Wired’s Vanity Validator widget for iGoogle, found on the Julia Allison Wired article:
How famous are you online? Inspired by Chris Anderson’s best-selling book, The Long Tail, this gadget uses Google’s PageRankā¢ technology to give you a number based on how many good websites mention the name you enter.
Try for yourself:
What’s your score? (mine was 50 at this time, not quite famous or fabulous)
Winter has arrived in Sydney. Well, that’s all still a bit relative though.
But it’s going to be an exiting month. We have an Adobe AIR camp (a day of AIR immersion), the Google Developer Day I’m looking forward to, and the opening of the large Apple store, plus a probable release of the iPhone 2 (ends up to be July 11). At the Apple dev conference in San Fran next week for sure, but possibly maybe also officially in Australia. Still, the question remains if we will be able to get our hands on one this month, or will we need to wait for another couple of months? And the releases of Opera 9.50 (June 11) and Firefox 3 on June 17.
Things are ablaze in the SEO world. Google has changed it’s page rank algorithm it seems, dropping PR about 2 points. Mine’s still at 4 though (which isn’t much anyway). Maybe it is just about resetting the baseline. If too many related sites have a hight PR, then the value of that PR is tainted and actually of less value. I’m just happy to have a page rank…
There’s currently a lot of chatter on the securityfocus mailing list about the pdf-javascript vulnerability
disclosed by Stefano Di Paola and Giorgio Fedon last week at 23C3 in Berlin (original advisory),
making new ajaxy worms or XSS possible. Adobe did put out an Acrobat fix, but lots of people don’t often upgrade Acrobat reader.
Affected versions are combinations of (other combinations may exist):
In my opinion, it also makes for a big phishing hole.
Google for any banking pdf’s (for example using something like site:abankingsite.com filetype:pdf)
and attach your fake banking site to let the user login to read the article using a JavaScript confirm dialogue.
In Firefox 2 the dialogue states: ‘The page at http://www.abanksite.com says:’. Depending on if you click "OK" or "Cancel" you are redirected to the fake login page or to the real banking page (but not the article). Try this link (POC), which could be part of a phishing mail, in Firefox/acrobat7: http://tinyurl.com/y6gklk (the tinyurl not only makes it easier to link, but additionally obfuscates the payload in the pdf link). It abuses the trustworthy URL of the bank to redirect to a fake login page.
A possible server side solution would be to force the pdf’s to be downloaded through use of a particular MIME type or Content-Disposition. On the client-side, upgrade to Acrobat 8, or always download pdf’s, don’t open them in your browser, or use another pdf reader.
Read more at SecurityFocus (maillist thread) or GNUCitizen here and a follow up here.
© 1997-2009 JJ Halans - Less is more 
XHTML | CSS | CC |
JJHalans is proudly powered by
WordPress
Entries (RSS)
and Comments (RSS).
17 queries. 0.391 seconds.