These days contact from hijacking is on run…spammers are using weak contact forms to send spam emails and this makes a server black listed in many sites. The most of the AOL emails are targetted by the spammers.

I came across this when one of my client’s contact form was hijacked and my server IP got black listed. I figured out the problem with the help of Outblaze guys and fixed the issues with the form but that was not the fixed solution to this.

Read more…

I got an invitation from gmail team today…

I think they have started sending invitations to the ones who had subscribed to “Receive gmail updates in mail”

so in that mail..there is a link to “unsubscribe yourself” from the list…

I clicked it and tried entering script code in that…it did not work…I tried again by adding ” and then finally it worked after adding “> in variable email

Wanna see it action ?

Check the screenshot

You will see javascript alert saying “Hi”, I am sure you know what all you can do with it

I have already mail google security team about this, I think they should fix this small issue in few hours…

UPDATE: They are so quick….I got reply from them in less than an hour…very impressive…. where our Indiatimes, They have still not replied to my mail…they should learn something from google..

This is what I got from them
Read more…

Wanna make your Redhat Box more secured ?

Some great links for you…

Take a look at this great post in ServerMatrix forums, points are very well explained….and extremely useful

Couple of more great resourses include Dedicated Server Tutorials & Web Host Gear

cheers
Deep

I found out about this yesterday when I was searching some product on Indiatimes Shopping website. It is very common security problem, it is basically a mistake in the coding part. It is called as Cross-Site Scripting (XSS).

I have informed Indiatimes about it but till now I haven’t got any response from them

What is this security hole all about?
In simple words, a person can ask you to click on the link and once you click on it, he can do whatever he wants…he can show Login Page or page asking for credit card details…

And once you enter the details..everything will be mail to him…infact he may try to do lot more than that..he may try to exploit the loopholes in your system…

I have submitted this to BugTraq also…

Wanna read technical Details? Sure…thing..click on “More” link…
Read more…

iMobilePlaza.com The Leading Cell Phone Wholesaler & Retailer, View Our Mobile Phones Now.