Waves

hi!! here is a major security threat in IE. Using jes a line of javascript or vbscript, u can retrieve text from clipboard. And using technology such as AJAX, it is possible to send it to the server without page refresh i.e. user willnt know that some communication has happened between his sys & the server. 1 e.g. where AJAX is used is wen u sign up for a new mail account at gmail or yahoo. It gives u a button to check whether the user id u selected is available or not & the result is almost instantaneous without the whole page refreshing.

Btw, i read abt this somewhere around 2 weeks ago, but i understood the threat & its severeness when i was reading Sudar’s blog yesterday. Thanks 2 u sudar!!

Click on the links to get more information, a demo and a possible(not fool-proof) way to get rid of this problem.

1 more thing, this problem occurs only in internet explorer and i feel its mainly because of the extensive support of activeX controls. if u have some thoughts 2 share, dont hesitate to post a comment.

hey!! ne1 out there using dataone like me???

well, v hava reason 2 b unhappy ‘cos they r giving only 1GB download/upload per month. But there is 1 small reason to be a “lil” happy. 2 AM to 8 AM is free for unlimited usage. To take advantage of this, i created a scheduled task to start downloading using Download Acclerator Plus (DAP) at 2:10 AM & shutdown the system after download completes or at 7:55 AM, whichever occurs first. Ok, heres the procedure to do that. I did this WinXP home and DAP version 7.2.
1. Start->Programs->Accessories->System Tools->Scheduled Tasks.
2. Click next & select a program from the list or click “Browse” button to select ur own. I selected DAP frm the list.
3. Type a name & choose an option from the 1ce given. I chose daily.
4. Give a start time. As for this, give it as “2:10 AM” & select a start date.
5. Enter ur user name & password.
6. If u wan something else 2 b configured tick off the chk box & say “Finish”.

Now, u gotta config DAP to start downloading at 2:10 AM. Other download managers vil surely a similar feature.

1. Fire DAP frm Start->Programs->Download Accelerator Plus->Download Accelerator
2. Goto Options->Preferences.
3. Select “Scheduler” from the left side menu & select the chk box
4. Tick the chk box dat says “Start scheduler at…” & select “Daily” & give the time of starting. If u want give the time at which the scheduler has to stop.
5. Select the options from “After scheduled downloads stopped/finished”.
6. Click “Apply” & say “Close”.

Dats!! it u can now close DAP, leave ur comp on & happily go 2 sleep……Today i have scheduled for 2 downloads from channel9. The 1st 1 is here & the 2nd is here, if u want to c them. They both promise 2 b gud. bye!! n have a gud day…. 😉

Update: Read through Part 2 also.

hi!! i attended the BEA user group meeting at Taj Connemara & this is the first session BEA is having in chennai. Its having plans of starting the same in other metros (its started in mumbai i think, not sure) & pune too.

The topic that was covered in that session was on their “Diablo” (WebLogic Server 9.0) & BEA AquaLogic. Aqualogic is 1 platform for integrating systems of diff. architectures & enabling communication between them. It is more architecture oriented. & b4 going into that there was an hr session on SOA (Service Oriented Architecture). If you dont know what SOA is, it is the next wave of the future & to ride on it, read the June 2005 magz of Developer IQ. There r very good articles on SOA, more importantly Web Services.

In brief, SOA talks about exposing ur application or ur code as a service. This means that, the methods you write for ur app can be called from any OS, any language & also it is available anywhere, anytime. Therefore, you first need to publish your code or class (enabling the service) & make it available to the world (discover) by registering at any of the registries available E.g. UDDI (Universal Description Discovery Integration).

And obviously we were given a DVD containing the WebLogic Platform 8.1, Weblogic Server 9.0 beta, Apache Beehive, Spring framework 1.2 etc.

Gotta try it now. bye!!~~

Pharming is a very popular type of network attack among hackers. Lemme explain the process in brief.

1. The hacker looks for a web page from where he wants to get details. Typically it will be a bank’s website.
2. By viewing the design source code of the web page (View > Source) from internet explorer, he recreates a similar web page.
3. Then, he looks at the DNS (Domain Name System) table of the ISP (Internet Service Provider). He gets the list of IP addresses for the different websites & searches for the website he wants to spoof.
4. Now in the DNS table, he changes the IP address of the website to represent his server’s IP address. Eg: If he wants to spoof yahoo.com, he changes yahoo’s IP to his own IP.
5. Whenever a user accesses the site by giving yahoo.com, the DNS now redirects him to the hacker’s system. Since he has recreated a similar page, the end user believes that he has come to the correct page. Now, he gives his user id and pwd to login to the site & wat happens now?? The website shows an error & by this time, the user has lost his user id & pwd to the world.

Prevention is better than cure

1. Banks & other institutions which take data such as user id & pwd often put up a notice on their saying that they never ask for other details.
2. For the users, plzz b careful. Have a look at the url each time u see the site. If it differs, cross check by sending a mail or calling them up. Most probably, the mail wont b replied bcos, the hacker’s IP wont be having a mail server.
3. Check whether the website’s certificate is from an authorized agent. Most hackers don’t have a proper certificate. For this, c whether u have a small eye icon on the status bar of the internet browser (internet fxplorer, firefox, opera etc.).
4. Double click on it to c the certificate.Or better still, don’t use internet :-). That way, u can remain safe forever.

hi!! friends, heard Thiruvasagam? For those of u who dont know wat it is, it is a set of hyms or poems written on Lord Shiva by Thiruvasagar.

For the mortals, the great work by the poet is remade in such a way so that, it reaches the common man. There was a program on sun tv abt this where Ilaiyaraja was giving interview. The question was, “Sir, you very well know that the meaning of the words in the work are difficult to understand. How do u expect it to reach the common man?” The answer was, “The feeling u get wen u listen is what that is more important then understanding the words, which induces change in u (+ve change)“.

As an example, he recited the words in the poem (which had no effect ofcourse) & then he sang it in a particular way, which had some effect on me (couldnt really explain dat, u have 2 feel it). Whether u r Ilaiyaraja’s fan or not, u must listen to the 1st song. It starts like this

“Poovar senni mannan empuyangap peruman siriyomai ………..“

It was done with Budapest Symphony Orchestra (120 singers), conducted by Laszlo Kovacs & sung by Ilaiyaraja, Bhavatharini etc. A must listen for music lovers around the world. Without doubt, its 1 of the greatest creations!!!

hey!! can u pronounce Bjarne Stroustrup?? I know its difficult & each of u out there may have ur own strings :)) . …

leave the trouble…The inventor of C++ has a small audio (i got it frm a friend) that pronounces his name. You can download it from my website here.

And remember to change the filename “bjarne.txt” to “bjarne.wav”.

hi!! noticed the Google Talk app?? Its really cool….

Its got a wonderful voice chat module built into it & the voice is crystal clear even in dial-up internet connection (im still using one). But its got a long way to go.

Soon, i think it vil b having all other features of other IM clients plus a very important feature (interoperability with other IM clients) such Yahoo!, MSN etc.

Any thoughts on this??? Don’t hesitate to comment on it. g2g now, bye & gn8…

Hooray!! finally started my blog. Wonder why i wanted my blog? Inspiration of a blog came from a lot of other blogs & propelled me to start this one. leaving now… i vil b back with more.