• Minor security updates.

    January 27, 2004

    Security never stops, now does it?

    Fixes include:

    It was possible for users in the Group Admin and User Admin groups to become a member of the Root group (reported by Samuel M. Stone, bug #135).

    Being admin for a certain area (e.g. Story Admin for stories) made it possible to delete all objects in that area (e.g. stories) even if the user was not supposed to have access to them, provided the id of the object was known.

    It was possible to delete other people’s personal events if you knew the event ID.

    It was possible to browse through the comments of a story even if the user did not have access to the actual story (reported by Peter Roozemaal).

    Due to an XSS issue, it was possible to change someone’s account settings (including the password) if you got them to click on a specially crafted link (reported by Jelmer, fix suggested by Vincent Furia).
    The comment display suffered from the possibility of an SQL injection (reported by Jelmer).

    It was possible to inject Javascript code in the calendar (reported by Jelmer).

    It was possible to execute (but not save) Javascript code in the comment preview (reported by Jelmer).

    -david macias

    posted in General News by dmacias

  • Finger Eleven – Stay in Shadow

    January 22, 2004

    A bit of a dark song, with some hard rifs. To me the song talks about having someone you need help from and they not being able to do so. Perhaps the truth of their futility causes the singer to ask for that person to stay in shadow and be away from the light. Maybe by being in shadow the truth will not be as painful.

    -david macias

    posted in Music by dmacias

  • MLK and the MLK March in the Brazos Valley

    January 19, 2004

    Attended the MLK march conclusion to hear the main speaker (the President of Prairie View A&M) He was good as well as the speech by the congreman for that area. Best part was a quote which I will try to paraphrase:



    “Do not fear the actions of the bigot, but the inactions of the good people.”

    posted in General News by dmacias

  • Baths the old way!

    January 18, 2004

    I took this picture at a Pittsburgh museum, the model actually moved. Definetly a fun trip and the amazing detail was great. Took around 2 years to build the whole model.

    posted in General News by dmacias

  • More sendmail: aliases, virtusertable

    January 15, 2004

    Like there is not enough sendmail information on the net here is a quick and dirty tip for you.

    Synopsis:

    Want to send one email to multiple receipients/users using sendmail here is how.

    posted in General News by dmacias

  • Blogs story at MSNBC

    January 14, 2004

    In case you missed it there was a story in the Today show about blogs and bloggers.

    Note: I refuse to link to MSNBC since they do not display properly using Opera but their website works using IE. Lazy webmasters.

    posted in Writings by dmacias

 
Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org