Danger…

You have installed a new self-updating antivirus program, have the latest firewall, and you do not open any dodgy looking e-mail messages. You think you are reasonably safe from a lot of the harmful content on the Internet. Unfortunately, you are not.

On top of the newer and deadlier versions of the same kind of threats that are out there, there is now a new type of danger altogether — “click-jacking.”

At the Hack-in-the-Box security conference (HITBSecConf) 2008 here last week, click-jacking was the focus of a keynote speech by the founder and chief technology officer of WhiteHat Security, Jeremiah Grossman.

“Think of any button on any website that you can click on,” said Grossman. “Now consider that an attack can invisibly hover over these buttons and below a user’s mouse, so that when the user clicks on something he sees, he is actually clicking on something the attacker wants him or her to.”

An attacker, for example, can make you click on an “activate webcam” button when you intended to click the “news” button, he explained.

This means that a home user’s web browser can be covertly infiltrated with shadow buttons that lie invisibly over legitimate buttons.

According to Grossman, the “bad guy” hacker can access a web browser this way through the existing Java script or Flash player and it is relatively easy. Exact details on how this is done are confidential for security reasons.

“We have only known about this for a very short period of time; it is still unclear if there are any effective defences against this newfound threat,” he said.

Grossman recommends making sure the web browser security features are installed and up to date, especially with the more popular web browsers.

“If you want to use a popular web browser, you have to install every security add-on you can find. The less popular web browsers are less likely to be targeted by attackers. In any case, I would recommend you unplug or tape-up your webcam lens and disable or mute your microphone,” he said.

Grossman said that is it unclear what the web browser companies themselves can do about click-jacking right now. “Given that it is a very new type of threat, not much is known right now. We are looking into it,” he added.

HITBSecConf is Asia’s largest network security conference and is organised by Hack In The Box (M) Sdn Bhd; the event is in its sixth year.

That HITBSecConf is expanding year after year underscores how critical network security as a subject matter has become in Malaysia, said Dhillon Andrew Kannabhiran, founder and CEO of Hack In The Box, when announcing this year’s conference last month.

He had also said that it shows IT decision makers in local organisations and network security professionals worldwide acknowledge the value that HITBSecConf offers in terms of hands-on training, deep technical information, and insights into security trends.

The event is endorsed by the Malaysian Communications and Multimedia Commission; Malaysian Administrative Modernisation and Management Planning Unit; Malaysian National Computer Confederation; and Multimedia Development Corporation.

PHP – Taking Strings Apart

Problem

You need to break a string into pieces. For example, you want to access each line that a user
enters in a <textarea> form field.

Solution

Use explode( ) if what separates the pieces is a constant string:
$words = explode(‘ ‘,‘My sentence is not very complicated’);

Use split( ) or preg_split( ) if you need a POSIX or Perl regular expression to describethe separator:
$words = split(‘ +’,‘This sentence has some extra whitespace in it.’);

$words = preg_split(‘/\d\. /‘,‘my day: 1. get up 2. get dressed 3. eat
toast’);
$lines = preg_split(‘/[\n\r]+/’,$_REQUEST['textarea']);

Use split( ) or the /i flag to preg_split( ) for case-insensitive separator matching:
$words = split(‘ x ‘,‘31 inches x 22 inches X 9 inches’);
$words = preg_split(‘/ x /i’,‘31 inches x 22 inches X 9 inches’);

Discussion

The simplest solution of the bunch is explode( ). Pass it your separator string, the string to
be separated, and an optional limit on how many elements should be returned:
$dwarves = ‘dopey,sleepy,happy,grumpy,sneezy,bashful,doc’;
$dwarf_array = explode(‘,’,$dwarves);
Now $dwarf_array is a seven element array:
print_r($dwarf_array);
Array
(
[0] => dopey
[1] => sleepy
[2] => happy
[3] => grumpy
[4] => sneezy
[5] => bashful
[6] => doc
)

If the specified limit is less than the number of possible chunks, the last chunk contains the
remainder:
$dwarf_array = explode(‘,’,$dwarves,5);
print_r($dwarf_array);
Array
(
[0] => dopey
[1] => sleepy
[2] => happy
[3] => grumpy
[4] => sneezy,bashful,doc
)

