Did you miss anything in Lubuntu? Maybe some eyecandy like Compiz does in Ubuntu? Well, that solved for low-spec computers too. You can have shadows, transparencies and smooth transitions in your windows and programs thanks to Compton, the new composite manager in town. It's a fork from xcompmgr-dana (which is a fork istelf from xcompmgr). Thanks to our pals at Crunchbang Linux, we can use the
Read more ...
All Tips And Tricks Information Computer tricks in tamil Hindi Mobile tips tricks 2013 HAcking tricks Airtel Idea Vodafone Tata Docomo Tricks internet
Beta 2, QA release
As said by Phill Whiteside:
"...the Quality Assurance releases for Lubuntu 12.10 Beta 2 are out. These will give you a good idea as to how the final 12.10 release will look. You can grab one from the iso-tracker. If you've never done testing before, head over to the testing area for Lubuntu, further information can be got from the main QA area".
Read more ...
"...the Quality Assurance releases for Lubuntu 12.10 Beta 2 are out. These will give you a good idea as to how the final 12.10 release will look. You can grab one from the iso-tracker. If you've never done testing before, head over to the testing area for Lubuntu, further information can be got from the main QA area".
List of Bug Bounty Programs
Bug Bounty Program a well known topic is on the heat these days, known companies like: Google, Facebook, Mozilla are paying for finding a vulnerabilities on their web servers, products, services or some associated applications. Here is a list for all the Security Researchers and Bug Hunters to target all the best :)
Bug Bounty Websites for Web Application Vulnerability
Mozilla
security@mozilla.org
http://www.mozilla.org/security
http://www.mozilla.org/projects/security/security-bugs-policy.html
http://www.mozilla.org/security/announce
security@google.com
https://www.google.com/appserve/security-bugs/new?rl=xkp7zert49a5q6owod28bhr2
http://www.facebook.com/whitehat/bounty
Paypal
sitesecurity@paypal.com
https://cms.paypal.com/cgi-bin/marketingweb?cmd=_render-content&content_ID=security/reporting_security_issues
Etsy
http://www.etsy.com
Wordpress
http://www.whitefirdesign.com/about/wordpress-security-bug-bounty-program.html
Commonsware
http://commonsware.com/bounty.html
CCBill
http://www.ccbill.com/developers/security/vulnerability-reward-program.php
http://www.ccbill.com/developers/security/rewards.php
Vark
http://www.vark.com
Windthorstisd
http://www.windthorstisd.net/BugReport.cfm
Bug Bounty Websites for Products Vulnerability
Mozilla
http://www.mozilla.org/security
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
Google Chrome
http://www.chromium.org/Home/chromium-security/vulnerability-rewards-program
Zero Day Initiative
http://www.zerodayinitiative.com
Barracuda
bugbounty@barracuda.com
http://www.barracudalabs.com/bugbounty
http://www.barracudalabs.com/bugbounty/halloffame.html
Artifex Software
http://www.ghostscript.com/Bug_bounty_program.html
Hex Rays
http://www.hex-rays.com/bugbounty.shtml
Ardour
http://ardour.org/bugbounty
Piwik
http://piwik.org/security
Hall of Fame & Responsible Disclosure Websites(No Bounties)
Microsoft
http://technet.microsoft.com/en-us/security/cc308589
http://technet.microsoft.com/en-us/security/cc308575
http://technet.microsoft.com/en-us/security/cc261624
http://www.microsoft.com/security/msrc/default.aspx
http://technet.microsoft.com/en-us/security/ff852094.aspx
Apple
product-security@apple.com
http://support.apple.com/kb/HT1318
https://ssl.apple.com/support/security/
Adobe
http://www.adobe.com/support/security/bulletins/securityacknowledgments.html
http://www.adobe.com/support/security/alertus.html
IBM
http://www-03.ibm.com/security/secure-engineering/report.html
