The Little Geeni

Hi,

After a long time i am posting my experience. This post describes the ways to implement multiple themes/skin in symfony application.I found many posts in symfony forum regarding themes and somebody suggested to use this plugin ysfDimensionsPlugin . This is really a great plugin and thanks to Yahoo for providing such a great plugin.There is no automatic installation for this plugin as it replaces 2 symfony core files. To install this plugin first you need to get the Tar file then extract it to your symfony application’s plugin directory.

Now take a back up of the files 2files by running these command. (path is specific to my system)

 

• cp /usr/local/lib/php/symfony/config/sfLoader.class.php /usr/local/lib/php/symfony/config/sfLoader.class.php.original

• cp /usr/local/lib/php/data/symfony/config/constants.php /usr/local/lib/php/data/symfony/config/constants.php.original

Now go to your application plugin directory

• cd /path/to/your/symfony/application/plugin/directory
• cp lib/config/sfLoader.class.php /usr/local/lib/php/symfony/config/sfLoader.class.php
• cp config/constants.php /usr/local/lib/php/data/symfony/config/constants.php

Aftre this you need to add the following code to symfony project’s config.php

$culture = if(!empty($_REQUEST['culture'])) ? $_REQUEST['culture'] : 'en';

$theme = if(!empty($_REQUEST['theme'])) ? $_REQUEST['theme'] : 'classic';// define dimensions

$dimension = array('culture' => $culture, 'theme' => $theme);

// no autoloading available this early in bootstrap, so require absolutely

require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'ysfDimensionsPlugin'.DIRECTORY_SEPARATOR.'lib'.DIRECTORY_SEPARATOR.'config'.DIRECTORY_SEPARATOR.'sfDimensions.class.php');

// set dimensions

sfDimensions::setDimension($dimension);

Now create a dimentions.yml in the project config. this will list all the possible themes you will have for an application

dimensions:
  culture: 		  [en, fr, it, de]
  theme: 		  [classic, corporate]

Now you are ready to play with this plugin.

How it works: This plugin takes the advantage of symfony configuration features and allows you to configure three parts of application (configuration, templates, actions) . Now i will tell you how to configure the configuration part and template part for different themes.

For example you have 3 themes ( 3 different layout.php files) for your application. place those files in the following way.

1. apps/frontend/templates/theme1/layout.php
2. apps/frontend/templates/theme2/layout.php
3. apps/frontend/templates/theme3/layout.php

As every theme has its own css/js files you need to tell the application which one to pick in the following way.

• apps/frontend/config/theme1/view.yml
• apps/frontend/config/theme2/view.yml
• apps/frontend/config/theme3/view.yml

Now you have defined a seperate view.yml for each theme. Now you are done with multiple themes for single application. now clear your cache and test the output by passing a theme parameter in query string

• http://localhost/frontend_dev.php/?theme=theme1
• http://localhost/frontend_dev.php/?theme=theme2
• http://localhost/frontend_dev.php/?theme=theme3

That’s it… you got it…
This post only gives a brief info to start with this plugin. There are lots of customization you can to using this plugin. for example you can have culture based themes as well. Please check the plugin trac to know more about the plugin.

–

Asif

plugins, symfony, themes

The term ‘Virus’ has not just created havoc in life of living beings but also in the world of computers. Though the two kinds of viruses are completely different from each other yet both can prove extremely fatal.

Virus in computers can be defined as a program or a piece of code that is loaded onto your computer without your knowing it and it runs against your wishes. The computer viruses are manmade and can easily replicate themselves. A simple virus can duplicate itself time and again and it is quite easy to produce. Even a simple virus can swallow the entire memory of your system and stop it’s working while a slightly more dangerous or strong virus can transmit it across networks and bypass the security systems. Viruses can be transmitted as attachments to an e-mail note or in a download file, or be present on a diskette or CD. Some viruses cast their effect as soon as their code is executed; other viruses lie inactive until circumstances cause their code to be executed by the computer.

But gone are the days when viruses and diseases caused by them were left untreated. Just as people have developed cures to protect themselves, they have also invented something to safeguard their computer against the devastating threat of virus. The device that is meant to detect virus is called anti-virus.

An anti-virus program can be defined as a utility that searches a hard disk for any known or potential viruses and eliminates any that are found. Anti-virus software comprises of computer programs that attempt to identify, obstruct and eradicate computer viruses and other harmful software.

Every anti-virus software functions according to two techniques with a special focus on the first one –

(1) Examining i.e. scanning files to check familiar viruses that match the definitions in a virus dictionary.

(2) Identifying any malfunctioning software that indicates infection. Such analysis includes data captures, port monitoring and other methods.

