KAZEY JOURNAL

Just like one of my fav sci-fic series star-trek, i discovered the word explorer, actually before that , but well i would say the usage of it began from then.My favourite series pack was the Next Generation captained by John Luc Picard. hum well i should let it flow that wayz, anywayz i am an explorer too when it comes to reading, researching and travelling arround the world wide web. i read like crazy. test like nuts. and travel like light. yeah i am great explorer.

well during my recent exploring i discoverd that when you write any URL on your browser, and add this name
.mirror.sytes.org after the url and press enter, you would see the site tottally in a mirror view. well you wanna try and see what happens. try for
Example: http://www.google.com.mirror.sytes.org

heheh cool isnt it? well this is provided my mirror.systes.org.
well i tried it with my site, i was impressed. the technique behind the scripting is incredible.well thats all for now. Blog Diactivate. hehehe

success is not straight. There is a curve called Failure, a loop called Confusion, speed bumps called Friends, red lights called Enemies, caution lights called Family. You will have flats called Jobs. But, if you have a spare called Determination, an engine called Perseverance, insurance called Faith, you will make it to a place called Success.

NOTE THAT YOUR CONFESSION IN TIME OF CONFUSSION IS THE CONCLUSION OF YOUR CONDITION.SO ALWAYS BE OPTIMISTIC NO MATTER WHAT. NEVER ALLOW LIFE PROBLEM TO WEIGH YOU DOWN TO THE POINT OF SAYING “I WILL QUIT”SAY THIS TO SOMEONE BESIDE YOU OR AT LEAST SAY IT TO YOUR SELF.I AM BORN TO SUCCEED. I AM DESTINED TO BE GREAT.I AM A BLESSING TO EVERYONE AROUND ME.I AM A BLESSING TO THIS NATION. I AM JOY OF MANY GENERATION.THE WHOLE WORLD EARNESTLY WAIT FOR MY MANIFESTATION FOR WITHOUT ME THEY ARE NOT COMPLETE!

Patch MS04-19, which addresses the privilege escalation
vulnerability described below, is one of many patches currently in St.
Bernard Software’s comprehensive UpdateEXPERT® patch metadatabase.
As a busy IT professional, do you really have time to inventory,
research, test, validate, and report on each patch? Let UpdateEXPERT
Patch Management work for you. All the steps are automated and our
scalable architecture works on large and small enterprises alike.
UpdateEXPERT always checks for patch interdependencies and includes
custom deployment options. Find out why UpdateEXPERT was named a
TechTarget 2004 Product of the Year. Download a Free 15-day Live Trial
Today!

http://list.winnetmag.com/cgi-bin3/DM/y/egnr0IFWcR0CBw0BJ4l0Av

========================================================

Security Alert, July 21, 2004

Privilege-Escalation Vulnerability in Microsoft Utility Manager for
Windows

Cesar Cerrudo of Application Security, Inc., discovered that a
privilege-elevation vulnerability exists in the way in which Utility
Manager launches applications. A logged-on user could force Utility
Manager to start an application with system privileges, then take
complete control of the system. Microsoft has released bulletin
MS04-019, “Vulnerability in Utility Manager Could Allow Code Execution
(842526),” to address this vulnerability and recommends that affected
users apply the appropriate patch listed in the bulletin. http://secadministrator.com/articles/index.cfm?articleid=43270

1)study=don’t fail
2)don’t study=fail
(1)+(2) => study+don’t study = don’t fail+fail =>
study(1+don’t)=fail(1+don’t) => study=fail;

So don’t study

well todaywas ok . i slept arround 8am in the morning cos i was doing some catching up and dont have lectures. well hum its really funny. well i have actually kindda change my blog mode of stuffs as in general content. you might see more of security etc stuff. well yeah and i have a new plugin in my website that allows me auto backup my database incase i go naughty. ;). well sometime i do. yeah and i am trying to start that template i talked about before. well i guess thats all for now. well i have to catch up on some reading. i am not a nerd ok. if u think i am. i do have a life :p. bye

the comparison says it all. from (http://otn.oracle.com/pub/articles/hull_asp.html )

	PHP 4	PHP 5	ASP.NET
Software price	free	free	free
Platform price	free	free	$$
Speed	strong	strong	weak
Efficiency	strong	strong	weak
Security	strong	strong	strong
Platform	strong	strong	weak (IIS only)
Platform	any	any	win32 (IIS only)
Source available	yes	yes	no
Exceptions	no	yes	yes
OOP	weak	strong	strong

A vulnerability in Microsoft Internet Information Server (IIS) 4.0
could result in arbitrary remote code execution and remote compromise
of the vulnerable system. This vulnerability is a result of a
buffer-overflow condition in the redirect function. Micosoft has
released bulletin MS04-021, “Security Update for IIS 4.0 (841373),” to
address this vulnerability and recommends that affected users apply
the appropriate patch listed in the bulletin.
(http://secadministrator.com/articles/index.cfm?articleid=43272)

Arbitrary Code-Execution Vulnerability in Mozilla

Keith McCanless discovered a vulnerability in Windows-based versions
of Mozilla products that involves the use of the shell: scheme Uniform
Resource Identifiers (URIs), which are passed to the OS for handling.
The effects of the vulnerability depend on the version of Windows, but
on Windows XP it’s possible to launch executables in known locations
or the default handlers for file extensions. An attacker could combine
this effect with a known buffer overrun in any of the affected Mozilla
programs to create a remote execution exploit. The Mozilla Foundation
has released the security bulletin “What Mozilla users should know
about the shell: protocol security issue,” which addresses this
vulnerability, and recommends that affected users immediately apply
the appropriate patch listed in the bulletin or upgrade to the latest
software release. http://secadministrator.com/articles/index.cfm?articleid=43263

To experienced Web developers, it’s a cardinal sin: passing user input into a database query without first processing it to escaped special characters is bad! But as a beginner-friendly language, PHP is host to this mistake more often than most. If you don’t understand SQL injection attacks, read this!

The danger is easy to explain. Your site’s security relies on a database query that includes one or more values taken from user input (e.g. login credentials). But, because you neglected to encode special characters in those values, an attacker is able to bypass your site’s security by entering carefully-chosen values that alter the meaning of the query.

PHP’s magic quotes feature is designed to save inexperienced coders from themselves. Values in the $_GET, $_POST, $_COOKIE, and $_REQUEST arrays have backslashes added to them so that they are safe for use in database queries. But magic quotes isn’t enabled on all servers, and not all user input comes through the $_GET, $_POST, $_COOKIE, and $_REQUEST arrays, which magic quotes protects.

SitePoint’s PHP columnist Harry Fuecks spotted one such mistake in a popular PHP magazine in the UK recently, showing that even supposed experts can get this wrong now and then!

SitePoint has a couple of articles that cover SQL injection attacks and ways to avoid them. SQL Injection Attacks – Are You Safe? discusses such attacks in ASP code, while Chapter 3 of The PHP Anthology (which is available free for you to read online) covers the subject in PHP.