Hibernate: Avoiding a “fake” exception: javax.persistence.TransactionRequiredException: Executing an update/delete query

By | October 21, 2017
0 Comment

I encountered some weird issue caused by the way Hibernate works. The exception messages returned by Hibernate are confusing as they are just a side-effect of the real issue. The code in question was something like that: In a manager bean we have the following: @Stateless(name = “ObjectManagerBean”, mappedName = “ObjectManagerBean/remote”) public class ObjectManagerBean …… Read More »

Blog Links: Web site security

By | November 11, 2016
0 Comment

I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site. First we need a way to analyse how secure our… Read More »

Blog Links: Hacking MSSQL, a strong case for implementing PCI

By | February 8, 2017
1 Comment

A fabulous piece from Rick Osgood on Hacking Microsoft SQL Server Without a Password. Using a man in the middle attach and ARP spoofing with a combination of free tools like Wireshark, Ettercap filters is able to hijack the SQL connection and execute arbitrary queries instead of the real queries. He manages even to create… Read More »

Blog Links: Resources for old WRT routers

By | September 1, 2016
0 Comment

I own several old WRT routers and they still can be used for having fun. The following is a list of resources I frequently use. Must have reference to WRTRouters How to Recover from a bad flash The main resources site for Open WRT Hardware list for Linksys WRT54G, WRT54GL and WRT54GS An interesting forum… Read More »

DB2: Debug db2 SQL exceptions

By | March 8, 2017
0 Comment

Sometimes the db2 exceptions are cryptic or hidden by the application layer. In this case the only way to find the db2 SQL exception is to investigate in db2 logs. First check the log level setup in the Database Manager Configuration. Log in as the user under which db2 instance runs, in my case db2inst1.… Read More »

EdgeRouter: Force add the default routes to the load balanced WAN interfaces

By | August 26, 2016
0 Comment

An EdgeRouter firmware update from 1.8.5 to 1.9 broke my L2TP based VPN. After the update my l2tp connection to local subnets was no longer working. Note that I have a load balancing setup with eth0 and eth1 being the load balanced WAN interfaces. It seems that due to the changes done for the l2tp… Read More »

Data Center: Add EdgeRouter logs to Security Onion

By | November 10, 2016
0 Comment

After seting up Security Onion as my home data center IDS (see https://blog.voina.it/data-center-ids-solution-using-security-onion/) I started to integrate monitoring of other resources to it. The first idea was to add the monitoring of my EdgeMax routers. Security Onion has a syslog-ng service that is able to receive client syslog data. Then we can visualize this data… Read More »

Data Center: IDS solution using Security Onion

By | March 1, 2017
2 Comments

An enterprise environment has to be monitored for external threats. There are a lot of very expensive IDS (Intrusion Detection System) that do this for you but you can set up in a production environment a very good solution for zero cost. The strength of an IDS is given by the IDS threats database, a… Read More »

Linux: Search logs using bash tools

By | February 8, 2017
0 Comment

Sometimes we need to find specific things in application vast logs, sometimes 10 or 20 rotated logs each hundred of MBs each. For a quick search without using some specialized log viewer we can use the very powerful bash text processing commands. Problem: We have 10 log files each 100MB and we need to find… Read More »