July 22, 2008

I am frustrated with Geronimo!

For those who don’t know, Geronimo is a project from Apache aimed in creating a Java EE 5 application server using open source. It is also certified by Sun for its compatibility with java EE specification. Apache claims the server to be very developer friendly, easy to use and easily integrate with IDEs like Eclipse. All my hopes failed when in installed it on my Vista!

Yes, I am a frustrated developer now! My laptop comes with Vista Home and I am simply not able to start the Geronimo server on it. At the same time, I am able to run the server and play with it on other Microsoft OS like Windows XP, Windows Server 2003.
So what did I do? I contacted the Geronimo user group at Nabble forums. After one week I still have no solution! Its not that I got a reply.. Its simply that none of the options work out. Here is what I have tried so far:
  • Try running the server from C:\geronimo
  • Try running the server from C:\user\\geronimo
  • Try running the server from another Drive
  • Try running the server from C:\Program Files\geronimo
  • Try running the server after disabling firewall in the above mentioned locations.

Does anybody have a solution???

July 09, 2008

What is Cross Site Scripting (XSS)?

Web sites have become quite complex and dynamic in nature these days. They have incorporated features that increase user experience and make browsing enjoyable. With new features come new troubles too. One major and popular threat is "Cross Site Scripting" but security professionals call it XSS. In this article, I will explain what it is and how as a netizen, avoid an attack.

So, what is XSS? Cross Site Scripting (XSS) is said to occur when a web site collect malicious data from a user. The attacker adds the malicious code in a form or link. Usually the code is encoded in HEX or other encoding methods. For a normal user the link or form appears normal and part of the web site. On accessing these links, the data about the user collected. Along with this, the code creates an output that looks genuine. For example, Orkut user would have received java script that can be executed through the Orkut scrap box. The script gives interesting output that look harmless but, it is easy for the attacker to hijack my session and use it.

XSS can be in the form of JavaScript, VBScript, ActiveX, HTML, or Flash. And using XSS you can hijack accounts, manipulate with user settings, steal cookies or poison them, and also do false advertising. This attack can even occur on a secured site too. The lock on your browser does not mean that you are secure for XSS!

So what do we do? As a common user here are few things that you can do to prevent XSS attack:
  • Always follow links from the main website. For example, if you see link to news article of site X on site Y. It is better to open site X, use its menu or search feature to get the news or article.
  • Think twice before you click on ads placed on less know web sites. If an ad interests you, google it and view the site!
  • Be careful in opening your emails, its attachments etc.
  • Keep internet security at high level in your browser.
These actions might help you from XSS attack. At the same time, browser vendors like Mozilla and Microsoft have started their war against this attack. IE8 team recently demonstrated their XSS filter on IEblog. From Firefox, you already have add-ons that help you detect and prevent XSS.