Edit an incorrect Git Message

We make mistakes. One such mistake we usually do are git messages. There could be a number of things we did wrong.

  • We need it be in a certain format to talk to some API i.e. Pivotaltracker
  • You have a format that you use in your workplace
  • You simply wrote the wrong commit message for some reason

It is so much easier if your commit is still on your local machine

You should of course go to the folder root of your git repository

This is where I mistakenly added the commit message,

$ git commit -m "nothing important"
[staging 1e65441] nothing important
 1 file changed, 1 deletion(-)
Type git commit —amend and press Enter.
git --amend

This will open up vim or your preferred editor

nothing important

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# Date:      Fri Jul 1 17:55:42 2016 +0800
#
# On branch staging
# Your branch and 'origin/staging' have diverged,
# and have 2 and 15 different commits each, respectively.
#   (use "git pull" to merge the remote branch into yours)
Type in your preferred commit message, there is really nothing important and then save
[staging 41de22f] there is really nothing important
 Date: Fri Jul 1 17:55:42 2016 +0800
 1 file changed, 1 insertion(+), 1 deletion(-)

Your commit message has now been changed.

git log
commit 41de22f1af956be5e38c2ed377d26672ae0c7bb1
Author: meme <me@yme.com>
Date:   Fri Jul 1 17:55:42 2016 +0800

    there is really nothing important

Good luck!

Commit message


Changed commit message

 How to fix OpenSSL Padding Oracle vulnerability (CVE-2016-2107) on Ubuntu

OpenSSL Padding Oracle vulnerability (CVE-2016-2107) is a memory vulnerability that allows users to run malicious code. It is real simple to update Ubuntu to fix this issue.

Option 1

apt-get install --only-upgrade libssl1.0.0
root@localhost:~# apt-get install --only-upgrade libssl1.0.0
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libssl1.0.0 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

This will magically be fixed!

Option 2

You will just need to update your Ubuntu by way of

apt-get update -y
Ign http://mirrors.linode.com trusty InRelease
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]     
Get:2 http://mirrors.linode.com trusty-updates InRelease [65.9 kB]             
Get:3 http://mirrors.linode.com trusty-backports InRelease [65.9 kB]
...
Removing debian:spi-cacert-2008.pem
Removing debian:SG_TRUST_SERVICES_RACINE.pem
done.
done.

Check your website through SSL Labs and you will notice a nice A+ instead of an automatic F

Ssllabs cve 2016 2107


Ssllabs cve 2016 2107 fixed

 What is Hacktivism?

Hacktivism is a buzzword nowadays. Hacktivism has gained ground by being employed by hackers who disrupt use of services, website defacement all for the purpose of informing the wider public of their ideologies.

In the recent election in the Philippines, members of a group of hackers gained access of the voter’s database. This was to inform the public of the security risk of the public’s data. This has also gained interest into how election fraud could happen.

Samples of Hacktivism

  • website defacement – The website content has been replaced by messages, images or anything other than the expected content
  • denial-of-service attacks (DoS) – Service of a website cannot be used because all resources is being used up
  • redirects – Website is redirected to a different website
  • website parodies – A website may be created to mimic the original website
  • information theft – information by users are taken by hackers

 What is Website Defacement?

Hackers have been known to disrupt services, erase information and distribute information. Website defacement is another thing that some hackers do.

What is Website Defacement?

Website defacement is an unauthorised changing of content of a website. This may leave the website with a website full of pop-ups, javascript code or images. Most websites are left with messages from the hacker informing them of the reason behind the hack. Some website defacement may also be done by enthusiasts for fun.

Samples of website defacement hacks

How to prevent website defacement

A lot can be done to prevent or at least limit website defacement on your business and/or personal websites.

  • Update your website software regularly – If you are using a open-source software for your website, make sure that you update it regularly. Most open-source software releases security updates on a regular basis.
  • Secure your database from SQL Injection – Make sure that there are no vulnerabilities when accessing data. This is very common issue when developers don’t use proper ways of escaping SQL statements.
  • Check DNS Blacklist database for known IPs
  • Limit Error messages. Giving out too much information can be disastrous
  • Use SSL
  • Use both Server and client side validation on forms – Make sure that you also use server side validation. Having only client-side validation makes your website vulnerable specially when users turn off browser scripts.
  • Secure File and directory permissions – Make sure that files and directories that shouldn’t be updated do not have write permissions.

Hopefully, these will help you to protect your websites from website defacement.

Professional Services

Here are a few services from companies that I have researched to help you with prevention and detection