- Posted by Stu on Sunday, May 10, 2009 4:40:17 PM (GMT Standard Time, UTC+00:00)
I’m always against companies data housing your information… I think your information should be kept to yourself and not be trusted with anyone else… but a recent XSS exploit found in Google just shows what can and will (Some day on a large scale – if it hasn’t already) happen….
read:
Universal XSS Vulnerability in all Google Services can compromise your personal information
May 8th, 2009
Vulnerability Reported: 04/18/2009 9.33 pm
Google’s Response: 04/18/2009 10.19 pm (Wow! that was super fast for Saturday :))
Vulnerability Fixed: 05/05/2009 7.05 pm
Change Propagated: 05/07/2009 3.19 pm
I recently reported a cross-scripting flaw to Google, which is now fixed. The vulnerability existed in Google’s Support Python Script where a malicious url is not sanitized for XSS character ‘ (single quote) before putting inside JavaScript variable logURL. As a result, it was possible to break the encapsulation of the var declaration and execute arbitrary JavaScript commands on the main Google.com domain.
The only limitation was the following characters were either filtered out or url encoded - ” (double quote) < > (space) { }. However, this protection could be easily circumvented. I was able to write JavaScript statements to steal the session cookies [since characters such as ' ; . ( ) / = + were still available] and send it to my evil website. See the example given below.
Your Google.com domain cookie is the central Single Sign-On cookie to all Google services. Once anyone gets it, he or she can use it to
1. Steal your emails.
2. Steal your contacts.
3. Steal your documents.
4. Steal your code.
5. Steal your sites.
6. Steal your website analytics.
7. Backdoor your iGoogle Homepage with malicious gadgets.
…. and there should be still some more things remaining that you can play with.
- Posted by Stu on Saturday, May 09, 2009 4:13:13 PM (GMT Standard Time, UTC+00:00)
I’ve been looking for an easy way to convert flv video files into another format, after an hour of searching the solutions I found were rather a pain (well I wanted to play an FLV file on my windows mobile phone)
After installing adobe flash lite player on my phone which had no luck playing the flv, TPCMP didn’t want to install on windows mobile 6, coreplayer which is its corporate successor didn’t play it either. The software that I came across for windows seemed overly complicated or looked like nasty spyware so as you do, ignore it for a rainy day.
Today I booted my laptop into Linux (kubuntu) by accident, ooo a new distribution release I see so I install… after installing I think ooo wonder if there’s a nice open source converter… sure enough.. it gives me back WinFF… AWESOME application! just give it the file, tell it the output format and away it goes… what’s an added bonus is as I'm typing this I'm downloading the Windows version!
As an additional note if you have a mutlicore system by default it only uses on core, in the application you can specify additional command line parameters, add –threads 2 (or however many cores you have)
- Posted by Stu on Friday, May 08, 2009 2:01:31 PM (GMT Standard Time, UTC+00:00)
finally the facebook application is out for windows mobile from microsoft!
Download here:
http://www.microsoft.com/windowsmobile/en-us/downloads/facebook.mspx
So I’ve tried it out, still not sure on which to use, either Microsoft Facebook app or Skybook. I do like skybook for that fact it’s made with people in mind who like to close applications… as with all MS apps for Win Mobile the application lurks in the background until you go into memory and close app or the running application needs more memory than is available and the OS starts closing apps. I don’t like – is it that hard to add a menu button to close the app?
On another note the MS facebook does have a better looking and workability UI than skybook but the same functionality is there. I think if skybook had a UI overhaul the added features of being able to exit the application, set cache size and location and setting automatic synchronisation with facebook would blow the fish out of the MS Facebook app :)
- Posted by Stu on Friday, May 08, 2009 1:32:29 AM (GMT Standard Time, UTC+00:00)
whey, been playing with Windows Live writer for the past hour, been updating a blog I've been running and the font was all to pot after copying it from VNC. So copied and pasted the plaintext without the HTML junk into Live writer, formatting it ever so slightly and publishing it again. I must say it works like a charm!
Now, for a slight rant on Visual Studio 2008… if I’m creating an <img tag in my page source.. and then type src= with the intention of using the select option box, why oh why doesn’t it give me a preview of images… would be such a useful feature :)
going to do some more blog posts with Live writer why… because it’s awesome! make me want to make a blog post just so I can use the software, I think this might actually be the best piece of software to come out of Redmond – it just works.