https://twitter.com/about/security
http://support.twitter.com/groups/33-report-abuse-or-policy-violations/topics/122-reporting-violations/articles/477159-how-to-report-xss-api-and-other-security-vulnerabilities#
https://support.twitter.com/forms
Dropbox
security@dropbox.com
https://www.dropbox.com/security
https://www.dropbox.com/special_thanks
Cisco
http://tools.cisco.com/security/center/home.x#~alerts
Moodle
http://moodle.org/security
Drupal
http://drupal.org/security-team
Oracle
http://www.oracle.com/us/support/assurance/reporting/index.html
Symantec
http://www.symantec.com/security
Ebay
http://pages.ebay.com/securitycenter/Researchers.html
Twilio
http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html
37 Signals
http://37signals.com/security-response
Salesforce
http://www.salesforce.com/company/privacy/disclosure.jsp
http://code.reddit.com/wiki/help/whitehat
Github
http://help.github.com/responsible-disclosure/
Ifixit
http://www.ifixit.com/Info/responsible_disclosure
Constant Contact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
Zeggio
http://www.zeggio.com
Simplify
http://simplify-llc.com/simplify-security.html
Team Unify
http://www.teamunify.com/__corp__/security.php
Skoodat
http://www.skoodat.com/Security
Relaso
http://relaso.com/disclosure
Moduscsr
http://www.moduscsr.com/security_statement.php
Cloudnetz
http://cloudnetz.com/Legal/vulnerability-testing-policy.html
Emptrust
http://www.emptrust.com/Security.aspx
Apriva
http://www.apriva.com/security
Amazon
http://aws.amazon.com/security/vulnerability-reporting
SqaureUp
https://squareup.com/security/levels
G-Sec
http://www.g-sec.lu/responsible.disclosure.policy.html
Xen
http://www.xen.org/projects/security_vulnerability_process.html
Engine Yard
http://www.engineyard.com/legal/responsible-disclosure-policy
Lastpass
https://lastpass.com/support_security.php
RedHat
https://access.redhat.com/knowledge/articles/66234
Acquia
https://www.acquia.com/how-report-security-issue
Mahara
security@mahara.org
https://wiki.mahara.org/index.php/Security
Zynga
security@zynga.com
http://company.zynga.com/security/whitehats
Risk.io
https://www.risk.io/security
Opera
http://www.opera.com/security/policy
Owncloud
http://owncloud.org/security/policy
http://owncloud.org/security/hall-of-fame
Scorpion Soft
security@scorpionsoft.com
http://www.scorpionsoft.com/company/disclosurepolicy
Norada
http://norada.com/norada/crm/security_response
Cpaperless
http://www.cpaperless.com/securitystatement.aspx
Wizehive
http://www.wizehive.com/security
Tuenti
http://corporate.tuenti.com/en/dev/hall-of-fame
Nokia Siemens
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure
Sound Cloud
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure
HTC
http://www.htc.com/us/legal/product-security
Neohapsis
http://www.neohapsis.com/disclosure.php
Nokia
security-alert@nokia.com
http://www.nokia.com/global/security/security
http://www.nokia.com/global/security/acknowledgements
BlackBerry
secure@blackberry.com
https://www.blackberry.com/profile/?eventId=8322
http://us.blackberry.com/business/topics/security/incident-response-team/collaborations.html
Puppetlabs
http://puppetlabs.com/security
Linkedin's Clickjacking & Open Url Redirection Vulnerabilities
# Vulnerability Title: Secondary Email Addition & Deletion Via Click
Jacking in Linkedin
# Website Link: [Tried on Indian version]
# Found on: 06/08/2012
# Author: Ajay Singh Negi
# Version: [All language versions would be vulnerable]
# Tested on: [Indian version]
# Reported On: 07/08/2012
# Status: Fixed
# Patched On: 10/09/2012
# Public Release: 15/09/2012
I have found Click Jacking & Open Url Redirection vulnerabilities on Linkedin Website on 6th and 7th August 2012.
