Rediscoverer

If you have Ubuntu Feisty or Gutsy with the default Firefox installed (meaning you didn’t manually downloaded/installed your Firefox), you might have some problems making the HTML Validator plugin work even after you followed the fix for Linux. I’ve already encountered this problem when I was still using Ubuntu Feisty and then again this morning after upgrading to Gutsy.

The fix is actually for another Firefox plugin: Colorzilla. I was having some problems making the HTML Validator work back then and decided to install Colorzilla first. It also had some problems but after some Googling, I found a fix that worked. The latest Firefox binaries needed to be downloaded and its libxpcom shared objects (libxpcom*.so) overwrite the current ones found in /usr/lib/firefox.

Feeling that I couldn’t do much without the HTML Validator plugin, I gave it one more try. The thing worked!

After upgrading to Ubuntu Gutsy Gibbon, some of my Firefox plugins went crazy (HTML Validator, Colorzilla and NoScript). Then I remembered having the same problems and fixed it again.

Just wanted to post that- might be able to help someone.

“Welcome to the 1st ever Philippine PHP Developer’s Conference that will be held this upcoming December 1, 2007 where sharing opensource solutions in the enterprise and schools is the main theme.This is in follow up with last April’s grand meetup which caught the attention of Philippines IT Industry and were looking forward of expanding it’s presence thru this event.”

Disabled and readOnly input elements both prevent its data from being changed (at least via the user).
But a disabled input element’s data is not sent with other data when the form is submitted. Could’ve saved me that extra 30-minute debugging time.

Received an email claiming that it’s from Skype and it wants me to update my Skype profile. It was already suspicious because I don’t think Skype (and perhaps other service providers) would suspend users for not updating their account. It gave me a link to http://cavyg.com/ze4/include/cs/www.skype.com/login454544465646464/index.htm which was “dressed” as https://secure.skype.com/login_update_done=1115487. And that was the giveaway clue.

Curious of what’s behind the link, I clicked it. After the page has loaded Firefox informed me that it’s a possible phishing attempt.

Hmmm… I wonder where they got my email address and if they knew I’m a Skype user or just randomly sent out the email. I already warned my friends about it.

It’s almost a week since I installed Ubuntu Feisty Fawn on my home PC. My original plan was to install it in a separate hard drive. But since I bought a DVD burner, I might as well burn make some back-ups and free some space where I can install Ubuntu.

Ubuntu installation was easy, but the preparations I did before that were not. I thought I bought a defective DVD burner. I searched installation infos (Google is our friend) and followed troubleshooting guides for my DVD player but had to return to the computer shop to have them check the device. It worked fine on their machine. Good thing I bought a new IDE cable when I returned to the store. Replacing the IDE cable worked (I also read that one) and I was able to backup-burn my files.

Next part was preparing a disk partition. I was quite new at disk partitioning and was afraid to screw up my drive so I read more about disk partitioning. I have an 80Gb hard drive where I gave Windows a 15Gb partition and the remaining were for storage. Repartitioning the drive, I reduced the storage partition to 40Gb, kept the Windows partition and the freed up space (25Gb) was for Ubuntu. I knew that there was something wrong with my partitioning when I had trouble rebooting after installing Ubuntu. I checked the partitions (Using GParted) and saw the Windows partition inside an extend partition together with the Linux partitions. Tried to fix the master boot record using fixmbr (from the Windows Installation CD- Repair Console), but didn’t work. Since I didn’t care about my Windows installation and I already had my files backed up, I decided to repartition the drive, flushing away the old Windows installation.

I reinstalled Windows and then Ubuntu. I used the default “50%” for the Ubuntu partition since I didn’t want to mess around manually setting Linux partitions. After installation, Ubuntu created some partition for itself but left around 12G of the 25Gb space I reserved for it. Oh well… I’ll free it up after I buy a new hard drive.

My PC now dual boots to Windows or Ubuntu. I don’t use Windows that often anymore.

By the way, here’s a preview of what my desktop looks like:

I’m using Beryl + Avant Window Navigator for the dock. Recorded using gtk-recordMyDesktop. It’s looks a bit choppy at the end since things became slower when I rotated the desktop cube while recording. My PC runs smoothly on 512mb of RAM even with these effects turned on.

Ok. Playtime’s over. Some people need to fix something.

I’ve been playing with an XSS vulnerability in a social-networking site I’m using. The site had already had XSS holes in the past that got patched. But then the addition of new features always opened up new problems.

One boring weekend, I got really curious with what I can do with XSS. Usually, whenever I see a site that is prone to script injection, I pop-up an alert box (a warning to fix the hole) and redirect them to somewhere else (usually Google). This time, I tried something neat. I’ve already read articles about stealing cookies via XSS but didn’t get to see how the stolen cookies were put into use. So I thought of doing an actual experiment if those things really work.

Long story short: it worked. I was able log into other user accounts without knowing their password. I asked some people for help to test this and gave them a demo. Really, I’m tempted to peek at other people’s account. But I don’t want guilt to keep me awake all night after a hard day’s job.

I already informed the folks at that site about the XSS hole. Maybe I’ll post how I did it after the vulnerability gets fixed. It was quite simple like the articles I’ve read before.