The separator is treated literally by explode( ). If you specify a comma and a space as a
separator, it breaks the string only on a comma followed by a space — not on a comma or a
space.
With split( ), you have more flexibility. Instead of a string literal as a separator, it uses a
POSIX regular expression:
$more_dwarves = ‘cheeky,fatso, wonder boy, chunky,growly, groggy, winky’;
$more_dwarf_array = split(‘, ?’,$more_dwarves);

This regular expression splits on a comma followed by an optional space, which treats all the
new dwarves properly. Those with a space in their name aren’t broken up, but everyone is
broken apart whether they are separated by “,” or “, “:
print_r($more_dwarf_array);
Array
(
[0] => cheeky
[1] => fatso
[2] => wonder boy
[3] => chunky
[4] => growly
[5] => groggy
[6] => winky
)

Similar to split( ) is preg_split( ), which uses a Perl-compatible regular-expression
engine instead of a POSIX regular-expression engine. With preg_split( ), you can take
advantage of various Perlish regular-expression extensions, as well as tricks such as including
the separator text in the returned array of strings:
$math = “3 + 2 / 7 – 9″;
$stack = preg_split(‘/ *([+\-\/*]) */’,$math,-1,PREG_SPLIT_DELIM_CAPTURE);
print_r($stack);
Array
(
[0] => 3
[1] => +
[2] => 2
[3] => /
[4] => 7
[5] => -
[6] => 9
)
The separator regular expression looks for the four mathematical operators (+, -, /, *),
surrounded by optional leading or trailing spaces. The PREG_SPLIT_DELIM_CAPTURE flag
tells preg_split( ) to include the matches as part of the separator regular expression in
parentheses in the returned array of strings. Only the mathematical operator character class is
in parentheses, so the returned array doesn’t have any spaces in it.

How to get filename from address or url?

Solution

$arrStr = explode(“\”, “D:\ruby program\cuba.rb”);
$arrStr = array_reverse($arrStr);

echo(“Filename is “ . $arrStr[0]);

or

$arrStr = split(“\”, “D:\ruby program\cuba.rb”);
$arrStr = array_reverse($arrStr);

echo(“Filename is “ . $arrStr[0]);

See the documentation to know details:

http://www.php.net/explode

http://www.php.net/split

http://www.php.net/preg-split

Google – Project 10 to the 100th

Google wants to know if you have an idea that can improve the lives of as many people as possible. And it wants to know before Oct 20.

“These ideas can be big or small, technology-driven or brilliantly simple — but they need to have impact,” the king of search on the Internet said.

Google has US$10mil (RM33mil) to turn five of the best ideas it receives into reality.

It will first identify 100 best ideas and then ask Google users to vote on which ones should be funded. Their votes will result in a shortlist of 20, which a panel of judges will further distil to five.

The call is part of Google’s 10th birthday celebrations and known as Project 10^ 100 (pronounced Project 10 to the 100th).

“We have learned over the last 10 years at Google that great ideas can come from anywhere,” it said in a statement to the press.

“We want to extend to the world the idea that great ideas come from all angles.”

Google said it knows that there are countless brilliant ideas that need funding and support to come to fruition. It cited some examples of cool ideas.

There’s a team of two implementing a solution to help the millions of people who laboriously carry on their heads five-gallon buckets of water over long distances, it said.

The team has designed The Hippo Water Roller — a relatively inexpensive 24-gallon container that can be easily wheeled on the ground.

Another cool idea, said Google, is to have communities tacking on WiFi devices to public buses so they can detect and send stored e-mail messages as the buses travel through unconnected areas.

Visit http://www.project10tothe100.com/ for more details.

How to participate?

1. Send your idea by October 20th.

Simply fill out the submission form. <——click here to fill up the form

2. Voting on ideas begins on January 27th.

3. Google will help bring these ideas to life.

Project 10 to the 100th consist of 8 categories:

Category Descriptions

Here are the categories in which we’ll be considering ideas.

• Community: How can we help connect people, build communities and protect unique cultures?
• Opportunity: How can we help people better provide for themselves and their families?
• Energy: How can we help move the world toward safe, clean, inexpensive energy?
• Environment: How can we help promote a cleaner and more sustainable global ecosystem?
• Health: How can we help individuals lead longer, healthier lives?
• Education: How can we help more people get more access to better education?
• Shelter: How can we help ensure that everyone has a safe place to live?
• Everything else: Sometimes the best ideas don’t fit into any category at all.