Summary
A Clickjacking vulnerability existed on Linkedin that
allowed an attacker to add or delete a secondary email and can also make existing secondary email as primary email by redressing the manage email page.
Details
Linkedin manage email page (a total of 1 page) was lacking
X-FRAME-OPTIONS in Headers and Frame-busting javascript measures to prevent
framing of the pages. So the manage email page could be redressed
to 'click-jack' Linkedin users. Below I have mentioned the vulnerable
Url and also attached the Proof of concept screenshots.
1. Click Jacking Vulnerable Url:
https://www.linkedin.com/
Click Jacking Vulnerability POC Screenshots:
The redressed editor page with frame opacity set to 0 so it is invisible
to the user. As the user drags the computer into the trash-bin and clicks the
Go button, a new secondary email will be added into the Linkedin user's
account.
With the frames opacity set to 0.5 you can clearly see the redressed page and
all the background. The computer is actually a text area that
contains the attacker's email address which is selected by default with the computer image(Using JavaScript), once the Linkedin user drags the computer he will actually
drag the attackers email address into the add secondary email address area and when he
will click the go button, the Linkedin user will actually click the redressed add email address
button and the attackers email will be successfully added in the Linkedin users account.
Secondary email added successfully into the Linkedin users account.
No X-Frame-Options in servers response header.
Linkedin addressed the vulnerability by adding X-FRAME-OPTIONS in header
field which is set to SAMEORIGIN on this page.
# Vulnerability Title: Open Url
Redirection in Linkedin
# Website Link: [Tried on Indian version]
# Found on: 05/08/2012
# Author: Ajay Singh Negi
# Version: [All language versions would be vulnerable]
# Tested on: [Indian version]
# Reported On: 06/08/2012
# Status: Fixed
# Patched On: 07/09/2012
# Public Release: 15/09/2012
Summary
Open Url
Redirection using which an attacker can redirect any Linkedin user to
any
malicious website. Below I have mentioned the vulnerable
Url and also attached the Proof of concept video.
Original Open Url
Redirection Vulnerable Url:
https://help.linkedin.com/app/utils/log_error/et/0/ec/7/callback/https%3A%2F%2Fhelp.linkedin.com%2Fapp%2Fhome%2Fh%2Fc%2Ffrom_auth%2Ftrue
Crafted Open Url
Redirection Vulnerable Url:
https://help.linkedin.com/app/
Open Url
Redirection Vulnerability POC Video:
Impact of Vulnerability:
The user may be
redirected to an untrusted page that contains malware which may then
compromise the user's machine. This will expose the user to extensive
risk and the user's interaction with the web server may also be
compromised if the malware conducts keylogging or other attacks that
steal credentials, personally identifiable information (PII), or other
important data.
The user may be subjected to phishing
attacks by being redirected to an untrusted page. The phishing attack
may point to an attacker controlled web page that appears to be a
trusted web site. The phishers may then steal the user's credentials and
then use these credentials to access the legitimate web site.
Special Thanks to AMol NAik, Sandeep Kamble and all G4H members :)
How to Hide Your Private Folder
Hello Friends, this is a simple trick to hide some folder for your private files, but this is not the step by any batch programming. Just follow the steps:
Step 1 : Create a folder in any drive on your computer and copy your private files to that folder.
Step 2 : Right click that folder and select “Rename” then hold “Alt” key and type “0160” (don’t release alt key till the four letter typed “ALT + 0160”) .
Its only working on num keyboar guys please note this
Step 3: Then right click the folder and select “Properties” from that dialog box go to customize tab.
Step 4: Now click “Change Icon” and select the empty icon in the list(that is available in 13th column of the list).
Now check that folder is in hide state. Please look at this video for clear instruction.
