sjon.blog

Zend almost convinced me that their Safeguard Suite really secured your PHP scripts. Ofcourse I know that scripts need to be interpreted and executed and are therefore never 100% safe; but I expected some form of obfuscation and rewriting to prevent this. This doesn’t seem to be the case though. I have had a look at PHP Obfuscator/Obscurer; but a good illustration of the quality of that script can be illustrated with following if-statement (line 406):

if($FunctieNaam == 'doLoad') $FunctieNaam = 'doLoad';

Also, obfuscating React took me almost an hour; which isn’t that strange when you have had a look at the sourcecode. Maybe a better example of how to obfuscate properly will be posted on this blog.

iStockPhoto is a great website linking amature photographers and designers to people interested in their material. However, some people don’t realize what it means to sell the rights of your work for 30 cents. The Dutch newspaper ‘De Volkskrant’ found iStockPhoto very interesting as well; they used an iStockPhoto they bought for their campaign. However, the photographer seems to never have realised what it actually means to sell the rights of your work. When you release anything; make sure you read the license you are agreeing to!

The Dutch division of eBay really tries to protect its bidders email address. Check this out; first; the terms of use tell you that email addresses are protected using forwarders (for example, ‘name.pq7ft5v3uptfbm1ib5osoqa04ic1@zend.nu’) to prevent spam. Then, if you (as a seller) want to email a bidder, you get a very long (’protective’ I guess) URL (368 characters in my case) which, indeed, doesn’t show the bidders email-address; but only the forwarding address. Now, check out this screenshot of the very first screen you see as a seller, selling your article (click to enlarge):

Isn’t this a great example of a tiny hole, which would be easy to fix, but which currently completely destroys all the other work you have done on your so-called security?

If you ever considered taking over the world internet; now is the time to buy some Google stock. Of course, you know Google tracks and stores the following:

• Internet searches
• Local computer searches
• Email
• News interests
• Location
• Blogging interests
• What you write

A few weeks ago they made sure they could track you once you left Google as well. Now, just to make extra sure, they launch a new Firefox extensions. I assume this extension will verify every URL you visit with Google so they can ‘check if it is safe’. Combining this with the above things I just hope Google has a good security set up.