CrazyDavinci's Blog | Social Networking, Programming, Security , Web Development

---

Here we will discuss about Facebook XSS again, the last XSS method using iPhone prompt_feed.php has been filtered, they have patched the system, but not all the hole, they still left us chance to put another XSS onClick using the same app.

You can still insert the XSS via iPhone app, via Android, via BlackBerry, via Facebook Exporter for iPhoto, via Facebook Toolbar for Firefox or via Windows Phone and perhaps some other apps. The instruction is similar to the previous method on iPhone XSS, but with a little change. Kindly follow these instruction to get your own facebook layout : Read more…

---

Many shortened URL redirection out there sometimes makes us confuse about how to see the real URL shared by people around us. We should be careful indeed when we click those URL, as we dont really have any idea where the URL will be redirected exactly. We can actually see the real URL from some URL redirection services like goo.gl, tinyURL or bit.ly if we know how to.

Below, i’m gonna share a little trick on how to see the real URL of this kind of shortened URL. URL Redirection Checker Tool is also available to use for free at the end of this post. I made this tool just to check where any suspicious URL will go. Ok, lets talk about some famous URL shortened services, and the trick how to peek the real URL :
Read more…

---

Based on wikipedia, Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

a while a go, some of you might already know about the controvertial firefox extention called “firesheep” that allows anyone on an insecure open Wifi network to access user login info for almost every single social network in existence. to protect us from firesheep, there is another addons called blacksheep which detects when Firesheep is hijacking our session, or we can use HTTPS Everywhere as an alternative. Now, there is another option on its own facebook setting page to activate this secure browsing.
Read more…

---

It seem’s Google Bangladesh suffered from a DNS Hijack today, January 8, 2011, showing a weird hipster page playing a hiphop song, claiming that Google Bangladesh got “OwN3D by TiGER-M@TE. Visitors of the company’s Bangladesh search site (Google.com.bd) see a defaced landing page rather than the usual search site. It was a DNS Hijack, Mr. “TiGER-M@TE” successfully hijacked the DNS records for google.com.bd and redirect it to “172.233.68.2″, which when visited says site doesn’t exist but oh well..

Below is the screenshot for the defacement page :
Read more…