Suramya's Blog : Welcome to my crazy life…

December 17, 2004

New IE Cross-site scripting Vulnerability

Filed under: Computer Related — Suramya @ 4:17 PM

Just read about this on the Secunia.com website. This one is a real scary one.

A new cross site scripting Vulnerability was discovered in the DHTML Edit ActiveX control in Internet Explorer when handling the ‘execScript()’ function. This allows the attacker to inject arbitrary script code in a user’s browser session in context of an arbitrary site. The best part is that even the SSL certificates etc are passed so there’s absolutely no way to find out if the site is spoofed or not. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Check out a demo of the attack at: http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/. The link above is hosted by the group which published the vulnerability. You can read the original advisory here

The code to create your own spoofed sites can be gotten by viewing the source code for the above page. I copied it to my site and tested it and it actually works. Don’t try anything stupid with this code ’cause if you do you will be caught and then you can pass my regards to Bubba your new cell-mate.

Mozilla Firefox is not affected by this so stop using IE and enjoy the holiday shopping without worying about phishing attacks.

Enjoy.

December 16, 2004

Yahoo launches Beta Video search engine.

Filed under: Computer Related — Suramya @ 5:44 PM

Just days after AOL Released its media search engine (SingingFish.com) Yahoo has released a beta version of its video search engine. I tried it out and it actually seems to work pretty well. It has some problems finding stuff if the name is not spelled correctly but overall it works pretty nicely.

Yahoo is planning on using RSS to enable them to index the files. Its still in Beta so if you have problems/suggestions with it consider submitting a bug report.

Check it out at: http://video.search.yahoo.com/

– Suramya

December 14, 2004

Google to scan library books

Filed under: News/Articles — Suramya @ 6:56 PM

According to BetaNews Google has started a new project where it will scan an index millions of books from libraries around the country and add them to its catalog. This doesn’t mean that the books will be available for free though, the search results will only show the bibliographies and excerpts from copyrighted books while giving complete access to the books whose copyrights have expired.

This will make it easier for people to search for specific items by centerlizing the knowledge into a easily accessed repository. This comes to us after the Google Scholar which allowed us to search through scholarly literature.

I think that google is doing a good job and this is a really cool addition to its formidable collection of tools.

Original Story: BetaNews

December 1, 2004

Cool Search Engines

Filed under: Computer Related,Tech Related — Suramya @ 7:15 AM

Found two really cool search engines today. Each of them caters to a specific kind of search unlike Google which is a generic search engine.

Koders.com:
This cool website allows you to search through existing source code that solves many common development problems with our vast index of working source code from a variety of open source projects. In many cases you may find code that solves the exact problem you are working on, and in other cases, you can find an 80% solution – where existing code can be suited to your needs with minor modifications.

SingingFish.com:
Singingfish is the premier audio/video search engine. Unlike traditional search engines, Singingfish only indexes multimedia formats, including Windows Media, Real, QuickTime, and mp3s.

Hope you find these as usefull as I do.

– Suramya

November 12, 2004

Apply Current, Boost Brain Power

Filed under: News/Articles — Suramya @ 4:07 PM

According to the article below Sending a weak electrical impulse through the front of a person’s head can boost verbal skills by as much as 20 percent, according to a new study by the U.S. National Institute of Neurological Disorders and Stroke.

So, the next time I go for an exam I am taking a battery and wires with me. 🙂

Full Story: Here

November 5, 2004

Playboy has a mirror for CPAN

Filed under: Funny News,Tech Related — Suramya @ 5:56 AM

Ok this is something I really didn’t expect to find. Today when downloading perl modules from CPAN I noticed that the file I was downloading was being served on mirror.playboy.com. I took a screenshot of the window as proof

Playboy Mirror

November 4, 2004

After Flash mobbing comes mobile clubbing

Filed under: Funny News,News/Articles — Suramya @ 8:01 PM

First came Flash mobbing where a bunch of strangers would get together at a random spot and do something stupid and then leave. Now comes Mobile Clubbing where a group of people turnup at a pre-arranged public place on mass where they begin to dance to the sound of their own personal stereo.

The events are organised on the Internet, informally among groups of friends and the word passes via chat rooms and news forums.

I guess people just liek doing stuff together… I don’t think any have been organized in NY yet, but when they do I think I just might go check it out..

Full Story: Here

Mobile Clubbing Site: MobileClubbing

– Suramya

November 3, 2004

Its official: Programmers get wierd when bored

Filed under: Funny News — Suramya @ 7:23 PM

These programmers actually take the time to printout old source code and then bury it on a hill. They must have been seriously bored to think of something like this..

Story:
Programmers Hold Funerals for Old Code
Wed Nov 3, 7:29 AM ET

DAYTON, Ohio – Among the tiny graves on Blocker Hill, the wind echoes with the tortured cries of computer programmers. Beneath the eight grave markers, and perhaps in a rumored unmarked grave nearby, lie reams of paper printouts of code for software that has left this mortal operating system.

The cemetery is a quirky tradition among the programmers at LexisNexis, which provides online legal and business information. Rather than simply delete programs that are retired or replaced, they print them out for a proper send-off not always with fond regards.

Full Story: Here

Microsoft claims that Spoofing is not a security flaw

Filed under: Computer Related,My Thoughts — Suramya @ 6:51 PM

MS is claiming that the recent bug report in Bugtraq which explains in detail how to create a link which allows scamers to spoof a link so that it takes the user to a site different than the one shown in the taskbar is not a security flaw…

I mean come on, a flaw that allows hackers/crackers to fool people into going to a untrusted site when the browser is telling them thats is a trusted site is a serious security flaw in my books. Think about it, I can claim to be microsoft.com and tell people via email to download a new patch for their windows machines. Since the target is slightly computer savey they look at the link destination in the taskbar to confirm that its taking them to microsoft.com and then they happily download the ‘patch’ and proceed to install it thereby infecting their machine with my virus.

It does take some social eng but even the so called experts might fall for this one as who has the time to right click and verify each link before going to it? I don’t… but then again I use FireFox which doesn’t fall for this trick.. 🙂

MS seriously needs to think before making such statements…

Story URL: Here

– Suramya

October 7, 2004

Sleep in trains and get a $50 fine

Filed under: Funny News — Suramya @ 11:58 PM

This one is just corny. I mean how stupid can you get.

When a student fell asleep in a Chicago subway train, he did not realise his predicament would quickly become a cause celebre. He was given a $50 ticket ’cause he was sleeping dangerously in the train. Officials said Bhatia had “violated a CTA ordinance by obstructing the operation of a train”

Read the full Story Here

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress