Thursday 26 April 2007
Esri XSS
ESRI make and create maps and GIS systems. I have been looking at their website that uses their technology. Do a google search on "JavascriptFunction" and "Esri" and you will see that one of the parameters used with the java servlets is a callback named "JavascriptFunction". Usually, it is applied with the value "parent.MapFrame.processXML". But you can easily inject your choice of XSS. I fear this might cause a real problem for ESRI though that could potentially take a little while to blat this problem out (looking from a developer point of view). I am trying to contact ESRI about it. Maybe I will release on bugtracker for a laugh! ;)
Infosec
Well I went to Infosec on Wednesday (Apr 25), which is a more business-oriented internet security exhibition. It's good to know that there are exhibitions out there that are actually interesting and actually have some free goodies.
Anyhow, I got a lot of out this, particularly on SSL VPN systems. It looks like there are quite a plethora of solutions for this and endpoint security is something that simply isn't done that well from what I've seen from the big boys (Cisco and Checkpoint). I was impressed by Sonicwall, Wintegra and Zyxel. All of whom, have some form of patch management, firewall/anti-virus and key logging checking. The cost of which may be lower than the big boys.
Anyhow, I got a lot of out this, particularly on SSL VPN systems. It looks like there are quite a plethora of solutions for this and endpoint security is something that simply isn't done that well from what I've seen from the big boys (Cisco and Checkpoint). I was impressed by Sonicwall, Wintegra and Zyxel. All of whom, have some form of patch management, firewall/anti-virus and key logging checking. The cost of which may be lower than the big boys.
Sunday 15 April 2007
Let's get technical!!!
Greetings to one and all to my blog. I'll make no secret that I actually have another blog but this one is going to be more random technical musings. So enjoy...
Lately, I have been cooking up a perl module that I started on well over a year ago and then stopped until a month ago. It's an mp3 playlist generator. What it does it scans a given directory for files and prints off the mp3 (idv2) tag and prints it in csv/xml format. A CSV can be imported and mp3 tags can be reset. I've updated the module to update mp3 tags, check for duplicates and missing files in the imported CSV files.
The bottom line is I want to regenerate my playlist but also update the mp3 tag information to something I like (i.e. usual facts/trivia in the comments field).
I am probably my worst own critic when it comes to anything but I find I am a bit slow in coding. Mainly because I have a horrible nerve in getting things done properly. How other coders manage to program software amazes me, you will always miss something. The test::harness Perl module helps loads. I couldn't believe how many small mistakes (not enough to cause problems in regular program execution) I had made when I tested out the module I wrote.
I probably should try and release it as a CPAN module but I suspect that it is a bit specific.
My next pet project is to integrating that module with databases.
The weird thing is right now because I recently have changes roles at work and moved away from coding, I kind of miss it...
Lately, I have been cooking up a perl module that I started on well over a year ago and then stopped until a month ago. It's an mp3 playlist generator. What it does it scans a given directory for files and prints off the mp3 (idv2) tag and prints it in csv/xml format. A CSV can be imported and mp3 tags can be reset. I've updated the module to update mp3 tags, check for duplicates and missing files in the imported CSV files.
The bottom line is I want to regenerate my playlist but also update the mp3 tag information to something I like (i.e. usual facts/trivia in the comments field).
I am probably my worst own critic when it comes to anything but I find I am a bit slow in coding. Mainly because I have a horrible nerve in getting things done properly. How other coders manage to program software amazes me, you will always miss something. The test::harness Perl module helps loads. I couldn't believe how many small mistakes (not enough to cause problems in regular program execution) I had made when I tested out the module I wrote.
I probably should try and release it as a CPAN module but I suspect that it is a bit specific.
My next pet project is to integrating that module with databases.
The weird thing is right now because I recently have changes roles at work and moved away from coding, I kind of miss it...
Subscribe to:
Posts (Atom)