Makl Ndrix

Category: web

  • Cross domain cookie contamination

    TLDR: XSS attacks can be used to set cookies for sub domains that share the same top level domain. This increases the scope of XSS attacks. In a cloud world; several applications are hosted under the same top level domain. An organization can have hostnames such as: company.com: corporate landing page mail.company.com: webmail intranet.company.com: internal…

  • JQlog: JQuery Keylogger, or why not to trust your proxy admin.

    Note that this post is for awareness and educational purposes only. I do not encourage, and cannot be held responsible for malicious actions using these tools. The Internet, as it is today, is a mash-up of JavaScript enabled services, often included from external websites. Internet companies offer so-called widgets, which are JavaScript tools that can…

  • Kriesi_image_preloader won’t load in IE / Opera

    A friend of mine is using the Newscast for his blog. It is a great looking theme that has an image preloader written in JQuery. It was all looking good in Firefox, but wasn’t displaying properly in IE and Opera. The javascript fails around line 60 in themes/TFnewscast/js/custom.js: jQuery(‘#main’).kriesi_image_preloader({delay:100, callback:removeloader}); This can be fixed by…

  • Reverse proxy for sharepoint on Linux using HAProxy

    At Nakheel, we needed to load balance a new sharepoint instance. Our new sharepoint is single sign on, and was running on 2 web servers which needed to be load balanced. We played around with Apache for a while, and it’s awesome proxy balancer, but it gave us the problem that it was always asking…

  • Logging into SSH with a different username

    I love SSH. SSH is the de-facto service for remote server management, especially in a CLI environment. Being a avid Linux user, and spending quite a bit of time on OSX lately, I often SSH into several servers remotely. Being subject to “username conventions”, you don’t always share the same username across machines. And I…

  • Linked-In to have applications. Professional superpoke anyone?

    Linked In, the professional social network introduced the possibility of using applications. Just as facebook, myspace and friendster did. Linked in feels the threat of Facebook, especially combined with applications such as Kuhnektid to increase your professional “visibility” across the work. Most of linked-in users, are on facebook too. A set of examples are there…

  • Microsoft to enter the clouds

    Microsoft is entering the cloud computing zone pretty soon. It was announced yesterday and will hit the public a month from now with it’s new OS, Windows Clouds (yeh.). It’s feeling the ppressure from easy to use, browser only, applications such as Gmail, google docs and the like. I wish Microsoft (or anyone) would come…

  • CSS Optimizer shrinks your CSS files

    CSS Optimizer is a tool that will shrink your CSS files and shave off a few kilobytes. I tested a few CSS files on places.ae and, shamefully, saw an average of 33% improvement that’s possible. (Though not as bad as some other sites: salik (49%) and dubai police (62%)). Very useful tool, especially on mobile…