Recently hackers attacked facebook by injecting porn images and videos in to the users account.Facebook said, it is a Self-XSS attack.
The Self XSS attack is a computer securtiy vulnerability, mostly used to attack the web applications by injecting client side script (Java Script, VB Script etc..) into web pages viewed by other users.
The below examples will be giving an overall idea about how a client side script can inject,
For example enter the code into the web browser
javascript:alert('I am XSS');
This is will show a pop up with "I am XSS".
Like this a hacker can inject malicious codes into the browser to steal confidential data, cookies, redirect to other sites etc...
To get all the cookies informations, execute the below code in the browser
javascript:alert("Cookies:"+document.cookies+" "+"\n I am XSS");
The above codes would not be doing other than displaying the datas, but a hacker can
inject powerfull malicious codes to destroy the user informations.
Download PDF:
1) A Study of Malicious Attacks on Facebook
2) http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Hoffman.pdf
3) Cross-Site Scripting XSS
4) http://sun.cs.ucdavis.edu/papers/esorics09_xssworm.pdf
ViewVC or ViewCVS
It was calling as ViewCVS, but it got changed to ViewVC.The open source tool is giving an browser interface to view the contents of SVN and CVS.
This generates HTML to present directory, revision and logs. ViewVC is written in python and the parameters can be modified directly in a URL by using a REST style interface.
The below items are some of the additional features of ViewVC:
Support for filesystem-accessible CVS and Subversion repositories.
Support for path-based authorization, including parsing and honoring Subversion authz configuration files.
RSS feed generation for tracking changes to repositories or individual items within repositories.
Individually configurable virtual host support.
Line-based annotation/blame display.
Revision graph capabilities (via integration with CvsGraph) (CVS only).
Syntax highlighting support.
Bonsai-like repository query facilities.
Template-driven output generation.
Colorized, side-by-side differences.
Tarball generation (by tag/branch for CVS, by revision for Subversion).
Localization support based on the Accept-Language request header.
Ability to run either as CGI script or as a standalone server.
Regexp-based file searching.
INI-like configuration file (as opposed to requiring actual code tweaks)
The authentication and auhtorization can be set while accessing the repositories using ViewVC.
But the question is how can we restrict individual users to access their CVS or SVN repositories.
The below URLs gives an ideas:
http://www.viewvc.org/faq.html#authz-support
http://svn-access-mana.sourceforge.net/#inst_web_viewvc
Download PDFs:
1) http://svnbook.red-bean.com/en/1.5/svn-book.pdf
2) http://micro.stanford.edu/mediawiki/images/0/04/Howto_istall_SVN_Fedora.pdf
3) http://www.docbook.org/docs/howto/howto.pdf
4) http://www.shrubbery.net/rancid/RhysEvans_overview_0.3.pdf
5) http://micro.stanford.edu/mediawiki/images/9/9b/Howto_istall_SVN_CentOS.pdf
6) http://wsmoak.net/subversion/demo/viewvc.html
7) http://en.wikipedia.org/wiki/ViewVC
This generates HTML to present directory, revision and logs. ViewVC is written in python and the parameters can be modified directly in a URL by using a REST style interface.
The below items are some of the additional features of ViewVC:
Support for filesystem-accessible CVS and Subversion repositories.
Support for path-based authorization, including parsing and honoring Subversion authz configuration files.
RSS feed generation for tracking changes to repositories or individual items within repositories.
Individually configurable virtual host support.
Line-based annotation/blame display.
Revision graph capabilities (via integration with CvsGraph) (CVS only).
Syntax highlighting support.
Bonsai-like repository query facilities.
Template-driven output generation.
Colorized, side-by-side differences.
Tarball generation (by tag/branch for CVS, by revision for Subversion).
Localization support based on the Accept-Language request header.
Ability to run either as CGI script or as a standalone server.
Regexp-based file searching.
INI-like configuration file (as opposed to requiring actual code tweaks)
The authentication and auhtorization can be set while accessing the repositories using ViewVC.
But the question is how can we restrict individual users to access their CVS or SVN repositories.
The below URLs gives an ideas:
http://www.viewvc.org/faq.html#authz-support
http://svn-access-mana.sourceforge.net/#inst_web_viewvc
Download PDFs:
1) http://svnbook.red-bean.com/en/1.5/svn-book.pdf
2) http://micro.stanford.edu/mediawiki/images/0/04/Howto_istall_SVN_Fedora.pdf
3) http://www.docbook.org/docs/howto/howto.pdf
4) http://www.shrubbery.net/rancid/RhysEvans_overview_0.3.pdf
5) http://micro.stanford.edu/mediawiki/images/9/9b/Howto_istall_SVN_CentOS.pdf
6) http://wsmoak.net/subversion/demo/viewvc.html
7) http://en.wikipedia.org/wiki/ViewVC
Advantages of Becoming a PHP Zend Certified Engineer - ZCE
ZCE is the #1 php certification available in the market.
The certified person gets a good profile weightage.
1) Differentiate yourself from other job seekers
2) Increases your value while salary review
3) Easily shortlisted your CV/Resume
4) Gets a good recognition from the employer
5) Lists in the Zens's PHP Yellow pages
http://www.zend.com/en/store/education/certification/yellow-pages.php
Nearly 70 questions will be asked for the ZCE exam.
The questions will be picked up randomly.There will be multiple type questions as well as the description type questions.
Nearly one month of thorough training or self study is needed for the exam.
The below links are very much useful for the beginners.
http://www.zend.com/en/services/certification/
http://www.zend.com/en/services/training/course-catalog/certification
Visit the URL to get the exam topics http://www.zend.com/en/services/certification/php-5-certification/
The certified person gets a good profile weightage.
1) Differentiate yourself from other job seekers
2) Increases your value while salary review
3) Easily shortlisted your CV/Resume
4) Gets a good recognition from the employer
5) Lists in the Zens's PHP Yellow pages
http://www.zend.com/en/store/education/certification/yellow-pages.php
Nearly 70 questions will be asked for the ZCE exam.
The questions will be picked up randomly.There will be multiple type questions as well as the description type questions.
Nearly one month of thorough training or self study is needed for the exam.
The below links are very much useful for the beginners.
http://www.zend.com/en/services/certification/
http://www.zend.com/en/services/training/course-catalog/certification
Visit the URL to get the exam topics http://www.zend.com/en/services/certification/php-5-certification/
Subscribe to:
Posts (Atom)