REVIVAL

Active XX No yeah

2009-12-20T07:21:00Z

The second vulnerability exists because of flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a web page or HTML mail delivers a .chm file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the .chm file in the correct zone – the one associated with the web page or HTML mail that delivered it – the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn’t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.

The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a .chm file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.

Active X Taking Control

2009-12-19T06:20:00Z

ActiveX control vulnerabilities

Signed ActiveX controls run as resident programs on your PC with full privileges when loaded through IE. The operating system treats signed code as local code. By default, IE does not prompt the user about this action so long as the code is signed. If someone has access to a certificate, then this type of attack could be very transparent. For example, a malicious hacker could use this in order to load buggy DLLs signed by the original vendor to temporarily downgrade your computer.

The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker’s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.

Oh my god why isnt it working

2009-12-16T06:18:00Z

Web page spoofing vulnerability:

•        Like the vulnerability above, this vulnerability would not provide any way to force users to the attacker's web site, and DNS poisoning or other measures would likely be required to exploit it.

•        Any hyperlinks within the page would correctly show the target. As a result, the attacker would need to point these to bona fide locations on the spoofed web site, with the result that the attacker would likely only be able to spoof a single web page, rather than an entire site.

Variants of "Frame Domain Verification" vulnerability:

•        The vulnerability could only be used to read - not add, delete or change files.

•        The attacker would need to know the exact name and location of every file he wished to read.

•        The vulnerability could only be used to read file types that can be opened within a browser window - for example, .htm, .txt or .doc files, but not .exe or .xls files.

Factors Mitigating Browser issues

2009-12-15T06:17:00Z

Server certificate validation vulnerability:

•        The vulnerability only affects how certificates from web servers are validated. It does not affect how code-signing certificates
or any other type of certificate are validated.

•        The specific checks that might be bypassed vary with both the user and the actions he may have taken during the current browsing session. An attacker could not predict with any degree of certainty which checks might be bypassed in a particular case.

•        The vulnerability does not provide any way to force users to the attacker's web site. It is likely that this vulnerability could only
be exploited in conjunction with a successful DNS poisoning or similar attack.

Scooby dooby spoof

2009-12-14T06:15:00Z

                           Some vulnerability could enable a web page to display the URL from a different web site in the IE address bar. This spoofing could occur within a valid SSL session with the impersonated site. Both vulnerabilities could be used to convince a user that the attacker's web site was actually a different one - one that the user presumably trusts and would provide sensitive information. However, as discussed in the Mitigating Factors section below, there would be significant hurdles to exploiting either vulnerability.

                           Variants of the "Frame Domain Verification" vulnerability could enable a malicious web site operator to open two browser windows, one in the web site's domain and the other on the user's local file system, and to pass information from the latter to the former.

                           This could enable the web site operator to read any file on the user's local computer that could be opened in a browser window.

Spoofing

2009-12-13T06:14:00Z

Web page spoofing

In Web page spoofing the attacker makes you believe you are at a “safe” site when you are really at a site controlled by the hacker. These attacks can include altering IE’s location bar to show the wrong URL, mixing real site content with altered content, and showing the title of the page being spoofed, making it almost impossible to determine that you are not where you think you are.

Two vulnerabilities affecting Internet Explorer:
(Both of which could enable an attacker to spoof trusted web sites).

The first vulnerability involves how digital certificates from web servers are validated. When CRL checking for such certificates is enabled, it could be possible for any or all of the following checks to no longer be performed:
•        Verification that the certificate has not expired
•        Verification that the server name matches the name on the certificate
•        Verification that the issuer of the certificate is trusted

Many a types of these Browser Failures

2009-12-12T06:07:00Z

Vulnerabilities in Web browsers take many forms.
The vulnerabilities can be categorized into multiple classes including
Web page spoofing,
ActiveX control vulnerabilities,
Active scripting vulnerabilities,
MIME-type and content-type misinterpretation
Buffer overflows.

The consequences may include disclosure of cookies, local files or data, execution of local programs, download and execution of arbitrary code or complete takeover of the vulnerable system. To give some definition to their classes and add examples, the following general explanations with footnote references will followup on my consequitive blog postings.

Vulnerabilities in Internet Explorer

2009-12-11T06:03:00Z

Any Browser Faces Vulnerability

If you don’t visit hacker sites, is there a threat?

The answer is, sadly, yes in more instances then you might expect. This article focuses on Internet Explorer, but most of what is presented is true for any Web browser currently available. To start, let’s look at what it means to be a browser. Most people will answer with the most popular function, which is to transform the Hyper-Text Markup Language (HTML) into a viewable Web page. In the case of Internet Explorer, the browser can also interpret Java, ActiveX, JavaScript/JScript, VBScript, XML, XLST, and several other languages. Depending on the language, they may be compiled by the browser locally on the PC. The browser can launch almost any application, including media players and mail clients. Internet Explorer is designed with the Microsoft Container-Object model, enabling you to view Word, Excel, and many other documents from within the IE container. The browser code overlaps with Windows’ Explorer to access files on the Internet, in your network, and in your local file system. The browser can both send and receive files from the Internet. In addition, programs such as Outlook, Outlook Express, AOL, and MSN use the browser’s internal engine to render HTML formatted email. The browser can use active content to have bi-directional communication between third party software and itself. Once you realize the full power of the browser, it becomes more apparent why it is such a targeted piece of software – it is the next best thing to hacking the OS itself!

