Filipino Online Tech Portal
Tech Updates, Product Reviews & More!


Tutorials
  Home Articles
 

ARTICLE

Your site is vulnerable to this kind of attacks if you are accepting data from the user. Hackers can send malicious data to get into your web application and access its database. 
Here are some tips to make it harder for hackers to penetrate your web applications.
 
1. Always filter, escape, format, sanitize, or validate any User Input 

Always validate user input on the server side and not only on the user browser using JavaScript. Any client side validation is useless because it can be bypassed. 
Only accept any user input if it matches the expected format. Always check if the submitted data contains unwanted characters (‘<>?/!@#$%^&*()_+=-;) based on your set of rules.  If you are expecting a text (user name), then you should verify that the submitted data only contains valid characters (Aa-Zz). 
You might want to explore how to use “regex” to filter user input. This is very useful if you want to protect your application against SQL injection and cross site scripting. Check this post about bypassing XSS filters. 
Google these terms: PHP regex, JavaScript regex, form validation


2. Learn how to Use Token to Authenticate Your Web Forms

The purpose of using token is to prevent hackers from cloning your web forms and use it to do malicious activities.  With tokens, you can always validate if the web form was originally generated from your server.  This will help to protect your web app against cross site forgery (csrf). 
Google these terms: Token Synchronizer, anti CSRF


3. Set the Names of Input Fields Dynamically
You will make it more difficult for the hacker if you are going to set the names of your form fields dynamically on every request. 
Instead of naming your form fields like this name=”email”, change it to something else like this name=”klmadqw” that is always randomly generated.

Check the sample picture above. Everything has a dynamic part.
*The action URL has a dynamic part. The hackers will have to figure out first where to send the request.
*It has a dynamic hidden field with an encrypted value. This will increase the authenticity of the form.
*The field name for email and password were both dynamically generated. Again, it will be harder for hackers to create fake request if they don’t know what to send.
With this kind of web forms where everything changes per request, it will be more difficult to perform some automated attacks to penetrate your system. 


4. Always Encrypt Sensitive User Information 

Find a way to encrypt sensitive user information specially the login information. Don’t show login credentials. Use different techniques to save and retrieve user information from the database. Google these terms: Encryption tools, Best hashing method, Password hashing with salt 


5. Learn How to Use prepared statements in your SQL/MySQL Code
This is the best way to handle your database. The purpose of using prepared statements is to avoid executing SQL scripts if you forgot to sanitize or escape user input. Any inserted scripts along with the user data will not be recognized.


6. Always escape any Data Before you print/echo/output it to the User’s Browser.
If you want to avoid cross site scripting, make sure that you scape properly any data from the database before you sent it to the user’s browser. The purpose of escaping is to avoid running unwanted java scripts code that is embedded along with the data. 

7. Use https instead of http
With SSL connection, all the data/information being received/transmit from the user is encrypted. This is very important if you are getting credit card information or other sensitive data from the user. 

Short Tips :
Never trust the user. Always check and validate user input. Don’t rely on client side validation. Always do your final validation on the sever side. Don’t expose database variables. Encrypt sensitive information in your database.  Read more how to prevent SQL injection, Cross Site Forgery, and Cross Site Scripting.
Always be updated. Check this site (https://www.owasp.org/) to learn more about web application security. 

Eugene   May 22, 2017  207 views 
Read More

ARTICLE

WannaCry 2.0 or WannaDecrypt0r 2.0 ransomware is turning out to be one of the biggest security threats on windows pc today. It is malicious software that encrypts computer files (hard drive) preventing the users from accessing any files until they pay money via bitcoin. This particular program, called WannaCry, asks for about $300. The price increases over time and if you are still not going to pay until the deadline, your files will be completely locked out.

Here are some ways to prevent WannaCry ransomware from attacking your windows PC.

1. Update your windows PC regularly. 
The "WannaCry" ransomware appears to have used a flaw in Microsoft's software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. So always keep your PC updated.


2. Disable Server Message Block (SMB) on Windows Features
According to some security experts, you can prevent WannaCry ransomware attack by disabling a windows feature called SMB that has something to do with the sharing of files and printers with computers running older versions of Windows.

If the malware is already installed in your computer, you can check this guide to remove WannaCry ransomware.
 

2. Avoid Clicking on Links or Opening Attachments from unknown emails.
A simple link can bring you to websites that are full of malware. An attachment can contain bad macro scripts especially if you are opening an office application (word, excel, etc.).

 
3. Do not Download or Install Untrusted Windows Applications
Do not install cracked software. Always download the application from its official website. Do not install application that you just downloaded from somewhere else. 


