Entropy

Seeing as I haven’t posted anything for a couple of days, I thought I would make one post with all the things that have caught my eye.

• Maximize Firefox without extensions
• Gmail hacks for better spam protection
• 7 of the best designed sites on the web
• 60 AJAX/Javascript resources for professional coding
• 3 ways to test web input with CAPTCHA

Maximize Firefox without extensions

We have made a couple of posts relating to improving FireFox and getting the best out of your FireFox experience and plugins. There are plugins that could do what this article details, but with the release of Beta builds quite frequently over the past 2 months or so, not all plugins work the whole time.

If you type about:config in your address bar, Firefox opens the master directory of user-defined preferences and built-in settings. The ultimate arena for performance tampering, the about:config settings are the foundation for programming Firefox extensions.

We’ll show some simple about:config modifications below. Even if the word “Boolean” means nothing to you, we’ll try to make it easy to understand about:config settings

---

Gmail hacks for better spam protection

I happen to have a ‘.’ in my gmail address just by chance, and also use the + tip for signing up on certain sites to keep things more organized. But you could just as easily use them to help combat spam.

You can create alias emails for things like shopping sites, places you know will spam you, or anything you want to track to see who they are sharing your email with. To do this, simply put a “+” after your account name and add words.

Apparently, Gmail doesn’t really acknowledge dots in your account name. So I can use “mr.marky.mark@gmail.com” or “mr.markymark@gmail.com” or without any dots at all, “mrmarkymark@gmail.com”.

7 of the best designed sites on the web

Titles of this nature always grab my attention. I’m constantly trying to see how designers are innovating using the latest techniques. While I may not completely agree with this list, I do agree that the sites are visually appealing, even google.com, and that they have crisp layouts.

A sites design is its identity. It can make the biggest difference in attracting and keeping traffic, keeping visitors happy, promoting products and services and establishing an identity on the web.

Website design has come a long way. Previously, down-to-the-point, straightforward sites with minimum graphics and fastest loading and easy navigation were considered the “best” sites in terms of design.

60 AJAX/Javascript resources for professional coding

AJAX is one of the most commonly used techniques for creating seamless webapps these days. However, if you have ever tried to develop something using AJAX, you may have found that it can be frustrating sometimes trying to accomplish the crazy idea that you have set down as your goal. Infact, I was wrestling an AJAX idea in the office today that was partially solved with the scriptaculous javascript library.

When it comes to design of modern web-applications, Ajax is considered as a standard approach. Interactive solutions for lightboxes, form validation, navigation, search, tooltips and tables are developed using Ajax libraries and nifty Ajax scripts. Ajax is useful and powerful. However, when using Ajax, one should keep in mind its drawbacks in terms of usability and accessibility. With an extensive use of Ajax, you can easily confuse your visitors offering too much control and too many features.

3 ways to test web input with CAPTCHA

CAPTCHA is something that we are all used to by now, it’s those barely readable images we have to re-type to prove that we are human. Turns out that computers are becoming more and more human with spam bots being able to break CAPTCHA codes, in record time, to webmail sites bypassing the human requirement of owning an account. However, it is still seen as an important part of a website where differentiating a legitimate user from a spam bot is required and even though it is being beaten more and more these days it is still one of the best ways to help combat spam.

Many Web forms these days feature a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) as an effort to stop people from setting up computers to automatically fill in Web forms. A typical CAPTCHA is an image with some numbers and letters in it with distortion and/or background noise, and a Web form input field where you are to enter the numbers and letters from the image. This article investigates three CAPTCHA applications that you can use on a PHP Web site.

Related articles

• You Used JavaScript to Write WHAT? [via Zemanta]

Most broadband users have a router sitting between their network and the internet and in most cases that router also acts as a firewall. What is ironic about this situation is the same hardware that you are putting in to protect you, may be the key into your network.

Here’s how it would work. The victim would visit a malicious Web page that would use JavaScript code to trick the browser into making changes on the Web-based router configuration page. The JavaScript could tell the router to let the bad guys remotely administer the device, or it could force the router to download new firmware, again putting the router under the hacker’s control.[read more]

It is advised and generally a good idea for you to change the default password on anything you buy. Bandwidth theft is something that picked up speed a while back in South Africa with users scanning the ISP’s IP range and just trying default usernames and passwords on routers. Once in, you could easily extract the victims account details and piggy back off of them costing you nothing… unless you get caught.

Related articles

• Researcher creates malicious, router-controlling website [via Zemanta]
• Web page can take over your router [via Zemanta]

BtProx is a more advanced (see BlueLock) application for locking your computer (Windows) whenever you leave bluetooth proximity - the easiest device to use being your cellphone.

For more information, check LifeHacker.

From CNET, “The code was first reported in January and exhausts the memory in Safari, which in turn will cause your iPhone or iPod Touch to freeze, or your desktop Safari to crash. “Given the nature of this issue,” said the BugTraq newsgroup vulnerability report, “remote code execution may also be possible, but this has not been confirmed.”"

At the time there was no patch available from Apple, nor has there been any comment.

Read more at CNET or visit the exploit page.

“UPDATE: It appears that this vulnerability was eliminated in the latest version of Safari for computers (v3.1), that came out several hours after this article was posted. Here’s to hoping that a firmware upgrade with a similar fix for iPhone’s Mobile Safari is coming soon.”

The application that does all the heavy lifting for you is a free, open source, cross-platform application called ZiPhone, and it can do everything from quick and simple iPhone and iPod touch jailbreaks to unlocking the iPhone for unofficial carriers (i.e., not AT&T).

Read more: LifeHacker Guide to Unlocking

A recent vulnerability in phpBB (forum software) has led to the years biggest single hack (afaik). ItNews and Slashdot have updates/commentary on it. Unfortunately for the hackers, but fortunately for the public it appears that instead of exploiting some browser problem (the wisest move in my opinion) it tries to trick the user into installing software.

Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack.

The infected pages bring up what appears to be a pornographic web site. Upon loading the page, a ‘fake codec’ social engineering attack is attempted. The user is told that in order to view the movie on the page, a special video codec must be installed.

On the hunt for the best firewall for your doze box? Lifehacker is finding out What Is The Best Windows Firewall.

LH author Adam Pash has a great article on BlueLock, a bluetooth based tool for Windows which will lock your desktop whenever you walk out of range. Essentially this allows you to automatically have your computer lock whenever you leave.

The usefulness will depend on the strength of your Bluetooth devices, since it’s not really going to do its job if you’ve got a strong signal and receiver that keeps a connection from across the office

If you’re a Mac user, LH (of course) has an older guide on doing  this and much more based on Bluetooth proximity.

Can’t remember your wireless key (it happens.. trust me..) ? Lifehacker has a link to WirelessKeyView which will recover the keys for you.

Freeware application WirelessKeyView recovers the wireless network keys saved to your computer by the Windows Wireless Zero Configuration service of XP or the WLAN AutoConfig service in Vista.

 

Asus.com [was] Compromised With Exploit Code according to a Slashdotting —

Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com’s DNS round-robin.

Another article has more details.