thebeebs | September 2008
thebeebs
Learn the art of website security
 
 

ObjectDatasource - Object Won’t Delete

by thebeebs 26. September 2008 11:08

I was using an ObjectDataSource today, which is rare for me. Everything was working perfectly apart from the deletes. This was because updates and edits pass the full objects back to the ObjectDataSource, however, on delete commands only the properties that are set as Datakeys of the grid are populated and sent back.

In most instances this is fine because to delete an object all you should need is the Primary key. So make sure you add your primary Key as a DataKey for the grid if you want automatic deletes to work ..well…automatically.

Tags: , , , , , , , , ,

Flash say's screw you Silverlight.. Sort of.

by thebeebs 5. September 2008 01:50

thursday_night_football Yesterday Adobe and the NFL teamed up and announced that Adobe® Flash® will be used to deliver live online video streaming of NBC Sunday Night Football games on NFL.com and NBCSports.com.

The first game was broadcast last night and opinions thus far have been Luke warm:

Some complained that the video was pixelated and jumpy Some complained that there was no full screen mode.

Ok Flash didn’t brake any new ground but at least they didn’t melt and they have at least proved Flash Media Server is able to Stream Live TV on a large scale too. (P.S and before anyone mentions youtube…that’s not Live TV).

Please leave comments and let me know your experience of the broadcast.

Tags:

Security Vulnerability with Google Chrome

by thebeebs 3. September 2008 02:01

Have you installed the new Google chrome? Make sure you’re careful with your application shortcuts because I just thought of a very easy way to Phish basic users.

  1. Wrap the Chrome browser installation in your own InstallShield.
  2. Create a Phising Mirror of Gmail or what ever site you want to Phish.
  3. Add Desktop Shortcuts to the InstallShield which link to.
    "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"  --app=http://login.live..yourfakehotmailwebsite.com
  4. Build your InstallShield.
  5. Stick a graphic on your website that says “Get Google Chrome Now” and link to your InstallShield build.

When the user install Google chrome from your link they'll get the browser but they will also find some helpful desktop links to their Hotmail/Gmail/Ebay account.

As the Apps mode in Chrome loads in full screen with NO URL BAR (What were they thinking?). The user will happily click on the desktop links thinking it's just a handy shortcut that their friends at Google installed, not knowing it's really a link to our phishing mirror of Gmail.

Tags: