HttpOnly Overview The goal of this section is to introduce, discuss, and provide language specific mitigation techniques for HttpOnly. Who developed HttpOnly? When? According to a daily blog article by Jordan Wiens, “No cookie for you! What is HttpOnly? According to the Microsoft Developer Network, HttpOnly is an additional flag included in a Set-Cookie HTTP response header. The example below shows the syntax used within the HTTP response header: Set-Cookie: <name>=<value>[; <Max-Age>=<age>] [; expires=<date>][; domain=<domain_name>] [; path=<some_path>][; secure][; HttpOnly] If the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie, the HttpOnly flag will be ignored by the browser, thus creating a traditional, script accessible cookie. Mitigating the Most Common XSS attack using HttpOnly C# Code:
Upside-Down-TernetHowTo Note: This guide was tested using Ubuntu 8.10. Previous versions may not work. This is a HowTo for setting up Upside-Down-Ternet on Ubuntu. Basically, when a user browses the web, all the images are flipped upside-down. While it's not useful, it's quite a good April Fool's prank. The process uses a transparent proxy, web server, and script to flip the images. The proxy used in this guide is Squid v2.7. Installation There are two versions of Squid in the repositories, Squid 2.7 (package name squid) and Squid 3 (package name squid3), the former will be installed. sudo apt-get install squid Configuration Squid's configuration file is located at /etc/squid/squid.conf. On the line starting with #http_access allow localnet, change it to read: acl localnet src [your network range, e.g. 192.168.0.1/24] http_access allow localnet On the line starting with http_port 3128, append transparent so it reads: http_port 3128 transparent Find the section TAG: url_rewrite_program. Reload the configuration file:
JavaScript Timers with setTimeout and setInterval Home : Articles : JavaScript Timers with setTimeout and setInterval Tutorial by Matt Doyle | Level: Intermediate | Published on 15 January 2007 Categories: In this tutorial we'll look at JavaScript's setTimeout(), clearTimeout(), setInterval() and clearInterval() methods, and show how to use them to set timers and create delayed actions. JavaScript features a handy couple of methods of the window object: setTimeout() and setInterval(). setTimeout() window.setTimeout() allows you to specify that a piece of JavaScript code (called an expression ) will be run a specified number of milliseconds from when the setTimeout() method was called. setTimeout ( , ); where is the JavaScript code to run after milliseconds have elapsed. setTimeout() also returns a numeric timeout ID that can be used to track the timeout. Here's a simple example: Try it yourself! In the above simple example we embedded the entire code for our JavaScript alert box in the setTimeout() call. clearTimeout() clearTimeout ( ); Why?
Login/session cookies, Ajax and security Upside-Down-Ternet My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. /etc/dhcpd.conf IPtables is Fun! Suddenly everything is kittens! /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -j DNAT --to-destination 64.111.96.38 For the uninitiated, this redirects all traffic to kittenwar. For more fun, we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine. /sbin/iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1 That machine runs squid with a trivial redirector that downloads images, uses mogrify to turn them upside down and serves them out of its local webserver. The redirection script Then the internet looks like this! I made xkcd - how cool is that ?
20+ Brilliant and Advanced jQuery Effects Every new technology has its own comparisons with its competitors as jQuery is closely compared with Flash. Flash was the technology used by many web designers a while ago, but now its the turn of jQuery to add the special effects or interactivity to a website. jQuery makes it easier to create sophisticated custom effects and animations compared to Flash and also jQuery takes a lead when it comes to SEO. Some of the stunning effects which jQuery can produce are sliding in different directions, adding ease to animations, effects like flip-in, sorting, zoom-in effects in photos, panning, creating a Photo shoot effect, slider effects and many more.So we present you some of the links that shows you the demos of various brilliant and advanced effects and it gives you a clear picture in itself without the help of any tutor. 1.Apple like retina effect Achieve a retina like effect as found in Apple iPhones with this plugin with jQuery and CSS. 2.Aviaslider 3.Beautiful Background Image Navigation
Slicing arguments · dropshado.ws In the jQuery Plugins Authoring tutorial, Ralph Holzmann details an intriguing pattern for plugin methods: var args = Array.prototype.slice.call( arguments, 1 );return methods[ method ].apply( this, args );// (edited for clarity) As the tutorial explains, this pattern is what enabled jQuery UI plugins to have multiple methods. Indeed, If you look deep within the coils of jQuery UI widget factory, you’ll find it there as well: var args = slice.call( arguments, 1 );instance[ options ].apply( instance, args );// (again, edited for clarity) I had thought of this argument-slicing method pattern just as another bit of JavaScript witch-craft that seemed to work, but I had no comprehension of why. Today, I’m working on a sort of particle/field class and this pattern finally clicked. // field has multiple particlesfunction Field() { this.particles = []; for ( var i=0; i < max; i++ ) { this.particles.push( new Particle( i ) ); }} Particle.prototype.logIndex = function() { console.log( this.index );}
10 Windows 7 commands every administrator should know The command line is often the best place to resolve Windows 7 desktop problems. These basic commands will help speed your troubleshooting tasks. Holiday rerun: An oldie-but-a-goodie, these command-line basics topped the list of popular troubleshooter posts last year. PC troubleshooting is becoming less common in larger organizations, but consultants and techs in smaller shops still have to get their hands dirty identifying and fixing desktop problems. Before I begin... This article is intended solely as an introduction to some useful troubleshooting commands. 1: System File Checker Malicious software will often attempt to replace core system files with modified versions in an effort to take control of the system. sfc /scannow 2: File Signature Verification One way to verify the integrity of a system is to make sure that all the system files are digitally signed. sigverif 3: Driverquery Incorrect device drivers can lead to any number of system problems. driverquery driverquery -v driverquery -si