I recently installed new firefox version on my ubuntu and was trying to find some text on a webpage. Suddenly, as I pressed next to search it, the searchbox turns red showing Phrase not found and started making beep noise. I was annoyed, So was thinking of way to disable / turn it off. To look for some preference to set, I typed about:config (special firefox about: pages) in location bar and searched for sound. I was lucky i found two related preferences.
So you can set accessibility.typeaheadfind.enablesound Value to false by double clicking it. And you are done. No more beep beep to annoy you.
With Firefox 3, you can use firefox browser to view contents of zip/jar files.
For viewing contents of filename.zip type following at location bar:
jar:file://< full path to filename.zip >!/
This is specially very useful when you want to see contents (.js, .css, .html files) included in firefox extension’s jar file. After it list the contents, you can easily browse through the directory, sorting files etc.
Update: Security problems that come with jar: protocol
While serching for pages related to jar protocol in firefox, I found an interesting article at www.gnucitizen.org
In simple terms, it means that any application which allows upload of JAR/ZIP files is potentially vulnerable to a persistent Cross-site Scripting. Potential targets for this attack include applications such as web mail clients, collaboration systems, document sharing systems, almost everything that smells like Web2.0, etc, etc, etc.
Similar security concerns also arise in data: protocol in firefox. So one need to be careful to filter files you want to allow for upload. Actually, once I had similar situation with a website which allowed you to host image files, but the problem was they were not checking for file types. Thats means you are allowed to upload a php file too. So now you can do anything you want with that server (don’t ask me what I did ). So beware of such issues.
Two days back, my shoutbox was hacked . I was not aware that people are actually visiting this, which I made long back to have similar thing for Ethos in june, 2005. After that i haven’t updated the code and many things were left in between.
Luckily I checked the page just after the day this happened, So that way i actually got chance to update this orphaned code and made some fixes.
Solution : Idea is to filter meta characters such as (< , >, ‘ , ” etc) Which will prevent browser from processing them as part of some script, they will be processed as plain text only.
So while doing in php you can do:
And to be on safer side we should also replace following characters:
replace ( with (
replace ) with )
replace & with &
replace ' with '
replace " with "
Or If you are not expecting user to input these characters then you can simply replace these with null string;
The replacements which I have mentioned above can be easily done using htmlspecialchars but if you want to extend it to all html tags then you can use htmlentities. And to strip both html and php tags from string you can use strip_tags. The disadvantage with strip_tags is that it doesn’t validate html so can cause trouble in case of broken html tags. It also provide you option to exclude list of tags from being stripped.
So now you can enjoy Shout Box until some new bug is found or its hacked again [;)]
SQL Attacks: Hacking (SQL injection)
Update(14th May 2008): XSS cheatsheet by ha.ckers.org lists possible cross site scripting methods on various browsers.
Earlier I wrote about Steganography, also how data/messages can be hidden in image files in these posts :
How to hide files in JPEG’s
Steganography app hides a messages in plain sight
today i find this article on lifehacker, It discusses some windows tools ( Hide in Picture ) that can be used to hide data in images.
Other free Windows tools offer more filetype support. wbStego can encode and decode files in PDF’s, HTML files or bitmaps. mp3stego embeds text inside MP3 files (command line and GUI interface available.) Here are more Windows stego software options [via Webby's World].
More and more companies restrict your access to certain websites. Usually it’s for a good reason, however if you’re pretty tech savvy and not worried about having the website “steamysingles.com” in the log file associated with your system, then this little tip site is for you. These methods includes :
- Use IP address
- Use an Anonymizer
- Use a public Proxy server
Create the rar file:
rar a secret.rar <your secret file>
cat img.jpg secret.rar > newimg.jpgNow this newimage looks identical to img.jpg, but it has secret.rar contained in it
Pull the file back out with this command: unrar x newimg.jpg
In windows :How to hide files in JPEG’s
Related Post :
There are a few things that can be done in times of grave emergencies. Your mobile phone can actually be a lifesaver or an emergency tool for survival. Check out the things that you can do with it.
Source : Blogcritics.org
BlackBox is an application that makes use of steganography. You have the ability to hide messages within Bitmap (BMP) files with no changes to the image or even the any of its properties, such as its file size. Useful for people who would like to send anonymous messages.
A nice cheat sheet of shortcuts can be just what the doctor ordered
when you’re looking to adopt a new program and get straight to
Source: Kshitij’s Blog
Typing DOS commands on the Windows Command Line prompt is a most efficient and faster way of doing things in Windows XP. Here’s a run-down of the most useful DOS commands available in Windows XP. Some of these DOS commands even do not have an visual alternative. Digital Inspiration has a nice roundup of 10 very useful commands and tricks that can help you get things done quickly from the command line.
Useful Windows XP DOS Commands & Tricks [Digital Inspiration]
Related resources on Microsoft Website:
List of DOS Commands with Examples