Thursday, May 21, 2009

One more Acquisition by Voxeo ? -- Yes.

Hi


Silently... Voxeo has closed one more acquisition. Official Announcement may be next week.

Guess who it may be. ??? Is it company based out of India ? Is it company who is working on SCXML or Mrcp V2 or VoicePrint/VoiceVerification or VoiceXml 3.0 ?


Feel free to comment for any details :)


-Raxit Sheth

Tuesday, May 12, 2009

Security & Discloser.

We have discovered the Bug on 14-Feb-2009, Till yesterday BharatMatrimony.com did not taken enough care to update their login page completely... But when we had disclosed How we have done this...and couple of blogger's had put the posts regarding this.... within less than 24hr, these folks has changed the login page.

The stuff, BM did not taken care to do in 3 months... is done by less than 24hr !



Normally Security Folks follow the ethical practice, not to disclose the loophole till they completly fix it, even in past During Myntra Hack we have waited for 2-3 days, till their tech team will fix it. However Incase of Myntra, their team is active, when we reported the issue within next 6hr they called us, However in this case, since last 3 month looks like they stay dumb, with hope We will not going to publish it ! None will know it ! and kind of Lazy !!!

As per my understanding, No system is secure, however when someone will report you Security Loophole, atlest for the sake of your users... you should try to understand it and if possible fix it, or put practical workaround ! the work you have done in last 24 hr, you might have done in last 3 months ! But who cares ??? :)


Just Chill

Raxit Sheh

Wednesday, May 06, 2009

AVIOS Contest open !!!

Hi Speech Enthus..



The AVIOS Contest is open now !! If you are creative,innovative Student, have some geeky idea about Speech Technology... do read this and give it a try... There are many platform available, and prizes also :). Seems like a golden chance for Student.


http://www.avios.org/contest/index.htm


-Raxit Sheth

Wednesday, April 08, 2009

Guruji down ???

I am just searching Guruji Music. But seems to be down... :(






Guruji music recently launched Social App on Orkut and Facebook, they are also seems to be down. While writing this... Music Search functionality is down (which is one of the core part of Guruji Music).


The Bad point is there is no update/downtime status.

The good point is service is useful and someone is noticing it is down :)


Do share your view....


-Raxit Sheth

Tuesday, January 27, 2009

ClearText Password & Wordpress

Few days back i had post about cleartext password on Jeevansathi.com now its Wordpress ! :)

You can test it, if you are having any blog on wordpress.com like www.raxitsheth.wordpress.com or you are having blog on your site which is powered by wordpress.

Create a post, password protect it. Take any cookie viewer/proxy/cookie-editor, and view your password in cleartext in your cookie !!! Can't believe.... check this snap ....









So What ???
1. storing password (in cleartext)(or any piece of info which someone can misuse) at client side is just dumb idea !

2. Even this cookie is only readable by your wordpress.com domain/subdomain/blog-address, if any bug in wordpress like XSS can exploit this.

3. Forgot the 2, if you are in cybercafe/office/behind proxy... you admin can read the password of password protected blog. !!!



Note 1 : wordpress.org is already knowing the issue [since 2 year ???] and ticket is re-opened here
http://trac.wordpress.org/ticket/3316


Note 2: If you are in/ around Mumbai, you can catch me during OWASP Meet, venue/date will be declared soon.



Interesting ???? Share your comment here....




-Raxit Sheth
www.Mykavita.com 1st birthday !

Friday, January 23, 2009

Aamirkhan blogging on Indiatimes ???

Hey

Will update this post ! busy chatting with few friends :)


-Raxit

Sunday, January 18, 2009

Is BigAdda.com sleeping !! My Guest post on Dinesh Soni [Hatkebol] Blog

I just write a guest post for Dinesh Soni.

Its related to bigadda.com and bigadda.in !

You may want to read it here




-Raxit Sheth