Madhurima Latest Images and photos
Latest Stills Madhurima
Madurima Spicy Images
Maduriama Special Stills
Madhurima Heroine Images
Stored XSS Via Viewstate
While researching I have found that Stored XSS can be found Via Viewstate Parameter even when Viewstates Mac is Encrypted. The actual cause of this vulnerability existence is that the viewstate parameters value is not properly getting decoded on the server-side therefore any XSS payload in this paramter will get excuted and if there is any filter then it can be bypassed by converting the XSS payload in base 64 payload.
Steps to execute this attack are as following:
1. First input any random data in login page and submit it on any aspx application.
2. intercept the using burp proxy if there is any client side validation submitted request then modify the actual viewstate parameter as shown below.
__VIEWSTATE=oJ8hAgVek8ugvqZtQ8vy9baHA1JCMeiHO0LxTIPJT0HfnQeGqLUkBqqp%2Fn%2FNhlfxnOzTZMuhKC2wyoCSHbo9pLsXD3kA8Y9fRx%2F1c8HvBHZnz3B4VkL6%2FkzBmGhZr8vEI7eTwScjrz1skp0cOJK%2Fr1dNP3Umh0jaS%2FyBkAH2Ikan9iMQBtmaLmy6m0%2BFFwA1fGgBgk60iYonO5182BdA%2FsZ8pdZnaDRPpY1q3RORFbbZ2WfZKsYhviogwsPldBOSLyOVrS9kRwU4DCDK5uE5RkgEU7ggZmxaOtSfbicezf%2BttQxsRysfMRmK%2F94r63f%2BsQxKrM2udYbpT0s%2FWiUDPmnB50oIltm1FHGm%2BYLu0PgL9RTP
to __VIEWSTATE=<scripts>alert(document.cookie)</script> the intercepted request
Also the XSS Payload <scripts>alert(document.cookie)</script> can be converted to base 64 Jmx0O3NjcmlwdHMmZ3Q7YWxlcnQoZG9jdW1lbnQuY29va2llKSZsdDsvc2NyaXB0Jmd0Ow==
3. now forward the request using burp web proxy
4. the javascript payload will execute on the client side as there the decoding of the base 64 value in viewstate parameter is not properly decoded on the server side therefore the malicious XSS payload will not be sanitized on the server side and if there is no HTTP only cookie attribute is implemented so the attacker can get all the authentication session cookies of the victim.
Or
5. using the web proxy burp we were able to inject the XSS payload and it also executed successfully after modifying and forwarding the intercept request but the interesting thing is that this payload was successfully executed using the vulnerable Viewstate parameter then this payload actually got stored in the server side and the XSS vulnerable page redirected to an error webpage with a different Url, then we copied and opened this Error page Url in another browser. As the XSS payload is stored on the server side so this XSS payload got executed again and again. So, the same attack can now be done without any web proxy like burp as the malicious XSS payload is stored on the server side and that can be reused using the error page Url which was generated after the execution of malicious XSS payload using the web proxy burp.
