Jeffrey Stone

In my current job, I had decided I needed some software to keep up with the day to day happenings of the IT Department. So I started looking at Helpdesk software. Off the shelf was good but I didn’t really find something that worked the way I wanted it to, and those that did were expensive. Why the company I work for will pay somewhere north of $1 million to have 5 day conference at the Broadmoor in Colorado for 600-700 of our employees complete with complimentary spa sessions and golf outings, but I can’t get money to buy IT equipment to improve our ability to do business, I will never know. But thats a topic for another time.Bottom line, there was nothing I wanted to use out there. So what does any one who enjoys coding do? I started building one. I took code from various other projects, copied, pasted, hacked, and my frankencode actually turned out half way decent. So I started thinking maybe I should turn this into an Open Source Project, perhaps find some like minded individuals and turn this into a awesome project. Well, after tinkering with the code in an effort to make it presentable, I started to realize how bad it really was. So as of last night, I threw it all out.The time required to clean it up would be more than the time to start over. So, I have rebuilt the database, and have started recoding the application one function at a time, from the ground up. This should yield code that follows more of a consistent format and the end product will be easier to maintain.Anyway, as soon as I have it stable in the new format, I plan on releasing it here. It will have a helpdesk module, as well has a project management module, asset tracking and so forth. Along with ldap support, with the ability to customize it to fit your small business or enterprise. The current rewrite is in PHP with a MySQL dayabase on the back end.I hope to have more in the coming days.

Yes, a story was recently published on digg that highlighted a current site deploying 1990 level security to protect their site.Federal Suppliers Guide, in a effort to solicit business happen to bring their site under scrutiny by someone with an eye for detail. What they found was Federal Suppliers Guide is using a simple javascript to “secure” their precious data. A script that that is so efficient, it contained the user name and password right in the source code. Amazingly when Federal Suppliers Guide found out someone had gained access to their site using the login credentials left in plain sight, they accused the person of “hacking their site”. In fact, under the microscope of hundreds of programmers, it became obvious the javascript was simply not needed. None of the pages “behind” the script were secured. Therefore, Google must have hacked their site as well.For a peak at what they were trying to protect, all you need to do is search Google for site:federalsuppliers.com federalsuppliers.com.This amazing story of Darwinian stupidity continues to gain attention via digg, and it is only a matter of time before Federal Suppliers Guide’s clients GSA find out about the level of security they provide and will most certainly pull their business.For the original story, be sure to visit http://thedailywtf.com/Articles/So-You-Hacked-Our-Site!.aspxAnd for blast to the past, visit Federal Suppliers Guide, click on agents in the menu bar and then view the source code. Even though Federal Suppliers Guide has removed the guide since they seem to be clueless on how to secure the site, you can still reminisce about how websites used javascript to secure their websites in 1990.Enjoy!