miCRoSCoPiC^eaRthLinG

Hahahahahaha.. TOO DAMNED FUNNY rofl.. am still rolling on the floor. Good one cap'ain.

Cool find dude I'm grabbing my first one from there. Lets see what goodies they've to offer.Cheers,m^e

Now let me explain a little bit on how this Password Manager vulnerability compares to common phishing attacks. What you've stated is the most common mode of phishing - that someone creates a popular site lookalike BUT usually at a different similar sounding URL and then tricks the users into following that url, thus revealing their login credentials. However, this exploit can happen over VALID URLs and hence even careful users might fall into the trap. Here's an example --> A lot of the popular Social Networking sites have started offering you human-readable links to the member profiles, rather than the cryptic php variable based dynamic URLs. Currently MySpace, Hi5 etc. all offer you such links. Example: MySpace: https://myspace.com/browser Hi5: http://www.hi5.com/microscopic-earthling Comapred to this earlier on the links took the form: social While the new URLs are clearly legible and easy to remember, they've opened up a new avenue of exploit. As I said, earlier on a phisher would have to trick an user into following to the phishing URL - but since the domain name would be different, Password Managers wouldn't pop-up on their own and/or offer to fill the forms. The browser pass managers essentially rely on the Domain Name + Form Elements combo to fill the pages. You might have noticed that if the name of a certain form element (say login/password inputboxes) change on a page - the password managers won't be able to fill them up properly. Anyway, supposing the login page for MySpace is: https://myspace.com/browser With the new Profile URL scheme, I can easily create a profile that looks like: https://myspace.com/browser ... and install an exact copy of the myspace login form there instead of my profile and then make it redirect to my own database for storing the username/passes. Since the DOMAIN is the same and so are the FORM ELEMENTS, the Password Managers are fooled into believing that they've reached the valid login page and this fills up the form without thinking twice. Come to think of it - this approach can even fool careful users, who might not notice that the "." before html was replaced by a "_". The whole point of this panic is that the pass managers don't validate the URLs properly before form fill-up - for some reason the coding for form-fillup is extremely loose & sloppy. It's really funny - why none of the coders ever thought of this before !! It's quite an evident validation issue. Hopefully it'll be rectified soon And hope that explains why this isn't a baseless issue of FUD and why people should think twice before using the existing pass managers - till the fixes are released. Cheers, m^e

Hehehe.. and do you remember whenever we'd a severe windows bashing thread going on, people would always misspell your nick as cryptonix and that'd piss u off bigtime Good to know you're doing great. Hope to see you around

Hi beatriz, All your queries are nicely answered in our FAQ's. Kindly refer to them first... All hosting related information can be found in the following categories: All about Hosting Credits Hosting account, finally... Regards,m^e

Oooopss I'm afraid you guys got me there.. hehe.. as they say ignorance is bliss. I am not much of an Opera fan - and have been a faithful FF follower since it's inception - though I always have Opera installed as a secondary browser. I should have run a small search to see if there are Opera versions for Linux. Heh. However, I believe the key determinant factor here in choosing Firefox over Opera was FF being OPEN SOURCE. If you notice - the general trend in French Govt. bodies is all about shifting to open source. So there..

I don't think there's a Linux port of Opera... so how can you run it on a Linux distro?? Except maybe with the help of WINE and some ugly tweaking

According to a recent posting in ZDNet Blogs as reported by By Christophe Guillemin of ZDNet France, the members of French Parliament are about to make a complete switch-over to open source based systems. Starting from June 2007 1,154 French parliamentary workstations will be running on an open source OS, with OpenOffice, Firefox and an open-source e-mail client. A spokesperson for the parliament's administration said a decision as to the choice of Linux distribution and e-mail client hasn't yet been taken. The Parliament seems to be following suit on the gendarmes (armed police force) and the Ministry of Culture who have already shifted over to open source. Full report... Another feather in Linux/Open Source's cap

Issue resolved I believe. Topic closed.