While examining any file, the anti-virus software refers to a dictionary of known viruses that are already identified by the authors of the anti-virus software. The moment the code of a virus matches with the virus detected in the dictionary, the anti-virus software at first tries to repair the software by removing the virus itself from the file. If the virus is not removed at this stage then the software quarantines the file in a way that file remains inaccessible to other programs and the virus ceases to harm the system any more. Finally if the virus still continues to exist, the software deletes the infected file.

In order to function correctly and in a right manner the virus dictionary approach needs regular updates that involves downloads of updated virus dictionary entries. The anti-virus software that works in accordance to a dictionary typically scrutinizes files and spontaneously detects a virus when the operating system of the computer creates, opens, and closes or e-mails them. However a System Administrator can program the anti-virus software to examine or scan all the files on the user’s hard disk on a routine basis.

Computer Security Guide, journal, Network, Security

Rest Assured with Gladiator’s Dedicated 24x7x365 Managed Security Services

September 16, 2008 10:00 AM – 11:00 AM CDT

Today’s information security landscape is ever-changing in an attempt to keep up with new regulatory guidelines and rapidly changing technologies. And as today’s systems become more complex and your institution becomes more reliant on the Internet to conduct business, your need for enterprise information security knowledge and expertise grows. Because of this trend, and due to ever-changing regulatory pressures, financial institutions are finding it more cost-effective to outsource security monitoring responsibilities. You need a technology partner you can rely on…you need Gladiator’s Dedicated 24x7x365 Managed Security Services by your side.

At Gladiator Technology, we understand that information security is a process, not simply a product. Let us show you why. 

Join us for a FREE 1-hour webinar to discover how Gladiator can help you meet your institution’s security objectives. Learn about our unique 24x7x365 multi-layered security solution that far surpasses other companies’ more generic security approaches. With Gladiator by your side as your Managed Security Services Provider (MSSP), you can rest assured that your reputation is protected along with your non-public confidential information.

Topics highlighted during this webinar include:

• Gladiator’s 24x7x365 multi-layered security solution vs. more generic products
• Our dedication to the financial services industry
• A Tour of our state-of-the-Art Security Operations Centers
• Best practices and tips for managing your enterprise information security
• Gladiator’s “best of breed solutions” complement any core processing platform
• Our expertise regarding regulatory requirements and processes
• Moderated discussion: your chance to ask our experts about your specific concerns

Our Gladiator Experts include:

Matt Riley, CIO - Matt manages enterprise security for Gladiator, oversees strategic direction for new product and service offerings, and cultivates strong relationships with clients and strategic partners. With more than 9 years of experience in the financial services and information security industries, Matt is adept at providing professional security advice to clients regarding appropriate security practices and regulatory requirements. He is a regarded authority in his field, and is respected as an educator who speaks on topics covering information security, incident response and host intrusion prevention.

Mike Bell, National Sales Manager and Co-Founder – In his key role, Mike cultivates new business relationships with community banks and credit unions nation-wide. With over 19 years of business experience in the financial services industry, Mike’s extensive market knowledge and leadership skills have helped position Gladiator Technology as an industry leader. One of the co-founders of the company, Mike has successfully leveraged his extensive financial industry background to build a nationwide client base for the company.

Sign up Now!

 

Computer Security Bank, Free, Managed, Network, Security, Webinar

It’s true. Security has been the last piece of the puzzle. When it comes to innovation, we think of What’s Possible rather than What’s the Problem. And that’s the way it should be. Otherwise innovation would be dead. But then, a larger headache awaits all of us later in the day. It was the case with the birth of the Internet. It has pretty much been the case with social networking. And it is the case with e-governance initiatives too. Interaction with the defence and government IT personnel brought this out clearly. For long, what can go wrong with respect to security has remained the missing piece in the puzzle. That has been the consensus at Tech Sabha. But the significant thing is that, apart from an interest in data centers, government IT professionals have their focus clearly on threats that can derail or slow the e-governance process and the best plans for security deployment. With the rising incidents of information leakage, particularly of individual users, involving healthcare, card holder information and more, one does think of the significant amount of user information held by the government, involving, Income Tax, land holdings, passport office and more. Needless to say, protecting the information and user is extremely important bringing in not just security at the perimeter and for information in transit, but also access control to the stored information and clear audit guidelines.

 

It’s true. Security has been the last piece of the puzzle. When it comes to innovation, we think of What’s Possible rather than What’s the Problem. And that’s the way it should be. Otherwise innovation would be dead. But then, a larger headache awaits all of us later in the day. It was the case with the birth of the Internet. It has pretty much been the case with social networking. And it is the case with e-governance initiatives too. Interaction with the defence and government IT personnel brought this out clearly. For long, what can go wrong with respect to security has remained the missing piece in the puzzle. That has been the consensus at Tech Sabha. But the significant thing is that, apart from an interest in data centers, government IT professionals have their focus clearly on threats that can derail or slow the e-governance process and the best plans for security deployment. With the rising incidents of information leakage, particularly of individual users, involving healthcare, card holder information and more, one does think of the significant amount of user information held by the government, involving, Income Tax, land holdings, passport office and more. Needless to say, protecting the information and user is extremely important bringing in not just security at the perimeter and for information in transit, but also access control to the stored information and clear audit guidelines.