Blogger vs. WordPress

Pros of Blogger (Blogspot)-

• It’s run by Google so you know it’s not going anywhere. They have billions of dollars to invest in technology! They won’t be going out of business anytime soon – so you know your blog/journal will be safe with them.
• Blogger allows you to integrate with other Google Account tools such as Google Adsense. This allows you to make money with your blog without having to know anything about the online advertising business.
• Tons of widgets – Blogger offers widgets that you can add to your blog. There are hundreds of widgets that various people have developed and they are all free of charge to use and easy to plug into your blogger blog.
• It’s so easy! These guys know a thing or two about what people want out of a blog. They know that the average user has no idea about html code, php, or database programming experience. So they give you a one click option after login to begin typing. All you have to do is type in the title – then type in the body. The labels/tags are optional, but it’s helpful for people who want to find similar posts on your blog.
• You can have many blogger blogs and it’s free! There is no limit to the number of blogs you have on the blogspot domain. This is a nice feature in contrast to some other free blogging services. Some people we know have 50+ blogs.
• Google love their own services so it spiders well in the search engines and they also like the URL of blogspot. So if you do nothing else besides post on your blog you could get Google search traffic because it could rank well if you have well written posts with great content.
• You can add a domain to your blog – through the CNAME records of your domain name – you can point blog.domainname.com to your Blogger blog. This is really easy to do. We’ll discuss the con to this later in the post.

Pros of WordPress-

• First we have to differentiate the WordPress blogs – One is a free hosted service while the other is the software download. The hosted service is located on WordPress.com while the software dowload is run off WordPress.org. We’ll be talking about the WordPress.com software.
• We love that it’s easy to use, but extremely robust – much like the downloaded software.
• You can have multiple blogs on WordPress as well – just like Blogger.
• If you write good posts and follow the guidelines – you can get good traffic from WordPress.com tag searches. When you post an entry – they allow your post to be found by the tags on a global tagging system. This enables anyone to click on a tag and view all recent posts. This is also good for links because the links are in the RSS feed of that tag.  – Be Careful though – this is not to be abused. It’s just so others can find your blog. If you get too spammy – they will kick you out of the tag searches and for good reason!
• Cheap upgrade to add a domain to your blog. $15/year adds a domain name to your blog and removes ads.
• They are “almost” ad free. They only display ads to certain users – they use google adsense and they are non-intrusive. They don’t show up to everyone and if you own the account – it will most likely not show up for you either. They almost always show up if the referring site is a search engine.

Google’s Chrome Browser

Google takes aim squarely at Microsoft with the release of its new Web browser, Chrome. And Microsoft should be very afraid: Chrome lives up to its hype by rethinking the Web browser in clever and convenient ways that make using the Web a more organic experience than you’d get with either Microsoft’s Internet Explorer 8 or Mozilla’s Firefox 3.

Initially available for download for Windows Vista and XP, Google plans to expand its Chrome offerings to the Mac and Linux platforms as well. The company doesn’t offer any timeline for these versions, though. (For additional PCWorld.com coverage of Google’s new browser, see ” Chrome vs. the World” and ” Google’s Chrome: 7 Reasons for It and 7 Reasons Against It.”)

Chrome automatically detects the Web browser you’re using and prompts you through the process of installation (right down to telling you how to access downloaded files within Firefox, for example). When you first run the application, Chrome imports your bookmarks, passwords, and settings from Firefox or Internet Explorer. It even can grab username and password data, and it automatically populates those fields for you when you use Chrome for the first time to visit a particular site.

After running through a quick import checklist, Chrome opens on your desktop–and right away you begin to experience the Web in a new way. Chrome’s layout is very simple: You’ll see a row of tabs running along the top, a Web address bar, and a bookmarks bar that runs beneath the address bar. A separate recent bookmarks box appears at the right of the screen, as does a history search field.

Like its Google stablemates, Chrome has a remarkably minimalist interface. There is no full-scale menu bar and no title bar–and few distractions. All controls are buried beneath two icons to the right of the Omnibar (as Google refers to its address bar): a page icon for managing tabs and using Google Gears to create application-like shortcuts from your desktop to a Web site; and a wrench for history, downloads, and other browser options.