Yup - that's a good idea and that's what I wanted to do for a long time. I keep downloading all the trash in the world and try them out. Most I don't like and I delete/uninstall and keep only the best ones. I was so totally searching for something like this, that'd allow me to install something in a sandboxed environment and get rid of the whole thing (files + registry keys + any other changes it made) if I decided to trash it. This thing does just that

OF COURSE I remember you You stopped coming shortly after I joined.. I dunno if it'll help to jog your memory a bit, but I got my first ever Gmail invitation from you I posted in the shoutbox asking for it and you sent me one. Welcome back dude - Asta's definitely grown bigger, but it's still the same old homely place it used to be only that you'll find a whole bunch of little brats pratting around OpaQue is very much here - the board simply wouldnt run without him. NilSc left to form a Online Gaming board of his own, which can be found at: http://forums.xisto.com/no_longer_exists/ The MystiqueFrog you're talking about is probably MajesticFrog - who retired a couple of months back following an accident and haven't been around since then. Hope all's well with him. Cheers mate, m^e P.S. Up for some more Windows bashing, are you ??

I found this at a blogging site - it's funny in a thoroughly geeky way, nevertheless worth a read. The Evolution of Programmers (image by YoPoLey, CC licensed ) High School/Jr.High 10 PRINT "HELLO WORLD" 20 END First year in College program Hello(input, output) begin writeln('Hello World') end. Senior year in College (defun hello (print (cons 'Hello (list 'World)))) New professional #include <stdio.h> void main(void) { char *message[] = {"Hello ", "World"}; int i; for(i = 0; i < 2; ++i) printf("%s", message[i]); printf("n"); } Seasoned professional #include <iostream.h> #include <string.h> class string { private: int size; char *ptr; string() : size(0), ptr(new char[1]) { ptr[0] = 0; } string(const string &s) : size(s.size) { ptr = new char[size + 1]; strcpy(ptr, s.ptr); } ~string() { delete [] ptr; } friend ostream &operator <<(ostream &, const string &); string &operator=(const char *); }; ostream &operator<<(ostream &stream, const string &s) { return(stream << s.ptr); } string &string::operator=(const char *chrs) { if (this != &chrs) { delete [] ptr; size = strlen(chrs); ptr = new char[size + 1]; strcpy(ptr, chrs); } return(*this); } int main() { string str; str = "Hello World"; cout << str << endl; return(0); } Master Programmer [ uuid(2573F8F4-CFEE-101A-9A9F-00AA00342820) ] library LHello { // bring in the master library importlib("actimp.tlb"); importlib("actexp.tlb"); // bring in my interfaces #include "pshlo.idl" [ uuid(2573F8F5-CFEE-101A-9A9F-00AA00342820) ] cotype THello { interface IHello; interface IPersistFile; }; }; [ exe, uuid(2573F890-CFEE-101A-9A9F-00AA00342820) ] module CHelloLib { // some code related header files importheader(<windows.h>); importheader(<ole2.h>); importheader(<except.hxx>); importheader("pshlo.h"); importheader("shlo.hxx"); importheader("mycls.hxx"); // needed typelibs importlib("actimp.tlb"); importlib("actexp.tlb"); importlib("thlo.tlb"); [ uuid(2573F891-CFEE-101A-9A9F-00AA00342820), aggregatable ] coclass CHello { cotype THello; }; }; #include "ipfix.hxx" extern HANDLE hEvent; class CHello : public CHelloBase { public: IPFIX(CLSID_CHello); CHello(IUnknown *pUnk); ~CHello(); HRESULT __stdcall PrintSz(LPWSTR pwszString); private: static int cObjRef; }; #include <windows.h> #include <ole2.h> #include <stdio.h> #include <stdlib.h> #include "thlo.h" #include "pshlo.h" #include "shlo.hxx" #include "mycls.hxx" int CHello::cObjRef = 0; CHello::CHello(IUnknown *pUnk) : CHelloBase(pUnk) { cObjRef++; return; } HRESULT __stdcall CHello::PrintSz(LPWSTR pwszString) { printf("%ws", pwszString); return(ResultFromScode(S_OK)); } CHello::~CHello(void) { // when the object count goes to zero, stop the server cObjRef--; if( cObjRef == 0 ) PulseEvent(hEvent); return; } #include <windows.h> #include <ole2.h> #include "pshlo.h" #include "shlo.hxx" #include "mycls.hxx" HANDLE hEvent; int _cdecl main( int argc, char * argv[] ) { ULONG ulRef; DWORD dwRegistration; CHelloCF *pCF = new CHelloCF(); hEvent = CreateEvent(NULL, FALSE, FALSE, NULL); // Initialize the OLE libraries CoInitializeEx(NULL, COINIT_MULTITHREADED); CoRegisterClassObject(CLSID_CHello, pCF, CLSCTX_LOCAL_SERVER, REGCLS_MULTIPLEUSE, &dwRegistration); // wait on an event to stop WaitForSingleObject(hEvent, INFINITE); // revoke and release the class object CoRevokeClassObject(dwRegistration); ulRef = pCF->Release(); // Tell OLE we are going away. CoUninitialize(); return(0); } extern CLSID CLSID_CHello; extern UUID LIBID_CHelloLib; CLSID CLSID_CHello = { /* 2573F891-CFEE-101A-9A9F-00AA00342820 */ 0x2573F891, 0xCFEE, 0x101A, { 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 } }; UUID LIBID_CHelloLib = { /* 2573F890-CFEE-101A-9A9F-00AA00342820 */ 0x2573F890, 0xCFEE, 0x101A, { 0x9A, 0x9F, 0x00, 0xAA, 0x00, 0x34, 0x28, 0x20 } }; #include <windows.h> #include <ole2.h> #include <stdlib.h> #include <string.h> #include <stdio.h> #include "pshlo.h" #include "shlo.hxx" #include "clsid.h" int _cdecl main( int argc, char * argv[] ) { HRESULT hRslt; IHello *pHello; ULONG ulCnt; IMoniker * pmk; WCHAR wcsT[_MAX_PATH]; WCHAR wcsPath[2 * _MAX_PATH]; // get object path wcsPath[0] = ''; wcsT[0] = ''; if( argc > 1) { mbstowcs(wcsPath, argv[1], strlen(argv[1]) + 1); wcsupr(wcsPath); } else { fprintf(stderr, "Object path must be specifiedn"); return(1); } // get print string if(argc > 2) mbstowcs(wcsT, argv[2], strlen(argv[2]) + 1); else wcscpy(wcsT, L"Hello World"); printf("Linking to object %wsn", wcsPath); printf("Text String %wsn", wcsT); // Initialize the OLE libraries hRslt = CoInitializeEx(NULL, COINIT_MULTITHREADED); if(SUCCEEDED(hRslt)) { hRslt = CreateFileMoniker(wcsPath, &pmk); if(SUCCEEDED(hRslt)) hRslt = BindMoniker(pmk, 0, IID_IHello, (void **)&pHello); if(SUCCEEDED(hRslt)) { // print a string out pHello->PrintSz(wcsT); Sleep(2000); ulCnt = pHello->Release(); } else printf("Failure to connect, status: %lx", hRslt); // Tell OLE we are going away. CoUninitialize(); } return(0); } Apprentice Hacker #!/usr/local/bin/perl $msg="Hello, world.n"; if ($#ARGV >= 0) { while(defined($arg=shift(@ARGV))) { $outfilename = $arg; open(FILE, ">" . $outfilename) || die "Can't write $arg: $!n"; print (FILE $msg); close(FILE) || die "Can't close $arg: $!n"; } } else { print ($msg); } 1; Experienced Hacker #include <stdio.h> #define S "Hello, Worldn" main(){exit(printf(S) == strlen(S) ? 0 : 1);} Seasoned Hacker % cc -o a.out ~/src/misc/hw/hw.c % a.out Guru Hacker % echo "Hello, world." New Manager 10 PRINT "HELLO WORLD" 20 END Middle Manager mail -s "Hello, world." bob@b12 Bob, could you please write me a program that prints "Hello, world."? I need it by tomorrow. ^D Senior Manager % zmail jim I need a "Hello, world." program by this afternoon. Chief Executive % letter letter: Command not found. % mail To: ^X ^F ^C % help mail help: Command not found. % damn! !: Event unrecognized % logout Enjoy m^e