The rate at which vulnerabilities are posted makes it very difficult for administrators and the general public to keep the browser patched at all times.

Loan for a lion!!

2009-12-05T07:44:00Z

Well every individual once he or she starts seeing some quick bucks they start looking for a wealthy lifestyle they begin to think more than what they could and so comes into picture who none other than the banks.

Banks survive by rotating money and who fall for it majority of the people who are in need of it and some genuine cases. Loans nowadays are granted based on the asset a person holds and based on what requirement the money is being applied for.

Well there is a famous saying that money is granted by banks when the borrower proves that he is not in need of it by showing assets.Laughing out loud looking at our lives as we gradually fall for loads,credit cards and we do not realize that life has not made us feel easy as we go to bed everyday.Living in fear or debt is not a life.Life is filled with many things that we have not looked at but maybe its already too late to think about it.But it will be nice if we start focussing on what we really need and start spending on them.Yes you may go for a loan no doubt.But make sure whatever you invest is payed back to you in full.

Masters Abroad

2009-12-01T15:50:00Z

Every individual has high dreams of pursuing his or her higher studies in countries like USA,Canada,Australia,New Zealand,Singapore,but what takes it most of them to reach their dreams is money and hardwork but not both for many.The one who has money would not have to wait for anything other than just take up preliminary tests and get ready to fly.

Most of the aspiring graduates,professionals remain in their own country because of lack of financial resources which they could not get to arrange to fly abroad and study.How can this be changed.Well trying fraudulent activities can issue a permit to a country to continue studies but the fact it bitter an initial entry can be promised but it will surely not be a good start.Any day truth will live.Arrange resources in genuine manner and aim higher for tapping the knowledge that are available in places where it is over pouring.

Lots of reputed universities are offering graduates with many benefits to help them study and pay their own fees where get to they work and it will surely be a better chance for many people to make the best use of it.All it matters is a never dying aspiration to settle in life and a clean heart to achieve the goal.

Honey Bee Bees

2009-11-28T17:16:00Z

HoneyBee are one of the most interesting insects on planet earth. Its lifeis dedicated to produce honey basically from the food

Eaten by human being. As an average honey bee generates about one tenth of a teaspoon of honey during its lifetime.

And it goes about two million flowers to generate a pound of honey.

Surprisingly honey bee family has a drawback as they have only the female bees who work and the male bees

Called as the drones do not work at all. And like most of us know honey bees are very well known for their sting and

The interesting fact is if they sting anybody they die by themselves.

Andlike how we have mouth to speak honey bees communicate by dancingwithin each other. Honey bees will remain to be interesting not only bywhat they produce but by their own living style.

Black Box Testing

2009-11-27T17:19:00Z

Black box testing approach helps in designing test cases which focus on the functional requirements of the given software. Hence this approach helps you to design a set of input values that will completely tests all the functional requirements of the application. It is important for you to understand that Black Box testing is not an alternative approach of White Box testing or vise versa. Rather it is a complementary approach that help in discovering a different type of bugs that can not be found by white box testing. Black box testing finds the incorrect or missing methods (functions), interface related errors, I/O related errors, performance related issues, memory leaks issues, initialization and termination errors.

By now, you will be clear that white box testing is performed early in the testing process, i.e during Unit Testing phase ( by the developers on their modules) while the Black box testing is done to a complete application by the external testing team.

Box box testing

2009-11-26T17:15:00Z

Test Case designing criteria :

As you know that the main objective of designing test case is to uncover the serious, unknown bugs in the given software application. To achieve this goal you can take white box and Black box testing approaches.

White Box Testing: White box testing is a methodology to design the test cases that uses the control structure of the application to design test cases. Using white box approach, you can write the test cases that make sure that all the independent paths of a given module have been at least executed once. It also checks all the Boolean conditions, boundary conditions and validate internal data structures.

Objectives of Testing

2009-11-20T02:25:00Z

The main aim of testing is to execute some test cases, manually or through automation with the aim of finding the unknown errors/bugs in the given software application. So many times, I have observed, testers calling a particular Test Case as good test case which always passes. Is it right? No! a good Test Case is the one which has a very high probability to fail. Let me give a example of my previous project. It was a GUI application. If the user clicks onSubmit button in the given form, a new page was presented to the user with the modified URL at the address header of the browser window.

