Medanese IT Geek, movie lover and (mostly) law-abiding citizen. Dreaming of cheap and easy access to ICT, healthcare and education in Indonesia.



Gmail experience, now with integrated theme

Category: IT in General,Tips and Tricks,Web — kamaruddin @ 11:46 am

Checking your e-mail on Gmail and notice strange atmosphere lately? Yes, Gmail now has an integrated theme inside (19/11/2008). So go pimp your Gmail. No scriptfu is required now.

Previously you can customize some parts of your Gmail with Greasemonkey and thousands of its user-generated scripts made available at Greasemonkey Repository. With Greasemonkey you can have Gmail on top of your Google Reader at the same page (which i really adore). Note that all these third party scripts and hacks are not officially supported.

Now, want to know how it feels writing an e-mail in the late 1970s while the green nasty monochrome monitor and cabinet-high system unit were still widely used? :D

• • •


Downloading Video Without Installing Any Software

Category: Tips and Tricks,Web — kamaruddin @ 9:30 am

I teach you how to download video without the help of software video downloader. Now you don’t have to worry messing around your computer by installing (with trial-and-error, duh!) your perfect video downloader software (shareware/freeware). Downloading video is now as easy as 1,2,3… Screenshot

Step 1:
Hit LeechVideo website

Step 2:
Enter the Video URL you wish to download

Step 3:
Grab the Video URL and paste it to your download manager of choice or better yet, DownThemAll!

Easy and clean way of downloading video, doesn’t it? You may also want to check out KeepVid.

• • •


Cross Site Request Forgery (CSRF)

Category: Indonesian,Security,Web — kamaruddin @ 1:35 pm

Contoh kelemahan CSRF di Google Screenshot: “PoC (Proof of Concept) kelemahan CSRF di Gmail awal 2007. Dengan multi-tab browsing Gmail dan situs “berbahaya” (yang mendemonstasikan PoC ini) daftar kontak e-mail saya terlihat semuanya di situs tersebut.”

Jangan remehkan serangan CSRF! Serangan ini lebih berbahaya dari XSS dan sulit untuk membuktikan siapa yang bermasalah, pengguna atau situs web.

CSRF (baca: sea surf) adalah serangan/exploitasi terhadap situs web dengan memanfaatkan pengguna yang sudah terautentikasi. CSRF mengexploitasi tingkat kepercayaan situs web terhadap pengguna dan menganggap setiap perintah adalah sah untuk dijalankan. Karena sifat inilah sangat sulit untuk menentukan sebuah aksi adalah murni dari pengguna atau karena kelemahan CSRF di situs.


• • •


XSS (Cross Site Scripting) to XML Injection

Category: IT in General,Security,Web — kamaruddin @ 12:28 pm

Web developer or everyone who’s into web business must be aware and keeping abreast of latest threats to server and application. Recently, WhiteHat Security released “Website Security Statistics Report”. In this whitepaper, Cross Site Scripting a.k.a XSS is on the top of “The Top Ten Vulnerabities”. SQL Injection is on the 5th. XSS surpasses the SQL injection since lots people do not realize/take lightly on the impact. XSS exposes the internet users to remote access/data theft. Generally, it’s also a lot work (compared to sanatizing your database input) to audit your code, examine and test if it’s vulnerable.


• • •


What WordPress’ Plugins is he using?

Category: Fun,IT in General,Web — kamaruddin @ 1:26 pm

You blogwalk to all high-traffic personal blogs and wondering, “What plugin is this guy using?”, “Is he a stats maniac by placing 10 different stats plugins?” or you’re just curious.

You can start typing “” and voila! You can see all plugins he might be using.


• • •
Older Post »
Using modified "Sitepoint-like" Theme. kamaruddin [-at-] gmail *dot* com