tungwaiyip.info

home

about me

links

my software

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

Sobig Revealed

This August has seen two massive virus attack, with the MSBlaster followed by Sobig. Sobig is believed to have a motive other than causing damages. It creates a large number of compromised computers, which is ideal resources for email spammers to relay spams. LURHQ has analysed the virus in a series of articles, from the first Sobig.a to Sobig.e to the now well known Sobig.f. It describe how Sobig transforms itself from an email attachment to a trojan proxy server using a sophisticated multi-staged technique to elude effort to block it. Evidently spammers is associated with high-tech crime network profiting from computer vulnerability.

2003.08.29 [] - comments

 

past articles »

  

Kontagent

Kontagent is hiring software engineers

BBC News

 

West deplores UN Syria vote veto (05 Feb 2012)

 

Mitt Romney wins Nevada caucuses (05 Feb 2012)

 

Transport hit as snow sweeps in (05 Feb 2012)

 

Fidel Castro launches his memoirs (04 Feb 2012)

 

Thousands in rival Moscow marches (04 Feb 2012)

 

Europe 'at risk of early grave' (04 Feb 2012)

 

William starts Falklands duties (04 Feb 2012)

 

ANC youth leader appeal dismissed (04 Feb 2012)

 

Afghan civilian death toll rises (04 Feb 2012)

 

VIDEO: BBC team smuggled into Homs (04 Feb 2012)

more »

 

Slashdot News for nerds, stuff that matters

 

New Hampshire Passes 'Open Source Bill' (2012-02-05T01:25:00+00:00)

 

Text Message Brands Quebec Man a Terror Suspect (2012-02-05T00:21:00+00:00)

 

Apple Overturns Motorola's German iPad and iPhone Sales Bans (2012-02-04T23:10:00+00:00)

 

LibreOffice Developer Community Increasingly Robust (2012-02-04T22:09:00+00:00)

 

Canada's Massive Public Traffic Surveillance System (2012-02-04T21:01:00+00:00)

 

German Government Endorses Chrome As Most Secure Browser (2012-02-04T19:54:00+00:00)

 

Milky Way Magnetic Fields Charted (2012-02-04T18:50:00+00:00)

 

New Book Helps You Start Contributing To Open Source (2012-02-04T17:45:00+00:00)

more »

 

TechPsychic Tech Rumors and Invented News

 

TechPsychic: AT&T: more money, says it's disruptive in funding from. (08 May 2010)

 

TechPsychic: I know that Apple is close to Apple Dominates, Hires ex-Googler - Yes, Android phones. (08 May 2010)

 

TechPsychic: AT&T says: Facebook Connect. (08 May 2010)

 

TechPsychic: Google's Nexus One of Google Chrome Release Adds Support subscriptions accounted for Amazon: Apple. (08 May 2010)

 

TechPsychic: Another stat: Twitter's Design of this is giving rise of BlackBerry Foursquare Map App store end. (07 May 2010)

 

TechPsychic: Like educational sales Up around Apple iPad makes money Plan costs half an Apple. (07 May 2010)

 

TechPsychic: Instead added extensions, social Networks than double, everyone jumps in Silicon Valley? (07 May 2010)

 

TechPsychic: So why iTunes App lets Social Networks Verizon Wireless Internet. (07 May 2010)

more »

 

SF Gate

 

University High's Reynolds inspires NY Giants (2012-02-04T22:16:03PST)

 

New Mid-Market businesses boost foot traffic (2012-02-04T22:16:03PST)

 

GOP candidates shy away from Nevada housing crisis (2012-02-04T22:16:03PST)

 

Nevada GOP caucuses include unusual rules (2012-02-04T22:16:03PST)

 

Rwandan teen to return home with new smile (2012-02-04T22:16:03PST)

 

Presented By: (04 Feb 2012)

 

Protests spur park service to rethink dog policies (2012-02-04T22:16:03PST)

 

10 Super Bowl storylines (2012-02-04T22:16:03PST)

 

Jobs report lifts Dow to highest mark since '08 (2012-02-04T22:02:20PST)

 

Hiring surges in January; jobless rate at 8.3 pct. (2012-02-04T22:02:20PST)

 

Presented By: (03 Feb 2012)

 

US service industry growth surges in January (2012-02-04T22:02:20PST)

 

S.F.'s Metreon ready for its 2nd act (2012-02-04T22:02:20PST)

 

SF Bay Area restaurants rebound along with economy (2012-02-04T22:02:20PST)

more »

 

Asia Times Online

 

AN ASIA TIMES ONLINE EXCLUSIVE : Taliban eat into Afghanistan's core (3 Feb 2012)

 

Rants and raves for new US pullout plan (3 Feb 2012)

 

THE ROVING EYE : Exposed: The Arab agenda in Syria (3 Feb 2012)

 

Question time for North Korea (3 Feb 2012)

 

From sex to shame, a guru's legacy (3 Feb 2012)

 

Hidden hand, clean hand in Russian politics (3 Feb 2012)

 

Nightmare at Narita (3 Feb 2012)

 

BOOK REVIEW : LeT: Terror incorporated (3 Feb 2012)

 

SPEAKING FREELY : Lest we forget in Myanmar (3 Feb 2012)

 

bn shale-gas deal sweetens Beijing trip by Canada's Harper (3 Feb 2012)

 

Factory owners mourn Mazar-e-Sharif clean-up (3 Feb 2012)

 

IT WORLD : Facebook heads for IPO (3 Feb 2012)

more »

 

Site feed Updated: 2012-Feb-05 00:00