- Posted by Stu on Thursday, April 30, 2009 9:30:07 PM (GMT Standard Time, UTC+00:00)
Swine Flu Jokes – just used twitter search to find some jokes on swine flu.
“Been trying to ring the NHS hotline but all I get is crackling” shtev21
“Celebrity death from swineflu! Kermit the Frog – Reports are that he caught the illness from contact with a female coworker” ruthibelle
“Apparently my mate’s got Swine Flu, I think he’s just telling porkies, though.” andypike
“The only known cure for Swine Flu has been found to be the liberal application of oinkment” andypike
- Posted by Stu on Wednesday, April 29, 2009 9:54:43 PM (GMT Standard Time, UTC+00:00)
For the first time in a very long time I've used Windows Messenger, I've been using Skype for a while now, does the trick, no fuss, pretty low footprint.
So after taking ages to install Windows Live on my PC and being very surprised by the changes of the software in the years that I haven’t used it I then went to install it on my laptop :) with live photo gallery and live writer.
So this is a test really to see if Live Writer works out of the box with my blog :) weeeee
- Posted by Stu on Friday, February 13, 2009 5:25:41 PM (GMT Standard Time, UTC+00:00)
ok somehow a load of blog posts went walkies after I posted them. I thought it was because requests were coming from different web gardens which weren't in sync, obviously not. awww :(
- Posted by Stu on Saturday, January 31, 2009 3:24:55 PM (GMT Standard Time, UTC+00:00)
Haven't posted here for a while and making the last posts about google and the wikipedia internet issue made me realise how much i'm *starting* to get into this social media thing and the power that is behind it.
After I saw the problem with wikipedia and google, an immediate screenshot and post to friendfeed can send that message to LOADS of people, but for me, not many people are subscribed to me so that doesn't really apply. But using twitter search you can see how word of mouth spreads so so so quickly! Or is it that Google is considered the internet for some.
Looks like google's fixed now, damn, was hoping for riots outside their head office.
oooo and I joined seesmic and posted my first video, I need to reply actually, some people said hi, and add it to my networks on this site.
- Posted by Stu on Tuesday, November 04, 2008 3:06:52 AM (GMT Standard Time, UTC+00:00)
Just got back from Orlando, didn't hire a car in the end and stayed on international drive in the quality inn plaza. Getting to disney from international drive on the lynx bus or i-ride is quite easy once you get the grasp of the transport system.
From international drive a BIG tip. Sack the i-ride. The i-ride is overcrowded and damn unreliable! (my experience on a number of occasions anyhow)
The lynx busses on the other hand are big, spacious, cool and you usually get a seat!
ok to get to disney from international drive, get the number 8 bus south to sea world, there are lynx signs at the stops which tell you which busses stop there. From sea world you get the number 50 bus to disney. Depending on where you go within disney depends on which is the best place to stop. If you are going to epcot or magic kingdom, stay on the lynx until it gets to the disney ticket and information center, then you can get the disney monorail to epcot or magic kingdom (dont need your disney tickets to use disney transport). If you are going to another park you can either get off at downtown disney and get the disney bus, or you can get off at the ticket and information center and get the bus that way.
THe lynx bus was $1.75 and when you get on ask for a transfer, the driver will then give you a transfer ticket which you use to get on another lynx bus within 90 minutes. Works out cheaper getting the lynx than the i-ride and lynx as the i-ride doesn't go directly to disney.
Sounds confusing but it really is easy. When you get onto the lynx bus there are timetable sheets for a number of bus numbers, grab some and you can arrange your trip to minute accuracy which makes it even more of a breeze!
have fun
- Posted by Stu on Tuesday, November 04, 2008 3:00:06 AM (GMT Standard Time, UTC+00:00)
ok so for a project i'm doing I want the application to execute after the installation. Easier said than done with the visual studio installer project creator / manager / thing.
If you right click the install project, select view > custom actions.
Under install add your program executable. Change installerClass to false.
Install ORCA (an MSI file editor)
Go to the Custom Actions table (on the left) and find the custom action in the list. Change the type value to 1476.
Save.
Now when the installation runs it should execute the program asynchronously. So the installer progress bar will hinder you no more :)
If anyone knows how to get the Uninstall custom action to execute an exe on uninstall drop a comment, that one's annoying me, it seems to not want to execute.