rEdshiFt

Sorry about the consecutive posts.... i just HAD to tell u guys... Maybe it can be split into two threads ?

Critical Flaw Found in Firefox Exploit code is already circulating online, security experts warn. Matthew Broersma, Techworld.com Monday, May 09, 2005 Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned. The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system. A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts. The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating. In recent months Firefox has gained significant market share from Mcft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser. Two Vulnerabilities Found The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate vulnerabilities. An attacker could create a malicious page using frames and a JavaScript history flaw to make software installations appear to be coming from a "trusted" site. By default, Firefox allows software installations from update.mozilla.org and addons.mozilla.org, but users can add their own sites to this whitelist. The second part of the exploit triggers software installation using an input verification bug in the "IconURL" parameter in the install mechanism. The effect is that a user could click on an icon and trigger the execution of malicious JavaScript code. Because the code is executed from the browser's user interface, it has the same privileges as the user running Firefox, according to researchers. Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have added other sites to the whitelist, it warned. "We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," Mozilla Foundation said in a statement published on Mozillazine.org. Source : Code: http://www.pcworld.com/news/article/0,aid,...n050905X,00.asp ================================================= heres another version of the same news 'Extremely Critical' Bugs Found In Firefox and firefox exploit targets zero day vulns icon_confused.gif icon_confused.gif Quote: Security researchers have discovered two unpatched vulnerabilities in Firefox, the popular alternative web browser. The security bugs affect even the latest version of Firefox (version 1.0.3) and create a means for attackers to seize control of vulnerable systems using cross-site scripting attacks. One vulnerability enables arbitrary JavaScript code with escalated privileges to be executed via a specially crafted JavaScript URL. Successful exploitation requires that a site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org"). This would normally drastically reduce the scope for mischief - but for a second security bug, involving "IFRAME" JavaScript URLs, which creates a means to execute arbitrary HTML and script code in the context of an arbitrary site. A combination of the two vulnerabilities can be exploited to execute arbitrary code on vulnerable systems, according to Danish security firm Secunia. Exploit code is publicly available greatly increasing the chance of attack, it warns. The vulnerabilities - described by Secunia as "extremely critical" - have been confirmed in version 1.0.3 of Firefox. Other versions may also be affected. Users are advised to disable JavaScript and the software installation option within Firefox pending a more comprehensive fix from the Mozilla Foundation.

hi, i just did some lil math....the 1Gbps cnxn would be some 8695 TIMES FASTER THAN RCONNECT :0

9600/month IS high, but NOT FOR 1 GBPS... 1 gbps is so FAR FAR away, we dont even grasp it... imagine if the speed is 100 times lesser - that would still be 10mbps - and THAT seems to be offered for Rs800/month....with no d/l limits ... i would die for that kinda offer .... and IF we're STILL not satisfied,then we move up to 9600/month... i cant even imagine why a home-user would want more than 10mbps speeds...maybe for companies....and im sure RIGHTNOW there are corporates in india paying 10000+ every month for speeds from 512k to 2mbps...

donno how to do this in the phone itself... maybe with bitpim something can be done...not sure try accessing the rworld IN UR BROWSER at these links http://pda.ricinfo.com/ http://pda.ricinfo.com/Pictures.html most of the pictures are 115x95.... i do understand the actual display size of each model will be different of dimensions... but still...115x95 seems to be the size of pictures we get thro rworld.

...and google doesnt even claim it will work here... we're a double no-no... we're not in us/europe and we're not using broadband... ...nothin personal raghugs...do keep sharin info...

Thanx for sharin the info raghugs... i doubt if this would help us much...currently. this from the FAQ page those are the first three questions ! guess this answers most of our doubts good thing is it goes ok with both firefox and ie basicaly,i think we can wait for a while...

Got it dude...

this *3001#12345# is same for any make/model from ril ? i want to use with 2030 i should type it in the phone right ? and then, what..do i press call? i tried in rd2030, but nothing happened... what is supposed to happen?

The two most (!)productive sites i've found for music filez... (http downloads) http://www.coolgoose.com/go/music (english & indian) and, http://espew.com/ (english) post here if u like'em... Keep browsin...

----------------------- addednda: i think i got it now. - u want us to email the response id number to ur email, so that u can send us back gmail invites... right ? thanx anyways.

jus answered the questions reddy... (ID 23924) good luck w ur project/thesis. just a few sug - ppl should be able to choose MORE THAN ONE option for certain questions - for ex, when u ask how all i want my service provider to improve, i wanna pick more than one response. one more thing - a few more open-ended questions would be nice. I know structured questionnares are much easier for statistical computations, but they severly resrtict respondents choices. btw, aircel seems to be missin... and finaly, i coudnt find the gmail invite link...what am i missing ? anyways, dont worry too much about this... i have 120+ gmail invites sittin idly !! and im sure its the same case w everone else too... again, good luck w ur work. keep browsin

fair enough...but googleads are only part of the ad-blockable frames/images... it really has been a 'rediscovery of the net' with firefox...due credit goes to adblock

errm... there is a Rs.55 Top-up card available... like a real,paper card(not the e-version)

Ashras, im a little afraid to give advice...just in case if it didnt work for u.... the way i c it, we dont have much to loose. buy the cheapest top-up card and recharge. provided u have validity days left, u CAN send sms and receive calls. and the worst of the worst, if u still seem to get negative balance - JUST DONT RECHARGE ANYMORE... like u HAVE been doing all these days - jus leave the phone in the attic... it makes more sense to leave the phone un-used than to keep on charging for 1000s jus to get out of the negative balance --------------------------------- btw, i thought by this time u would have already tried if 369 works for u... we were kinda waitin for u to post if its working or not for u.

hi has anyone tried installing/running the new windows OS - Microsoft Codename Longhorn ? (Yes of course, its beta) what was ur experience ?

oh.... ok, i got it... u got it resolved the REAL way...

no, no dude... dont add cds just for the sake of it. The speaker is beautiful, on its own... keep in touch

keep up the good work, hitmoments ...professional dreamer - i like that... is there a cd somewhere in that speaker_setup ?...jus wonderin

Cool scene dude ... u DONT have neg balance problem, thats what ur sayin right... so basically, we dont need any trick or anything to beat neg balance - jus follow whats said by ril in the sms - and we dont get neg balance...thats even better errm...i understood u right, na?

What do u mean WHY !?!? HOW ELSE ARE U GONNA CONNECT UR PHONE TO THE PC, WITHOUT A CABLE ??? why dont u USE one of them ?!! maybe u should rephrase what u r asking.... im not sure ppl understood....WHAT ARE YOU ASKING?

cool scene

...a 16 carriage train !!! THAT would be one great roll

someone removed my 10% warn level... thank you. nice gesture. much appreciated. i got it for using CAPS in my posts ! (no, not entire posts) ... looked stupid. Anyways, i never argued. thank you guys

Chirag, nice post....try this... CDs make perfect wheels. connect two cds with a pen/cil thro the holes and u got a nice little wheely thing get two pairs like this and u got a '4 wheel drive' u might also wanna try sticking 2,3 cds together to get a ...errm... 'broader wheelbase' what all u gonna build on top of these 4 wheels is upto u..let loose ur imagination... train_engine, car, van, truck...u c what i mean rite - ANYTHING on wheels