 

Computer Security Appliance, Network, Security

Contents:

 •1       Introduction

•1.1  Abstract

•1.2  Background

  

  

•2       The Tactical Approach

•2.1  Vulnerabilities

•2.2  Methodology and Competition

    

•3       Information Discovery

•3.1  Personnel Discovery

•3.1.1        Search Engines

•3.1.2        Paterva’s Evolution

  

•3.2  Network Discovery

•3.2.1        Discovery Services

•3.2.2        Bounce Messages

•3.2.3        Virtual Hosting

•3.2.4        Outbound DNS

•3.2.5        Direct Contact

  

•3.3  Firewalls and IPS

•3.3.1        Firewall Identification

•3.3.2         IPS Identification

  

•3.4  Application Discovery

  

•3.4.1        Slow and Steady wins the Deface

•3.4.2        Finding Web Apps with W3AF

•3.4.3        Metasploit 3 Discovery Modules

 

•3.5  Client Application Discovery

  

•3.5.1        Browser Finger Printing

•3.5.2        Mail Client Finger Printing

  

•3.6  Process Discovery

  

•3.6.1        Trace Monitoring with IP  IDs

•3.6.2        Usages Monitoring with MS FTP

•3.6.3        Web Site Monitoring with HTTP

  

•4       Information Exploitation

  

•4.1  Introduction

  

•4.2  External Networks

  

•4.2.1        Attacking File Transfers

•4.2.2        Attacking Mail Services

•4.2.3        Attacking Web Servers

•4.2.4        Attacking DNS Servers

•4.2.5        Attacking Database Servers

•4.2.6        Authentication Relays

•4.2.7        Free Hardware

  

  

•4.3  Internal Networks

  

•4.3.1        Net BIOS Names

•4.3.2        DNS Servers

•4.3.3        WINS Servers

•4.3.4        Authentication Relays

  

•4.4  Trust Relationship

  

•4.4.1        NFS Home Directories

•4.4.2        Hijacking SSH

•4.4.3        Hijacking Kerberos

  

  

•5       Bibliography

  

  —————————————————————————————————————————-

  Introduction

 

•1.1            Abstract

Penetration testing often focuses on individual vulnerabilities and

 services. This paper introduces a tactical approach that does not

rely on exploiting known vulnerabilities. Using combination of

new to OLS and obscure techniques, we will walk through the

process of compromising an organization without the use of

Normal exploits code. Many of the to OLS will be made available

as new modules for the Meta spoilt Framework.

 

•1.2            Background

 I have been involved in security auditing and penetration testing for the one years. A common trend among security  is the use of the shelf software to automate the penetration test process. Tools like Nessus, Retina, and Core Impact have replaced manual audits and checklists at Many Organizations. While these to also do a great job of reducing the time and knowledge requirements of the penetration tester, their use can lead to a certain laziness among the security . Many valuable compromise vectors can be missed because they are not part of the banned pro duct. This paper is intended to shine some light on the more obscure and less-used techniques that the authors have depended on many years.

The exploit techniques listed in this paper depend solely on the configuration of  the target and the features of the target platform. No body will be dropped in in the normal sense, but many tips , tricks and interesting attacks will be cover .

  The Tactical Approach

 2.1 Vulnerabilities

 Vulnerabilities are transient. What is found one day may be patched on the next Security software and operating system improvements can make even simple vulnerabilities unusable for a penetration test Instead of treating a network like a list of vulnerabilities, an auditor should consider the applications,

The people, the processes, and the trusts. The key to gaining access is to use what is available to bring you closer to the next goal. Using this approach, even a fully-patched network will provide exploitable targets. Hacking is not about exploits. As many professional auditors know, only one or two real exploits may be used during the a penetration test. The rest of the time

Are spent obtaining passwords, abusing trust relationships, tricking authentication systems, and hijacking services to gain access to more systems A successful attack has everything to do with gaining access and control of data.

 •2.2            Methodology and Competition

  Any security test is a race against time. An auditor faces

competition from real attackers, internal and external, that are not

bound by the same scope and restrictions as themselves. For

example, as a business practice, a security test must not interfere

with production services or modify critical data. Attackers

are opportunists. Whether a server is hosted locally or on a third-

party is not a concern. Their only concern is gaining access to the

data and controls they seek. Anything the auditor does not test, he

must assume someone else will. In this case I want use software

 Testing known as well as the research news in the websites,

magazines, Books which is I mentioned in bibliography.

 

Computer Security Exploitation, Network, Security, Systems, Tactical