[justfewtuts] xml-motor ~ what it is; how & why should you use it

@ justfewtuts.blogspot.com [5-March-2012]

http://justfewtuts.blogspot.in/2012/03/xml-motor-what-it-is-how-why-should-you.html

View As Presentation: http://speakerdeck.com/u/abhishekkr/p/xml-motor-whatwhyhow-this-xml-parsing-rubygem#

Late 2011, I started with a new rubygem project for parsing xml, html content.
@Rubygems: http://rubygems.org/gems/xml-motor
@GitHub     : https://github.com/abhishekkr/rubygem_xml_motor

Just created it to test out my work at compact, quick & easy xml-parsing algorithm… can see that
@Slideshare: http://www.slideshare.net/AbhishekKr/xmlmotor

So, currently this is a non-native, completely independent less-than-250 ruby-LOC available as a simple rubygem to be require-d and use in an easy freehand notation and match with any node attributes.

…..click here to read this full original post

[tekwalk] [Puppet] Exported Resources is a beautiful thing….. thing to use and improvise

@ tekwalk.blogspot.com [14-March-2012]

http://tekwalk.blogspot.in/2012/03/puppet-exported-resources-is-beautiful.html

Lately, I’ve been real blunt towards Puppet because of the soup that leaked some specific scenario flaws in very busy times.
So, it’s my duty to applause if I like something which is a novel and beautiful concept.
For a well organized auto-magically managed set-up apart from a fine infrastructure and its configuration management mechanism, a very important part is for the monitoring and logging solution to spread across the infrastructure in a similar seamless and scalable fashion.
Puppet enables it very finely with the use of exporting and collecting resources.
Exported Resources are super virtual resources.
Once exported …..
…..click here to read full original post

[tekwalk] MCollective can’t handle Puppet ~ just like psychotic love stories

@ tekwalk.blogspot.com [5-March-2012]

http://tekwalk.blogspot.in/2012/03/mcollective-cant-handle-puppet-just.html

Past 2 months, I’ve been in pain due to the psychotic love story of MCollective and Puppet.

YES, they are very helpful products to automate configuration management and orchestrate metadata-based multicast-ed actions.

YES, they are now under the same organization PuppetLabs which is whole-heartedly working to improve them so they could retain their status in the started-to-glamour-izing DevOps domain. So, both of them will improve a lot.

But, first of all.
If you don’t properly test your corporate-aiming projects over Ruby1.9.x; please do post a big notice on your projects page or at least on first page of your amazing Doc.
My story for past few weeks:
I start using a project…..

…..click to here to read full original post

[tux.install] have a redirecting link to download ~ cURL it down

@ tuxinstall.blogspot.com [04/April/2011]

http://tuxinstall.blogspot.com/2011/04/want-shell-command-to-download-package.html

want a shell command to Download a package, but it has a Redirecting Link…
CURL it down

…..website similar to SourceForge.net, where if you copy the final redirected link and paste it in your script that would’t work after some moments…..

…..which can be used very easily to download the resource after following the redirected link at the time of execution… and the savior is our same old CURL.

…click here to read in detail

[hackersmag] Don’t SSL-ify full site until SSL is itself Secure

@ http://hackersmag.blogspot.com [30/03/2011]

http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html

Full Site SSL-ification is not an option, need to make SSL secure first

I have  heard (Recently and in past) security aware lives wasting a lot of their potential over the argument like
+ ‘Basic HTTP is insecure‘ {sometimes in novice past}
+ ‘SSL-ify entire web service‘ {still a lot push is there}
Now, ‘Basic HTTP’ being insecure is not a flaw by design… but a flaw by choice.

……….
Though it has been haunting the websites by attacks like
+[] SSL Stripping:
It’s due to……….
+[] Sidejacking:
It occurs……….
……….
Then, ‘Full Site SSL-ification’ is a good choice from theoretical security point-of-view, but just in theory.
Different SSL-Defeating attacks involving
+[] Flaws in Libraries like NSS:
There was a……….
+[] Fake SSL Certificate generation:
Not a flaw……….
……….
So, if you will look deeper into serial-murder case file of   SSL Certificates, you’ll see it ain’t safe…
and so there is no point in argument over its mixed/full   implementation.
…click here to read in detail

[hackersmag] Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

@ hackersmag.blogspot.com [29-Dec-2010]

http://hackersmag.blogspot.com/2010/12/weak-excuses-after-weak-security.html

Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

On Dec-17-2010, Mozilla was reported about availability of its user-accounts (partially, which were used on addons.mozilla.org) over a public server.

They have projects like Firefox (super famous web-browser), NSS (one of the most famous libraries for developing secured client-server application), and more… if an organization like them do a mistake like this, oh yeah… hackers paradise

it’s how they defend themselves…
database included 44,000 inactive accounts using older
but don’t you think… even inactive users on a site deserve their privacy, and if they were inactive and not important then……….

…click here to read full blogPost

[abionic.blogspot.com] GitHub’s “purely artificial and poorly intelligent” A.I.

@ abionic.blogspot.com [20/Dec/2010]

http://abionic.blogspot.com/2010/12/encounter-with-githubs-ai-which-is.html

encounter with GitHub’s A.I. which is “purely artificial and poorly intelligent”

Recently, I had an interesting encounter with GitHub’s A.I. which was purely artificial and poorly intelligent.
I have a repo at ‘https://github.com/abhishekkr/sitehoster‘; it’s an experimental web-server developed in ‘Java’ but it has been marked as ‘Javascript’.

Now I’m a bit hard at things which don’t work to their potential… but I don’t think their is anything wrong in it.

So yeah there is an ‘Artificially Poorly Inferenced Logic‘ implemented in so advanced GitHub
which could have been ‘Smartly Easily Granted Control‘ to not so artificially intelligent Users…

…click here to read full blog post

[hackersmag.blogspot.com] only few domains DNSSEC protected, WHAT ABOUT YOU

@ hackersmag.blogspot.com [17/Dec/2010]

http://hackersmag.blogspot.com/2010/12/only-org-and-net-domains-under-dnssec.html

Are you protected with DNSSEC:
[] in mid-2010, DNSSEC got deployed over ‘root-DNS-server’ and ‘.org’ domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in ‘.net’ zone too
{securing more than 13million registrations online}
[] preparations are up to sign the ‘.com’ zone in first quarter of 2011

Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations…

…click here to read the full post

[hackersmag.blogspot.com] Problem with IEEE 802.1x

@ hackersmag.blogspot.com [6/Sep/2010]

http://hackersmag.blogspot.com/2010/09/problem-with-ieee-8021x-implementations.html

Problem with IEEE 802.1x implementation’s fallback option

———————————————————

I was just looking over some gyan for 802.1x implementation ……. saw mention of fallback option …….

MAB i.e. MAC Authnetication Bypass porviding support for Legacy Devices (say Printers) which are not capable of

…….click here to read full BlogPost

[hackersmag.blogspot.com] XSS Defeating PoC

@ hackersmag.blogspot.com [6/Sep/2010]

http://hackersmag.blogspot.com/2010/09/xss-defeating-poc-if-have-any-time-for.html

Video Demo of the same PoC: http://www.youtube.com/watch?v=ENiiAccY1v0

Project Base: http://sourceforge.net/downloads/sitehoster/v1.0beta%20RC1/

WhitePaper is also available at SourceForge link above

and at : http://www.slideshare.net/AbhishekKr/whitepaper-abktrick-to-subvert-xss

I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.

This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user’s browser.

…….click here to read full BlogPost