Featured Posts

<< >>

block ads in Mac OS X – mountail lion / lion/ snow leopard

no_ads

you can block most of the ads and pop ups from sites by blocking them in local DNS file simply open terminal and edit thisfile   $ sudo vi /private/etc/hosts

mac os x server file sharing not taking parent folder permission

The problem arises when someone other than me makes a folder in this shared directory. No one but the person who made that folder can write into it, not even

Traceroute – starwars story

trace

[root@ajay ~]# traceroute 216.81.59.173 traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 38 byte packets 1 196-47-64-59 (196.47.64.59) 0.918 ms 0.948 ms 0.652 ms 2 196-47-64-66 (196.47.64.66) 1.223 ms 2.747 ms

Install Cairo Dock – Linux Mint 16 or higher – cinnamon

dock

Cairo-Dock is a Mac OS X Dock-like application for Linux and BSD distributions that supports OpenGL and freedesktop standards. It provides a desktop interface for launching applications and accessing running

Squid – make HTTPS proxy

https

There seems to be a bit of confusion about configuring SQUID to transparently intercept SSL (read: HTTPS) connections. Some sites say it’s plain not possible: http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#ss2.3 Recent development in SQUID

[fix] Disk utility scan image to restore failed

bootable USB

Disk Utility failed on Scan image to restore – with error “cannot allocate memory”

This prevent you from creating a Bootable Mac OSX USB Disk, but no fear when Ajay near, here is the solution

Solution:

Open terminal and make a bootable USB drive using “asr” command – no scanning i trust my Install_ESD file :)

 

MacBook:~ ajay$ sudo asr restore -noverify -source </path/to/Install_ESD.dmg> -target /Volumes/USB_Drive -erase

 

don’t forget to mention -erase at end, and also you are aware that USB drive will be erased to create bootable OSX.

 

 

 

[solved] Yosemite – Error To open you need legacy Java SE 6 runtime

osx java 2014

After upgrading to OS X Yosemite, there is a lot of updates needs to be done.

My CS5 manager and Vuze didn’t open as it need Legacy Java 6 Runtime.

with this error  – “There is an error To open Vuze, you need legacy Java SE 6 runtime”

Tried upgrading java and didn’t help, after searching and reading i found a solution.

Fix: download java 2014-001 manually with this link and Install

 

URL:   http://supportdownload.apple.com/download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/Mac_OS_X/downloads/031-03190.20140529.Pp3r4/JavaForOSX2014-001.dmg

 

 

 

OS X Yosemite- screen sharing missing [solved]

yosemite

Upgraded to Yosemite, nice design , i liked the look and feel

now client called me to check their X Serv, oops my screensharing Doc icon is missing , it’s just showing a question mark. realise screen sharing is not in System- library-Core services anymore, panic panic panic.. google google nobody had the issue yet.

after spotlight i found it in System-> Library -> Core Services -> Applications

at least spotlight will find it now , before spotlight didn’t know about the hidden applications

yosemite

yosemite

PHP has fixed several vulnerabilities allowing remote code execution


The PHP development team has released new versions in order to fix three security vulnerabilities -one of them is said to be a critical one and leads to remote code execution.

The vulnerability identified as "CVE-2014-3669" can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.

In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).

These vulnerabilities were discovered by the Research lab of IT security company High-Tech Bridge.

The new versions 5.6.2,5.5.18 and 5.4.34 address these three vulnerabilities.

Critical SQL Injection vulnerability in Drupal 7.x

Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk.

Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries.

But, this API itself introduced a new and critical SQL Injection vulnerability.  The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site.

This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one.

SektionEins didn't release the POC but released an advisory with technical details.

The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator. 

The vulnerability affects Drupal core 7.x versions prior.  Users of 7.x versions are advised to update their CMS immediately.

You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {"  with "foreach (array_values($data) as $i => $value) {"  in 739 line.

A proof of Concept has been released online that allows anyone to change the password of admin account.  So, better Hurry UP! Update your Drupal CMS.

One of the reddit user "fyukyuk" posted a HTTP post request that exploits this vulnerability.

The following python Code changes the admin password of vulnerable Drupal to 'admin' (Tested with Drupal versions 7.21,7.31).