Jawed’s Blog

Friend: calls your parents by mr. and mrs.
Best friend: calls your parents dad and mom.

Friend: has never seen you cry
Best friend: has always had the best shoulder to cry on

Friend: never asks for anything to eat or drink
Best friend: opens the fridge and makes themself at home

Friend: picks you up when you fall
Best Friend: laughs at you and trips you again

Friend: asks you to write down your number.
Best friend: they ask you for their number (cuz they can’t remember it)

Friend: borrows your stuff for a few days then gives it back.
Best friend: has a closet full of your stuff

Friend: only knows a few things about you
Best friend: could write a biography on your life story

Friend: will leave you behind if that is what the crowd is doing
Best friend: will always go with you

Friend: would igonre this post after reading
Best friend: will send link to this post to me and all of their online buddies

A security flaw has been discovered in Mozilla Foundation’s Firefox 2 and Microsoft’s Internet Explorer 7 web browsers. Hackers can use this flaw to capture the username and password of users.

Firefox’s Password Manager Software seems to be the source of the flaw. This software automatically fills the username and password into another login page. A hacker can make use of this flaw by creating a fake login page and the browser would be tricked into providing the username and password.

This can be done on sites that allow user created pages such as blogs and forums. This method was used on the social networking site MySpace reported late October. The hacker registered a username with MySpace and used it to host a fake login page. Users who accessed MySpace using Firefox thereafter had their information compromised.

This flaw has been named Reverse Cross Site Request vulnerability (RCSR) by Robert Chapin, who detected this flaw. RCSR poses a greater threat than Cross-site scripting (XCS) as the page is more convincing and shows no sign of external content or open redirects. The reason why RCSR succeeds in Firefox and IE is that both the browsers do not check the destination server, where the password is being sent. Besides since such a reversal happens at a trusted site the browser brings up no alerts.

Robert Chapin has provided a detailed description of the type of attack that can happen and a presentation of how it works on his site. The site also warns that firewalled local network servers and HTTP addresses that are not generally accessible are most vulnerable to these attacks as the hacker does not require direct access.

Though Firefox has been proven to be completely vulnerable to this attack IE seems to have a better defense. IE will not automatically fill the username and password till it accurately checks the source of the login form. Hence it will be tricked only if the RCSR page appears on the same page as a legitimate login page.

A bug report regarding this flaw has been filed with Mozilla but no fix has yet been found. Security experts have recommended that Firefox’s Password Manager be disabled and the Master Password Timeout extension be installed.

This extension locks the master security device after a specific period of inactivity. Users have also been advised to disable the Remember password for sites option in Firefox.

For some days I have been receiving mails sent to other address the difference between that address and mine is a single dot. When I researched further, I found that its a functionality, how GMAIL works. Read from here.

According to google, Gmail doesn’t recognize dots (.) as characters within a username. This way, you can add and remove dots to your username for desired address variations. Messages sent to your.username@gmail.com and y.o.u.r.u.s.e.r.n.a.m.e@gmail.com are delivered to the same inbox, since the characters in the username are the same. But you have to use dot in order to log into your account.

They shouldn’t allow dots at first place, if this was the case. If you have an email address that has dot in it then change it ASAP. You might be loosing confidential data to someone else.

Does this mean Google mail is not secure?

Today, the SUN Microsystems, Inc has released the first Java code under version 2 of the General Public License (GPLv2), which governs Linux and other open source products. According to Sun, this move will promote Java and make it easier to bundle with Linux.

Sun is now the biggest contributor to the open-source community. Already Sun has released open-source implementations of its Solaris Operating System, NetBeans, Project Looking Glass, Project JXTA, Jini, OpenOffice, OpenSPARC, and Java EE technologies and is continuing on its path to open all of its middleware.

Commenting on the development, Rich Green, Executive Vice President of Software, Sun, said, this is a milestone for the whole industry, and that not only are they making an influential and widely-used software platform for the Web available under open source, but that they are paving the way for a paradigm shift in how software is enhanced and developed.

By open sourcing its Java implementations, Sun will open new market opportunities, fuel innovation, and drive broader adoption of this Web 2.0 platform while minimizing fragmentation in the mobile community by delivering a consistent application platform across devices.

While additions to software available under GPL have to also use the license, Sun is making an exception in the case of Java Standard Edition (Java SE). Meaning, programmers creating applications using Java SE will not be required to use the GPL license, and can instead opt for any other license for their applications. Also, Sun will continue to offer commercial licenses that give other software vendors legal indemnification and official standards certification.

All in all, Sun’s move comes as a pleasant surprise, considering the company has continually resisted calls to open source Java, citing fears that such an action would cause incompatibilities among “forked” versions of the code.

Read full story: Open Source Java

There is no question that you can make some good money with Google AdSense, but you’re setting yourself up for disaster if you make any of these Top 10 mistakes!

1. Do not use fake information when opening your Google AdSense account.

2. Do not hack or modify Google AdSense code other than to change the parameters that Google authorizes you to change.

3. Keep AdSense ads off of your registration, confirmation, and all “thank you” pages.

4. Do not display AdSense ads and a competitor’s ads (like Overture’s) on the same page at the same time.

5. Don’t “beg for clicks” or provide any incentive for clicking on your Google AdSense ads.

6. Never click on the ads running on your own site, even if you are genuinely interested in the product or service and are thinking of buying it!

7. No misleading labeling

8. Avoid keyword spamming and other divisive tricks

9. Don’t advertise anything on Google’s prohibited items list.

10. And the 10th dumbest thing NOT to do with Google AdSense is to let the other nine things stop you from running an honest site that’s designed to make the most out of this very profitable opportunity that Google offers!