Everything looks absolutely fine. But if you cut and paste the modified URL to the new browser window and press Enter key, this fails to bring the same page. According to me this is a good test case which we simply don’t think. Hence, the design of a Test Case should be such that so it can uncover the unknown errors. That’s why I always give lots of importance to the testers as they think Out of Box. The intention of testing is not to show that the given application is free of bugs. But to say that defects are present in the application, so better fix them before you ship the application to the client.

Please note down that if the bugs have slipped in the testing phase and discovered either by the end users or client. The cost to fix them during the maintenance phase is 50-100 times of the cost fixed during the development phase.

STLC Talking about Testing

2009-11-13T21:38:00Z

Software Testing is perhaps the least-understood and most critical component of the Software Development process in the Software Development Life Cycle (SDLC) with roughly 40-45% cost associated with it. This article explores the importance of a Testing Engineer towards completion of any successful software project and throws some light on the hurdles that a Testing Engineer encounters and summarizes effective solutions for the same.

Testing presents a very interesting anomaly for the developers and testers. During scoping and development phase, developer tries to build a software application from the some what abstract requirement specification (RS document). Now next comes Testing. A well experience Testing engineer creates a series of Test Cases with the intention to “knock down” the software that has been built by developers with lots of efforts. So at this moment, you may feel, the role of testing is a destructive and your role as a tester in the development team as a villain. Is it a wrong profession?. The answer is absolutely No!. However the aim of testing is somewhat that we might expect.

Hang up –Mom

2009-11-09T17:48:00Z

It is a kind of annoying thing if we pin point others mistakes to them and that too in public. But may be it is time we have to come out of that kind of feeling and realize that it is better for us to take more suggestions to make oneself better.

I have personally realized this in my heart so many occasions. If I get a call from either a friend or a dear person we spend a lot of time over the phone but most un likely also use many caring and loving words to even sustain those conversations. But imagine your mom or dad calls you when you are riding the bike or driving a car or attending a meeting or busy chatting with a friend and if you happen to receive a call from home then emotions, words change so quick that we tell our parents I got to go and I have work and we can come up with all possible reasons to fob them off.

Think over it rather I leave a note of advice on this. Because I am sure not many of us intend to hurt our parents but end result is always in a way that they get offended.

Beware Boyfriends

2009-11-06T17:48:00Z

Well!! How many of us would have fallen in love. Excuse me i am talking to only the male gender, how many of us would have fell in love. We would have either tried to fall in love or would have gained experience falling in love then breaking up with relationships or would have successfully been with our dear ones.

But not all of us are succesfull.Why? Well it is hard for us to conclude with few moments in our life where we end up with the right person maybe with wrong intentions or with a wrong person with right intentions. Life has thought us many lessons out of which most of it are forgotten as we get aged. Surrender ego,poisened mind over to your relationship and keep going without worrying about what is going to happen tomorrow.

Lets not always take a glass of liquor and say cheers "for all the women’s we loved and the ones we have lost

Googling with Android!!

2009-11-01T11:18:00Z

Where ever mobile hunters turn they hunt for phones that now carries the latest mobile

operating system called as android.Android OS allows most of the mobile phone software developers to

write dependant Java codes that can run on linux kernel.Speculations where prevailing that google

was planning to enter the mobile market.

Investers and mobile phone competitors were waiting for the long awaiting competitor like Google to enter the mobile phone market to find out whats new about google's entry.google on the other hand has not been motivated to sell mobile phones at cheap prices but instead Google has huge plan to make ways for users to

navigate thourgh places using Google maps,directions given during a jogging session or a walk or even a casual drive alongside the beach are also some of the possible ways our mobile phones are planning to help users.

With the coming of android into market the change will be felt soon as technology is driving the Globe and is creeping to its innovation to the heights.

Time to Showcase!!!!

2009-10-29T23:47:00Z

Most of our expectations in life comes either when we are small or when we feel we have not achieved anything in our lives. Hence even planning our own expectations in life is again a key factor to showcase our talents,strengths and many more.
Life is filled with a lot of emotions which basically keeps us circulating about our worries and pains and happiness and does not allow
us to indeed focus on the realities of the world maybe the next day when we wake up every morning.

What has to be done is simple. Before we go to bed if we can spend some time on preparing a chart and write down what are the things we have to achieve in life and where do we stand and where does all this lead me to.If and only if all these expectations are met soon
then there will come a day in our lives where people would wait to see what we have showcased and realize that these items on the showcase are not bought but earned out of a life experience.

Showcase your talents before the clock stops ticking!!!!

DANCE

2009-10-27T00:53:00Z

A dance is something that is felt not out of compulsion but it is also an inbuilt talent which allows the

human minds to shake,move,cling with the music that the body hears. There are many different types of dance which are mostly formed by the culture or the geographical features. Dance helps human bodies to come out of all stress and give them a refreshed feeling.

Dance till you fall down. Music should let us loose control.