Malicious Url with Stored XSS Payload:
https://vulnerablesite.com/Error.aspx?parameter=vKJp31W6plKC1+MfxM3z/K6F3rbyiQeRCXHy/YbkgoBg94PMC17/UXcJIpNI9B4syvRRcsKLAdRrV3GAD9FdNYPMbeGuWK4d+PxU2rrWZJ3B8Szg283u9f71W7gw6CmRUfNG0ixyGFVsvsDAx8UEHVZ6LEfXo49SclUuUOruiHmdF99v7PtOAwd4aGDBSTB3dQX3DfgxZSr3Oiwkuf627ni0IWPU74Fqo0XTyJSXLT18H56LNeoG2F8G3CqsofnbJaMZnYD4Evu445EMpAJQZ+R9n0JV0uXHLVfh+ERAl+snQMi+CgAvv6YPWl5ygPJ45s+NLdKZXH8lkhlx2CM33dCi2AbBwci3yOAHpOFakr+Qa0V5WV8hA/b5gFcWK5WN3h0qD4zq+YqCPfMb+3V1jd86+yD5MGYLfsgUv7X8KZ8obDVRIFslWrXApYF7Nz1lDOC8PkLmulHs193yLchYDKM/Ie2uckvLGxcKflcY3RfTiQMLIDb99Z2Yp3F84VT3t0PqVa6hu37pvSj1ROuRRHsQLDCAnIizlVvfffaDfnhkLwMG5HSqac9bwp5yZX2MeZ07AIe64a/TZwcvicZsMZlI/jJ8Ul8CMIjGbihGO93E/53tnqAjHkk0Lv2jAjrsK83Q+m0yeJnvT5S3dQkVvqccfsO9DZk/i3I4vAB9y9qYCo4j3JzzAeMoydbQ20JOugn0BXPGyYtxPkih4qkYLwMjB2Yltoxj24hOCez9cGelxFI1S8iO0lnNEdasKWpFE1cE3dUcJf5SeJR/tgkAR0kU+M0Vby7SWG+Umu/8/PVXyd4BqXtJJqfi5nz2Eh94o5/kZoPjGHWDvGNuzLVCqloL3qgIxva+EqjHUzk7U17DFa34HxhcvGLUzNNzYnJhll/n4Ao1BhrTv2dIhuyeZXjEuwbA0S6YN13s3/9p6GyEvraIVSBSIPZtxXcfU/PLP4YUehqr/6R3/PWh5So4y4DlvyMepPeVd0OLnvDq+OJ3BbqhUxSDZRlJhQA3sedE+YsJ9lQFUKLUb2fBqLqyKzMDwikf0tmB5q/BOEOi5GEW+IaYVhSXJXJxtoTcpHY21ovviuZp85cXYCUqqbp044uCLMQqtqZtyxyGkL/BVY7+9pjiQrr+g8OBhpNjLfthkWVoptz/WcoRVHY7X5wZBp==
Impact:
Client-side code (like JavaScript) can be injected into the web application which is then returned to the user's browser. This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.)
Recommendation:
User inputs must be validated and filtered before being returned as part of the HTML code of a page. Don't rely on this security mechanism to protect against Cross-Site Scripting and SQL injection attacks. Make sure that proper input validation is built into web applications.
How to Make Computer Talk
Make Computer Talk - When strange now no longer issuing computer voice / voice, read to us a series of words or phrases that exist in a document (text).
But it never hurts to try our own simple script to convert / change writing into voice, using notepad.
• Open Notepad
• Copy and paste the following script in notepad
Dim message, cows
message = InputBox ("What do you want me to say?", "Speak to Me")
Set beef = CreateObject ("sapi.spvoice")
sapi.Speak message
• Save the file to free up your name with the extension. Vbs
(Namaterserahanda.vbs) instead berektension. Txt
• To run double-click the file that you created, type of writing to be converted into voice
• Click OK to listen
Read more ...
But it never hurts to try our own simple script to convert / change writing into voice, using notepad.
• Open Notepad
• Copy and paste the following script in notepad
Dim message, cows
message = InputBox ("What do you want me to say?", "Speak to Me")
Set beef = CreateObject ("sapi.spvoice")
sapi.Speak message
• Save the file to free up your name with the extension. Vbs
(Namaterserahanda.vbs) instead berektension. Txt
• To run double-click the file that you created, type of writing to be converted into voice
• Click OK to listen
Lubuntu 12.10 beta 1
Phill Whiteside, the QA testing team says:
Beta 1 Testing has started, grab one while they're still warm :) http://iso.qa.ubuntu.com/qatracker/milestones/232/builds
Read more ...
Beta 1 Testing has started, grab one while they're still warm :) http://iso.qa.ubuntu.com/qatracker/milestones/232/builds
Subscribe to:
Posts (Atom)