Hi
Silently... Voxeo has closed one more acquisition. Official Announcement may be next week.
Guess who it may be. ??? Is it company based out of India ? Is it company who is working on SCXML or Mrcp V2 or VoicePrint/VoiceVerification or VoiceXml 3.0 ?
Feel free to comment for any details :)
-Raxit Sheth
Thursday, May 21, 2009
Tuesday, May 12, 2009
Security & Discloser.
We have discovered the Bug on 14-Feb-2009, Till yesterday BharatMatrimony.com did not taken enough care to update their login page completely... But when we had disclosed How we have done this...and couple of blogger's had put the posts regarding this.... within less than 24hr, these folks has changed the login page.
The stuff, BM did not taken care to do in 3 months... is done by less than 24hr !
Normally Security Folks follow the ethical practice, not to disclose the loophole till they completly fix it, even in past During Myntra Hack we have waited for 2-3 days, till their tech team will fix it. However Incase of Myntra, their team is active, when we reported the issue within next 6hr they called us, However in this case, since last 3 month looks like they stay dumb, with hope We will not going to publish it ! None will know it ! and kind of Lazy !!!
As per my understanding, No system is secure, however when someone will report you Security Loophole, atlest for the sake of your users... you should try to understand it and if possible fix it, or put practical workaround ! the work you have done in last 24 hr, you might have done in last 3 months ! But who cares ??? :)
Just Chill
Raxit Sheh
The stuff, BM did not taken care to do in 3 months... is done by less than 24hr !
Normally Security Folks follow the ethical practice, not to disclose the loophole till they completly fix it, even in past During Myntra Hack we have waited for 2-3 days, till their tech team will fix it. However Incase of Myntra, their team is active, when we reported the issue within next 6hr they called us, However in this case, since last 3 month looks like they stay dumb, with hope We will not going to publish it ! None will know it ! and kind of Lazy !!!
As per my understanding, No system is secure, however when someone will report you Security Loophole, atlest for the sake of your users... you should try to understand it and if possible fix it, or put practical workaround ! the work you have done in last 24 hr, you might have done in last 3 months ! But who cares ??? :)
Just Chill
Raxit Sheh
Wednesday, May 06, 2009
AVIOS Contest open !!!
Hi Speech Enthus..
The AVIOS Contest is open now !! If you are creative,innovative Student, have some geeky idea about Speech Technology... do read this and give it a try... There are many platform available, and prizes also :). Seems like a golden chance for Student.
http://www.avios.org/contest/index.htm
-Raxit Sheth
The AVIOS Contest is open now !! If you are creative,innovative Student, have some geeky idea about Speech Technology... do read this and give it a try... There are many platform available, and prizes also :). Seems like a golden chance for Student.
http://www.avios.org/contest/index.htm
-Raxit Sheth
Wednesday, April 08, 2009
Guruji down ???
I am just searching Guruji Music. But seems to be down... :(
Guruji music recently launched Social App on Orkut and Facebook, they are also seems to be down. While writing this... Music Search functionality is down (which is one of the core part of Guruji Music).
The Bad point is there is no update/downtime status.
The good point is service is useful and someone is noticing it is down :)
Do share your view....
-Raxit Sheth
Guruji music recently launched Social App on Orkut and Facebook, they are also seems to be down. While writing this... Music Search functionality is down (which is one of the core part of Guruji Music).
The Bad point is there is no update/downtime status.
The good point is service is useful and someone is noticing it is down :)
Do share your view....
-Raxit Sheth
Tuesday, January 27, 2009
ClearText Password & Wordpress
Few days back i had post about cleartext password on Jeevansathi.com now its Wordpress ! :)
You can test it, if you are having any blog on wordpress.com like www.raxitsheth.wordpress.com or you are having blog on your site which is powered by wordpress.
Create a post, password protect it. Take any cookie viewer/proxy/cookie-editor, and view your password in cleartext in your cookie !!! Can't believe.... check this snap ....
So What ???
1. storing password (in cleartext)(or any piece of info which someone can misuse) at client side is just dumb idea !
2. Even this cookie is only readable by your wordpress.com domain/subdomain/blog-address, if any bug in wordpress like XSS can exploit this.
3. Forgot the 2, if you are in cybercafe/office/behind proxy... you admin can read the password of password protected blog. !!!
Note 1 : wordpress.org is already knowing the issue [since 2 year ???] and ticket is re-opened here
http://trac.wordpress.org/ticket/3316
Note 2: If you are in/ around Mumbai, you can catch me during OWASP Meet, venue/date will be declared soon.
Interesting ???? Share your comment here....
-Raxit Sheth
www.Mykavita.com 1st birthday !
You can test it, if you are having any blog on wordpress.com like www.raxitsheth.wordpress.com or you are having blog on your site which is powered by wordpress.
Create a post, password protect it. Take any cookie viewer/proxy/cookie-editor, and view your password in cleartext in your cookie !!! Can't believe.... check this snap ....
So What ???
1. storing password (in cleartext)(or any piece of info which someone can misuse) at client side is just dumb idea !
2. Even this cookie is only readable by your wordpress.com domain/subdomain/blog-address, if any bug in wordpress like XSS can exploit this.
3. Forgot the 2, if you are in cybercafe/office/behind proxy... you admin can read the password of password protected blog. !!!
Note 1 : wordpress.org is already knowing the issue [since 2 year ???] and ticket is re-opened here
http://trac.wordpress.org/ticket/3316
Note 2: If you are in/ around Mumbai, you can catch me during OWASP Meet, venue/date will be declared soon.
Interesting ???? Share your comment here....
-Raxit Sheth
www.Mykavita.com 1st birthday !
Labels:
cleartext password,
hacking,
security,
wordpress
Friday, January 23, 2009
Aamirkhan blogging on Indiatimes ???
Hey
Will update this post ! busy chatting with few friends :)
-Raxit
Will update this post ! busy chatting with few friends :)
-Raxit
Sunday, January 18, 2009
Is BigAdda.com sleeping !! My Guest post on Dinesh Soni [Hatkebol] Blog
I just write a guest post for Dinesh Soni.
Its related to bigadda.com and bigadda.in !
You may want to read it here
-Raxit Sheth
Its related to bigadda.com and bigadda.in !
You may want to read it here
-Raxit Sheth
Labels:
bigadda.com,
bigadda.in,
dinesh soni,
hatkebol
Subscribe to:
Posts (Atom)