Rediscoverer

It’s almost a week since I installed Ubuntu Feisty Fawn on my home PC. My original plan was to install it in a separate hard drive. But since I bought a DVD burner, I might as well burn make some back-ups and free some space where I can install Ubuntu.

Ubuntu installation was easy, but the preparations I did before that were not. I thought I bought a defective DVD burner. I searched installation infos (Google is our friend) and followed troubleshooting guides for my DVD player but had to return to the computer shop to have them check the device. It worked fine on their machine. Good thing I bought a new IDE cable when I returned to the store. Replacing the IDE cable worked (I also read that one) and I was able to backup-burn my files.

Next part was preparing a disk partition. I was quite new at disk partitioning and was afraid to screw up my drive so I read more about disk partitioning. I have an 80Gb hard drive where I gave Windows a 15Gb partition and the remaining were for storage. Repartitioning the drive, I reduced the storage partition to 40Gb, kept the Windows partition and the freed up space (25Gb) was for Ubuntu. I knew that there was something wrong with my partitioning when I had trouble rebooting after installing Ubuntu. I checked the partitions (Using GParted) and saw the Windows partition inside an extend partition together with the Linux partitions. Tried to fix the master boot record using fixmbr (from the Windows Installation CD- Repair Console), but didn’t work. Since I didn’t care about my Windows installation and I already had my files backed up, I decided to repartition the drive, flushing away the old Windows installation.

I reinstalled Windows and then Ubuntu. I used the default “50%” for the Ubuntu partition since I didn’t want to mess around manually setting Linux partitions. After installation, Ubuntu created some partition for itself but left around 12G of the 25Gb space I reserved for it. Oh well… I’ll free it up after I buy a new hard drive.

My PC now dual boots to Windows or Ubuntu. I don’t use Windows that often anymore.

By the way, here’s a preview of what my desktop looks like:

I’m using Beryl + Avant Window Navigator for the dock. Recorded using gtk-recordMyDesktop. It’s looks a bit choppy at the end since things became slower when I rotated the desktop cube while recording. My PC runs smoothly on 512mb of RAM even with these effects turned on.

Ok. Playtime’s over. Some people need to fix something.

I’ve been playing with an XSS vulnerability in a social-networking site I’m using. The site had already had XSS holes in the past that got patched. But then the addition of new features always opened up new problems.

One boring weekend, I got really curious with what I can do with XSS. Usually, whenever I see a site that is prone to script injection, I pop-up an alert box (a warning to fix the hole) and redirect them to somewhere else (usually Google). This time, I tried something neat. I’ve already read articles about stealing cookies via XSS but didn’t get to see how the stolen cookies were put into use. So I thought of doing an actual experiment if those things really work.

Long story short: it worked. I was able log into other user accounts without knowing their password. I asked some people for help to test this and gave them a demo. Really, I’m tempted to peek at other people’s account. But I don’t want guilt to keep me awake all night after a hard day’s job.

I already informed the folks at that site about the XSS hole. Maybe I’ll post how I did it after the vulnerability gets fixed. It was quite simple like the articles I’ve read before.