Cross site scripting explained

In many security job interviews, the interviewer will ask about cross-site scripting, also known as XSS. Most descriptions of it are overly complex, however. The best description of it that I’ve ever heard is just five words long: Code execution in the browser. That’s cross site scripting explained as succinctly as possible.

That succinctly sums up the problem: You don’t want someone to be able to inject their code into your site.

Read more

A reasonably cheap fix for a Samsung LN-S2338W LCD TV

Last year I got a Samsung LN-S2338W 23″ LCD TV at an insanely low price. The catch was that it didn’t behave very well–the buttons didn’t always work, and the TV liked to turn itself off randomly, or sometimes it even turned itself on.

It wasn’t haunted–it needed a power supply. Samsung TVs of this era had a recall due to defective capacitors in their power supplies, but either this one never got fixed, or wasn’t fixed completely. But it’s not too difficult to fix it yourself.

Read more

Fixing white screens in WordPress

I got the white screen of death last week, but it was odd—it only happened if I tried to edit posts that were in draft or scheduled status. Already-published content would edit fine. Here’s my experience fixing white screens in WordPress.

Clearing my cache helped temporarily, but the problem would come back as soon as I saved a post. I ended up doing two other things as well, and then the problem went away. I emptied my spam, which also greatly sped up the site, and I also deleted a mobile plugin that I was no longer using but was disabled. Disabled plugins can still affect behavior sometimes. Read more

All-in-One WP Security and Firewall plugin can be spectacular, but be careful

Over the weekend I installed the All-in-One WP Security and Firewall plugin to fix another issue–more on that tomorrow–and I ended up breaking my site. Hopefully I fixed it to a better state than it started in.

The lesson, as with many security tools, is to proceed with caution.

Read more

Don’t use lamp oil as smoke fluid in Lionel trains

Don’t use lamp oil as smoke fluid in Lionel trains

Every so often, the topic of lamp oil as a cheap substitute for smoke fluid in Lionel and Marx trains comes up.

The topic has been beaten to death on many closed message groups, but finding the answer isn’t always that easy. But, in short, it’s not a safe thing to do.

Read more

Browser extensions are the new adware, and sometimes comes with surprises

I sometimes show my age by making jokes about Bonsai Buddy and Gator and Hotbar, but ads injected in browsers are a problem that’s coming back. And sometimes these ads come with malicious payloads, installing unwelcome software on your computer to maintain persistence.

Problems like this are the reason I tend not to load my browsers down with lots of extensions. Sometimes the functionality is cool, but I’ve always found ways to get what I need done with a stock browser, and then I have a better idea of what I’ve gotten myself into. I’m beholden enough to the agendas of Microsoft, Mozilla, or Google as it is; I don’t need third parties injecting their agendas into the mix, especially when they may be malicious.

And besides that, a lot of extensions tend to be very memory- or CPU-hungry. I have enough memory on most of my machines that I can dedicate 2 GB of RAM to a web browser, but I’m not sure why I should have to.

The fewer extensions you load onto your web browsers, the safer you’ll be, and in the long term, I’d wager the happier you’ll be as well.

How hard-coding your DNS can improve your security

I’ve long recommended hard-coding your DNS settings as a performance and reliability enhancement–here’s my guide for that–but it turns out it can be a security enhancement too.

Botnets targetting routers aren’t new at all, but there’s a particularly nasty one named Moose running around right now. Among other things, it changes routers’ DNS settings to point to rogue DNS servers that allow the attackers to steal your social media credentials, furthering the bot. Read more

How to disassemble a Nook Simple Touch to remove or replace a battery

If your Nook Simple Touch won’t power on, or is displaying a question mark (?) on its battery indicator, I have a four things to try. But before you go to the trouble of disassembly, try charging the device with a different charger. Some chargers fit more tightly than others, and as devices like these age, they can get picky about their chargers.

If a charger change doesn’t give you an easy fix, the next step is to disassemble it, unplug the battery, wait a good 30 seconds, then plug it back in and reassemble.

You’ll need a very small slotted screwdriver or another sharp and semi-flat object, and a T5 Torx screwdriver.

Read more

SSDs, factory resets, and why you probably need encryption

After the story came out about factory resets not adequately clearing flash memory in phones and tablets, one of my college buddies asked me if a similar problem exists in SSDs.

Depending on the SSD, it definitely can.

Read more

What to do when your router isn’t in the DD-WRT router database

If you have a router and want to run DD-WRT on it, but can’t find the router in the router database, you may have learned the hard way that the router database is a couple of years out of date.

But not all hope is lost. Here’s how to find a build, if one exists.

Read more