Systems 2007 in Munich

I'm back from vacation! I was able to have some wonderful days with my wife in the Bavarian Alps. It's a gorgeous area and we had a wonderful time. Even the weather was great! If you ever happen to be in southern Bavaria, make sure to eat at the "Goldener Bär" in Berchtesgaden!
I'm not back home yet, though: I'm attending the Systems 2007 trade fair in Munich. I'm part of the Thomas-Krenn.AG booth to promote their plans to offer web application security services. I will be here until Friday, possibly only Thursday.
I will be back in Bavaria in two weeks, though, to give a talk about web application security at the Thomas-Krenn.AG headquarters on November 14th.

More Apple Security Credit for Cross-Site Scripting

I've emailed the Apple security guys a while ago about a couple of XSS security holes on their websites. I almost forgot about it because I didn't get a message that said "Ok, it's fixed". Well, I just went to the Apple Web Server notifications page and what do you know? Two new entries thanking me for telling them about the XSS holes. Nice, so my count is up to 4 now on that page. Here's what they say:

2007-09-26 education.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting the issue.

2007-09-26 edcommunity.apple.com

Two individual cross-site scripting issues were addressed. We would like to acknowledge Johannes Fahrenkrug of Springenwerk Consulting for reporting these issues.

Subversion Server auf Server4You VServer einrichten

Ich brauche einen Subversion Server, den ich von ueberall erreichen kann. Deshalb habe ich mir bei Server4You einen VServer einrichten lassen. Man kann dort kostenlos einen VServer fuer 4 Tage testen!
Leider bieten sie noch nicht Debian Etch an, aber das ist nicht so schlimm. Also:

1. Im Powerpanel rausfinden, was das root Passwort ist
2. Mit SSH einloggen
3. In die Datei /etc/apt/sources.list diese Zeile einfuegen: deb http://www.backports.org/debian/ sarge-backports main contrib non-free
4. apt-get update ausfuehren
5. apt-get -t sarge-backports install subversion ausfuehren
6. Mit svnadmin create /pfad/zum/repository (z.B. svnadmin create /opt/svnrep) ein Repository anlegen
7. Am besten mit useradd einen neuen User anlegen
8. Die Permissions des Repositories so setzen, dass der neue User dort schreiben darf
9. Fertig. Jetzt kann man mit svn mkdir svn+ssh://user@host/pfad/zum/repository/NEUES_DIR zum Beispiel ein neues Verzeichnis im Repository anlegen
10. Damit man nicht staendig sein Passwort eingeben muss, sollte man mal einen Blick auf ssh-agent werfen.

Mehr Infos gibt es im SVN Book.