See, your AV will still be monitoring whatever is being downloaded - whether in a Sandboxed mode or NOT. Sandboxie won't be able to tell on it's own whether you downloaded a virus/spyware - but what it WILL do is even if you somehow manage to run the virulent code, once you close your browser, all the infected programs will get restored to their original non-infected state. That much is guaranteed by Sandboxie...

Hey guys, ????[/tab]I came across this terrific FREEWARE tool called Sandboxie that can run almost any given program in a virtual sandboxed space and revert your system back to the original state it was in, once you terminate the program. For instance, when you surf using your favourite browser (Firefox/IE/Opera) - they can easily get infected with n-number of scumwares floating around on the net. More often than not they manage to slip through your AntiSpyware tool and infect your browser. Sandboxie provides a perfect solution for that. I found a very good review and description of the tool and am going to paste that here. ????I grabbed it and started using it the moment I read about it - it works much smoother than any related Virtual Machine tool I've seen. I've used a couple of System State Restorers like DriveShield and DeepFreeXP - but the biggest problems with those were that they used to make your system/protected drive(s) completely readonly and could be made writeable only on a subsequent reboot. However, NOT SO with Sandboxie. Features I liked about it: Extremely small Disk Footprint of 900KB Installer is only 241KB Runtime Memory Footprint of 2.2MB (Sandbox Server) Ability to selectively save some settings/downloads before shutting down the hosted program Ability to define certain programs to be ALWAYS auto-launched in Sandboxed mode (so you don't have to manually run Sandboxie first and then run the program inside it) [tab]Moreover, Sandboxie provides you with a Windows Task Manager like interface, where all processes you run under it are listed - and you can selectively terminate any of those processes in case of a freeze-up. Give it a shot Grab Sandboxie from: https://www.sandboxie.com/ If you like it and are really satisfied with the results, make sure you come back and add in your opinion. If you find flaws with it, report those too. Cheers, m^e

Those who are using Firefox 2 or IE7 might be at a risk of loosing their login credentials to various sites, if they're using the in-built Password Manager of either browsers. Apparently, Firefox 2 users are more at risk. The basic concept is, phishers can utilise spoofed URLs belonging to the same domain for which you'd saved login information to capture your login credentials when you try to login again. Apparently, none of the browsers check for the validity of the URLs prior to filling up the forms on the page - thus disclosing your credentials to spoofed pages (and consequently to the phishers) as long as the URLs are under the same recognised domain. Read more about this bug (??) .... As for me I never trusted the browser based password managers and have always been using this tool called AI Roboform over the past 2 years. Never gave me a chance to complain

What a coincidence If you modify the word just a bit... instead of Kaladont make it Kaladant - it'd mean Black Teeth. Kala = Black Dant = Teeth

*Bump* Come on guys.. I really need some pointers.. I've already started on with Kaladont which Pyost suggested. Any others ???

Abhiram - Histrionics in simple hindi is Nakhrebaazi People who throw tantrums at the slightest.

Lol... HELL YEAH !! Droool Tsunamiiiii

We're running PHP Version 4.4.2 here. We've had talks of upgrading to v5 quite a few times - but apparently a lot of members use old-scripts that contain deprecated syntax when run on version 5 and hence will cause problems if upgraded all of a sudden. I believe, OpaQue is planning to phase out an upgrade gradually - don't know when though.

Hehe. Good one. This is me:

You're right till the Chinky babes.. but kinda went off-track after that. You see I've been rather busy trying to trap this real dirty Arabian Rat who's always running around in the plenum of my ground floor hall and chewing my UTP cables to shreds. Arrrrrrrrrgh !! Wish I could somehow get my hands on him - but one helluva sneaky rat he is.. Hell, I tell you he's one hi-tech rat.. he's even got his own profile on Orkut Check it out: http://forums.xisto.com/no_longer_exists/ And my credit count has dipped man.. I was never able to achieve a 1000. Went close to it.. in the 990s but then fell back HOSTING CREDITS : 959.94 DAYS.

Cool.. thanks Any other suggestions ???

Hey guys,[tab][/tab]Am sure most of the forumers here have come across simple but interesting games that are played across many forums - through posts. I'm looking for such game ideas for a community on Orkut. For example.. someone starts with a word/phrase. The next person replies back with something that comes to his/her mind first reading that phrase and then adds in a new phrase for the next person to continue...Can anyone gimme some ideas about some such standard games in existence ?? The more the merrier :DThanks a tonne & regards,m^e

As for your MySQL Queries.. try the following: $conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');if (!$conn) { die('Not connected : ' . mysql_error());}$db = mysql_select_db('foo', $conn);if (!$db) { die ('Can\'t use foo : ' . mysql_error());}$result = mysql_query('SELECT * ...');if (!$result) { die('Invalid query: ' . mysql_error());}while ($row = mysql_fetch_assoc($result)) { echo $row['id']; echo $row['name']; echo $row['marks'];} Just alter wherever needed, but this should give you a basic outline of how to go about it. Instead of trying to parse $result directly, you should break it up into an array using a function like mysql_fetch_assoc and then use the fieldnames as array element pointers to get each individual data.