You can set your own home page, or you can use the ‘most visited’ sites page as your starting point. This page provides thumbnail images of your most frequently visited sites, shows recent bookmarks, and supplies a search field for searching your page history. You can change your default search engine, too: This option is located beneath the wrench icon, under Options .

Chrome’s design bridges the gap between desktop and so-called “cloud computing.” At the touch of a button, Chrome lets you make a desktop, Start menu, or QuickLaunch shortcut to any Web page or Web application, blurring the line between what’s online and what’s inside your PC. For example, I created a desktop shortcut for Google Maps. When you create a shortcut for a Web application, Chrome strips away all of the toolbars and tabs from the window, leaving you with something that feels much more like a desktop application than like a Web application or page. The lack of forward and back buttons means that if you browse between pages in a saved Web application you may find yourself a little confused if you want to go back a page. Chrome does let you right-click to navigate backward, however.

This being Google, search is an integral part of Chrome; and Google has added some clever features to make searching easier. Chrome goes beyond its Microsoft and Mozilla competition by searching your browser history’s page titles as well page content. The history results show the title of the page, as well as a thumbnail representation of the page (for some sites but not all; it was unclear why some sites were visually represented while others were not), but it doesn’t show the actual Web page address. The lack of URL information can make it difficult to identify the specific Web page you’re going to, especially if the site’s title bar description is not specific (because, say, different sections of the same site have identical title bar descriptors).

For example, earlier today I read an article on Macworld about an upcoming Apple launch event. To find the article in my browser history, I simply typed ‘apple event’ in the Omnibar. The resulting list showed every page I had visited that contained the phrase ‘apple event’. Conveniently, the Omnibar lets you search not just your history, but Google and other sites as well.

The default search engine is Google, as you might expect. However, you can choose from a list of nine other search engines, or you can manually add your own search engine. Type ‘google fish sticks’ to search for fish sticks on Google. The same syntax works for Yahoo, Amazon, Live Search, and other sites that are already recognized by Google or that you add. This feature, though nifty and promising, proved inconsistent in the early going: It worked for me most of the time on a Windows Vista PC, but two of my colleagues who were testing Chrome on Windows XP machines had trouble getting the feature to work. Google provides keywords to activate this search feature, but some of us had to edit the search engine keywords manually before the feature would function properly.

Chrome includes a number of features that appear in other browsers, such as a private browsing mode dubbed Incognito, tools for Web developers to use in viewing and troubleshooting source code, and the ability to restore all tabs from a previous session. Chrome also features tab isolation: If a Web page causes a problem with Chrome and leads to a crash, the crash will affect only the tab displaying the page and not the whole program. Internet Explorer 8 will offer a similar feature, but Chrome takes the idea a step further by adding a task manager that gives the user an idea of how much memory and CPU use a page is eating up, and by allowing you to kill anything that is causing a problem. Unfortunately, you have to configure this tool manually.

In my early testing, I ran into some problems. Chrome can be a little unstable, which is not surprising considering that it is a beta. Also, I have found that Flash does not work with Chrome on my Vista-based system, though my two colleagues running XP had no issues with Flash compatibility. They did, however, experience software crashes when searching in the history section. And when Chrome crashes, it takes everything with it unless you manually configure the browser to act otherwise (the configuration options are buried under the wrench icon, in the Options/Basics menu). In contrast, Mozilla Firefox and Microsoft Internet Explorer 8 automatically restore your previous session in the event of a crash.

The sites I visited that rely on JavaScript and Ajax seemed to work fine, but Microsoft’s Silverlight wouldn’t work with Chrome. Google’s browser uses WebKit, the same engine that powers Apple’s Safari Web browser–and Silverlight only works with Safari for Mac.

Google has produced an excellent browser that is friendly enough to handle average browsing activities without complicating the tasks, but at the same time it’s powerful enough to meet the needs of more-advanced users. The search functionality of the Omnibar is one of many innovations that caught my attention. PC World has chosen to rate this beta version of Chrome because of Google’s history of leaving products and services in long-term beta and in an ongoing state of evolution. In the past there has been some speculation that Google would develop their own operating system, but I think Chrome’s launch makes one thing is clear: The Web browser is Google’s operating system.