4. Always Check the File Extension before You Click 
If you are going to open a file from your download folder, be sure that it does not end with “.exe” unless you are opening an application. If you are opening a picture, make sure it ends in “.jpg, .jpeg, .png, .gif”. A real file does not have“.exe” extension. 


5. Backup Your Files to External USB Storage
It is always better to have a backup. You should do it regularly especially if you are working on very important projects. 
 

For more information about Wannacry, check it here.
Don't forget to like and share :)

Eugene   May 15, 2017  193 views 
Read More

ARTICLE

This type of virus/malware is very frustrating especially if you have very important files on your flash drive. The best way to deal with this virus is not to click anything to stop it from spreading to your computer system. 
There are two methods that you can use to retrieve all your files from your USB device storage.
1. Use the Power of CMD 
You’re going to type some scripts to unhide all your files but it will not remove the virus/malware.

Open command prompt and type ATTRIB –h –r –s /s /d X:\*.* and then press enter.
Note: You have to replace X with the drive letter of your flash drive.
Ex: ATTRIB –h –r –s /s /d F:\*.*
This script will show everything on your flash drive and you will be able to open all your files.
If you don’t want to type it manually, you can download this script I made to automate everything. It will show all your hidden files and also it will delete the virus and remove those shortcuts to clean your flash drive.  


2. Use software
This is the best choice especially if your computer is already infected. It will remove the virus from your computer so it will not infect other flash drives. 
The best software to clean your computer and your flash drive is USB FIX.

You can download this software for free. It scans everything even your computer’s registry to remove that filthy virus. 
Tips:
To avoid infecting your PC, do not to open your portable devices or hard drive via autorun or from “my computer”. Open your Flash Drive and Hard Disk by right-clicking it, then click explore, or type its drive letter in the windows address bar to prevent any script from running.
 

Eugene   May 13, 2017  475 views 
Read More

ARTICLE

The Facebook was launched on February 4, 2004, by Mark Zuckerburg, and still today, Facebook is one of the most widely used online social media across the world. It is now a necessity among teenagers, and serve as a diary, album, portfolio for others.

If you want to change the theme and color of your Facebook, here are the simple steps.

First you need to go to your Google Chrome browser and go to options.

Second step, from the options choose "more tools" then go to "extensions", this is where we access the Chrome Webstore, if you know how to access Chrome Webstore you can skip this step and the third step.

Third step, inside the extension tab you need to scroll down to find the "get more extension" and click it. Google Chrome will redirect you to Google Webstore where you can download the extension you need to change your Facebook theme.

Now, when you are on the Chrome Webstore, type "stylish" on the search box and click enter.

When the results appear on the screen, select the "Stylish-Custom themes for any website".

If you want to check the product if it is safe from viruses you can read the overview and reviews about this product. If you're now satisfied you can click now the "Add to chrome" button and wait for the installation of your extension, it only takes 3 to 5 seconds.

After the installation, go to your Facebook account and click the small icon on the right corner, and select the "Style Library". Here you can select the themes you want for your Facebook.

If you find the theme you want just click the install style button to automatically apply your theme.

After applying your theme you can now enjoy the new look of your Facebook.

AJC   May 04, 2017  189 views 
Read More

ARTICLE

If you have an external hard drive that works properly with your laptop or pc before and then suddenly your pc did not recognized  it anymore for whatever reason, here is a fix for that.

To see if this fix is applicable to you, remove everything that is connected to your pc and then  go to “Control Panel\System and Security\System” and then click “Device Manager” and then click “Disk Drives”.

In my case, I have only one disk drive (ST9500325AS) and that’s the HDD of my laptop. Now, try to connect your external hard drive to see if it will appear on the list.

My external hard drive (WD My Passport07A8 USB Device) finally appeared after trying to connect it to all available USB ports of my laptop. After that, select the external hard drive then right click and select “uninstall”. 

After uninstalling your external drive, disconnect it from your pc, wait for a few minutes before connecting it again. This time, when you connect your external drive, your pc will install new driver and you should be able to access all your data from your external drive.
If it does not work, try to reboot your PC and repeat the process again.

 

Eugene   May 02, 2017  174 views 
Read More


Laughing at our mistakes can lengthen our own life. Laughing at someone else’s can shorten it.

-Cullen Hightower



 TRENDING NEWS
More News

 POPULAR ARTICLES
More Articles

 AWESOME REVIEWS
More Reviews

 COLLECTIONS
More Collections

 FOLLOW US ON FACEBOOK