du compte utilisateur que je veux revêtir (“impersonation”).
Puis à chaque chargement de page (Global.asax.cs), l’application examine la présence de ce cookie afin de changer à la volée l’utilisateur connecté (HttpContext.Current.User).

Evidemment, pour des raisons de sécurité et d’auditabilité, il faut désactiver ce mécanisme sur l’application en Production.

Voici le code qui permet de faire cela et que j’ai publié sur GitHub : https://github.com/ubikuity/impersonate-windows-user-aspnet
Détails de l’implémentation : https://github.com/ubikuity/impersonate-windows-user-aspnet/commit/ed660effc08f2a89ed621b62bbda6b71e72a6e3e

I was searching for a list of neighboring/bordering/adjacent states for each USA state.

I asked on StackOverflow but I had no luck: http://stackoverflow.com/questions/12402673/get-the-neighboring-states-of-a-given-usa-state

I wasn’t able to find any open data.

So, I finally decided to create my own list using the following sources:

• http://theincidentaleconomist.com/wordpress/list-of-neighboring-states-with-stata-code/
• http://www.john.geek.nz/2009/01/sql-tips-list-of-us-states/
• http://askville.amazon.com/Trivia-state-bordered-states/AnswerViewer.do?requestId=3941039
• http://en.wikipedia.org/wiki/List_of_U.S._states_by_date_of_statehood
• http://en.wikipedia.org/wiki/History_of_Washington,_D.C.

=> Feel free to verify, contribute and reuse my file: neighbors-states.csv

Notes:

• The SQL script was created for SQL Server 2008.

Possible improvements:

• Add a column called “IsApproximativeNeighbor” in the table “NeighborStates” to define properly the relation between Alaska and Washington state even if there is no common border.

Off topic:

• At first, I wanted to use MySQL but I discovered that MySQL constraint implementation still is incomplete: “the CHECK clause is parsed but ignored by all storage engines”. See http://bugs.mysql.com/bug.php?id=3464 and http://dev.mysql.com/doc/refman/5.1/en/create-table.html.
• Maybe some of you remember the song from this cartoon: Animaniacs video of Wakko’s famous 50 State Capitols song.
• By the way, I never been to the USA and this list give some motivation to visit USA!

Here is a nice poster to summarize what’s new in .NET Framework 4.5:

http://www.heikniemi.net/hardcoded/2011/10/whats-new-in-net-framework-4-5-poster/

Concerning ASP.NET, I like:

• New site template for ASPNET MVC 4
• Built-in Javascript + CSS combining and minification
• Strongly typed data binding in ASP.NET Web Forms
• Multiple file upload component for ASP.NET Web Forms
• IIS Express used by default (instead of Cassini)

I begin to understand the difference between “Independent association” and “Foreign key association” in Entity Framework Code First thanks to this article : http://www.ladislavmrnka.com/2011/05/foreign-key-vs-independent-associations-in-ef-4/

Advice: use both (Independent associations and Foreign key associations):

“This saves on unnecessary DB lookups, allows lazy loaking, and allows you to easily see/set the ID if you know what you want it to be. Note that having both does not change your table structure in any way.”

Source: http://stackoverflow.com/questions/5281974/code-first-independent-associations-vs-foreign-key-associations

Question: how to find which version of ASP.NET MVC is used in an existing Visual Studio project?

Answer: via Reflection:

<code>typeof (Controller).Assembly.GetName().Version </code>

Source: http://stackoverflow.com/questions/3008704/how-to-determine-the-current-version-of-asp-net-mvc

PureText est un petit utilitaire qui permet de faire un copier-coller d’un bout de texte sans conserver la mise en forme d’origine (gras, souligné, style, code html, etc.) et de coller uniquement le texte brut.

Source : http://www.stevemiller.net/puretext/

Le plugin “WP to Twitter” permet de publier automatiquement vos articles de blogs WordPress sur votre compte Twitter.

La configuration du plugin demande quelques minutes d’attention (récupération des paramètres Consumer key, Consumer secret, Access token, Access token secret via https://dev.twitter.com/) mais ensuite cela marche très bien.

En savoir plus : http://cleverwp.com/publish-to-twitter-automatically-from-your-wordpress-blog/