Tech News

This is part two in a list of articles in which I'm trying to detail the OWASP Top 10 vulnerabilities. (see intro)

What is Cross Site Scripting? Cross Site Scripting or XSS is an attack on a website in which an attacker sends text based attack scripts which are executed within the browser. Apparently about 80% of all security vulnerabilities were as of the result of XSS. link This means that they are a special form of a code injection attack.

Last month I got an horrendous bill for my Internet usage even though I use it very sparingly when connected via mobile. So, I decided that it was time to get a decent connection while on the road. Looking around, there's a fantastic special from Cell C in South Africa. It works out to be 5c/ MB. which is much cheaper than any of the current offerings. There are currently 2 options - the 7.2 and Mbps and 21.6 Mbps. I went for the 21 Mbps option with 5 Gigs/month at R3000 once off, which works out to be R250/ month.

I was a little unsure of how easy it would be to get working on my Kubuntu, but it turned out to be a breaze (as usual with most things Linux/ Ubuntu/ Kubuntu). I just plugged it in, created a new "Mobile Broadband" connection, entered "*99#" in the "Number" field and "internet" into the "APN" field, selected "Connect Automatically" and I was done. No need to install any Cell C software to use it... Just one more reason to love Linux!

For other non Cell C readers of this post - I found out the settings by running the Cell C software which comes on the modem in Crossover and could see the settings there. So hopefully, you can determine any required settings for other providers.

Edit: I've reinstalled Ubuntu 10.10 and when setting up the modem, was asked for a password. Took me a little while to work it out - turned out to be 0000 for what it's worth....

I've had quite a few questions as to the speed of the Cell C network. So here's a screen shot of a speed test. I've had better connections (up to 14 Mbs download), but this seems to be a good "normal" connection. The connection speed is very dependent on the location though, so check out coverage in your area first.

Once again for the thousandth time I've heard someone say "Linux is hard... bash, cron, scripts, emacs, python. bla...bla...bla ...". No matter how much I try, I can't seem to get people to believe me that Ubuntu Linux is easier to use than other OS's. In the recent Ubuntu releases, they've worked perfectly on my hardware - takes 10 minutes in install now and drivers are a non-issue. You don't have to install anything - it just works. 10 minutes and you're done.

The one complaint that I've often heard about moving to another OS from Windows, is "If my games worked, I may change to xyz".

If games are one of the big barriers to change, then I wonder what the effect of many gamers moving to consoles will have on the PC OS market share. And with the netbooks/ iPads and Google Chrome OS, which can't really run
the hardcore games, maybe even more users will be moving to consoles.

This should surely have some sort of negative effect on the PC OS's that are "locking" users in based on games availability.

Important information on ASP.Net Forms Authentication:
http://visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspx

This basically allows a user to determine the Machine Key used to encrypt the cookie on any site. This is apparently 100% reliable and can be used for any site within 30 - 50 minutes. This would allow a user to create spoofed authentication cookies to assign administrator privileges.

The solution? Use one of the other Encryption mechanisms eg. Triple DES.