I recently created an album on Facebook and uploaded photos into it. Then I realized that I have to modify the description of the album that I’ve created. After editing the description of the Album, I kept on hitting the button named “Done”, nothing happened.
I even tried modifying the date, album title, location and album contributors but still the button seemed “disabled”. But after trying some steps, finally I have successfully edited the album.
Here’s how I modified/changed the album name. description and other settings:
- Go to the album page.
- Hit the “Edit” button located at the upper-right corner of the page.
- Here you can edit the album title, description, location, privacy, album contributors and photo description.
- After modifying the information about the album, hitting the button “Done” will not save the things that you have done. So what I did was I add a photo by clicking the “Add Photos” button.
- Afterwards, if you tap “Post Photos” this will upload new photos and save changes that you’ve done with the album or you may tap on the “Cancel” button which it will cancel the upload of the new photo but it will save changes that you’ve done with the album.
While building a WebApp using BOOTSTRAP I’ve encountered a query regarding the navbar. Upon navigating to other page, the item selected does not automatically become active.
Ta Da! Comment Below for suggestions!
PHP 5.3.9 Released!
The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related.
Security Enhancements and Fixes in PHP 5.3.9:
Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
Fixed bug #55609 (mysqlnd cannot be built shared)
Many changes to the FPM SAPI module
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
Because the Android operating system is a relative newcomer to the mobile phone market, a strong and cohesive Android Internet support community appears to be lacking. Without an adequate Android support system in place, many Android users are left in the dark when it comes to many tricky tasks, like installing third party applications to their Android mobile phones. In order to install third party applications to your Android phone, you need to install APK, or Android Package, files. In this article, we will cover the two ways you can install APK files to your Android phone and show you how to take advantage of the wide variety of third party Android applications currently available.
Installing Applications Through the Android Market
The Android Market is essentially Android’s answer to Apple’s iPhone App Store. As of September 2009, the Android Market already offered well over 10,000 applications, and this number has only continued to grow. In addition to the applications the Android Market offers, you can also use it to install other downloaded third party applications.
- Copy the APK file to your Android’s memory card and insert the card into your phone.
- Download and install the Apps Installer application from the Android Market
- Once installed, the Apps Installer will display the APK files on the memory card.
- Click and install your APK files.
Installing Applications With Android SDK
It is possible to install APK files without utilizing the Android Market, although the process is more difficult and complex. To avoid the Android Market, you need to use Android SDK.
- Download and install the Google Android SDK program and the Android USB drivers. The download links are as follows: http://code.google.com/android/intro/installing.html
- You need to modify your Android’s settings to allow the installation of applications from other sources. Under “Settings,” select “Application Settings” and then enable “Unknown Sources.” Also under “Settings,” select “SD Card” and “Phone Storage,” and finally enable “Disable Use for USB Storage”
- This last step is easy. Open Command Prompt and type the following: adb install <1>/<2>.apk
- However, when you type the command, replace <1> with the path to your APK file and replace <2> with the name of the APK file.
- You’re done! Your application is now ready for your use and enjoyment.
This post is the third and final entry for our 3-part series on HTML5. You may check the previous two entries, HTML5 – The Good, and HTML5 – The Bad.
Welcome back to the final part of our miniseries on HTML5 and the security issues surrounding it. Today, we are going to look at what, in my opinion, is the scariest security concern HTML5 introduces by a long margin: BITB (Botnets In The Browser).
Below is an extract from our newly released paper on HTML5 Attacks:
Stages of A Browser-Based Botnet Attack
- Persistence: A browser-based botnet by its very nature will not be as persistent as a traditional botnet. As soon as a victim closes the browser tab, the malicious code will stop running. An attacker will need to bear this in mind, and the tasks given to browser-based botnets should be designed to take into account the transitory nature of botnet nodes. The ability to easily reinfect systems is important, so attack vectors such as using a persistent XSS and compromising sites are most likely.Another approach is to combine clickjacking and tabnabbing. Clickjacking is first used to force a victim to open another web page with the exact same content as the original page. While the victim browses the content he expects to see, the malicious tab runs in the background. To even further extend the malicious tab’s life, the attacker can use tabnabbing —- disguising the original tab and page as a commonly opened page such as Google orYouTube.Perhaps an even simpler form of persistence is to display the malicious page as an interactive game. Ideally, the game should be designed so that the user will keep it open all day, occasionally coming back to it to complete some new task.
- Payload:This attack can result in the following possibilities:
- DDoS Attacks:The web worker can use Cross Origin Requests to send thousands of GET requests to a target site, resulting in Denial of Service.
- Spamming: Using poorly configured web forms on site’s Contact Us pages, a bot can be used to generate spam
- Bitcoin generation: Bitcoins are the new currency of choice for the cybercrime underground. Several browser-based Bitcoin generators currently exist.
- Phishing: Using the tabnabbing approach, an attacker can change the look of a malicious tab each time the tab loses focus. As a result, each time a victim returns to the tab, he will be presented with the login for a different service, allowing the attacker to steal his credentials.
- Internal network reconnaissance: Using the techniques described in this paper, an attacker can perform a vulnerability or port scan of a victim’s network.
- Proxy network usage: Using the same approach the Shell of the Future tool utilizes, a network of compromised systems can allow an attacker to proxy attacks and network connections, making these more difficult to trace.
- Spreading: The botnet can be programmed to have a worm component that spreads via XSS attacks or SQL injections in vulnerable sites.
For me, this represents a significant new capability in the arsenal of an attacker, and something that we will definitely see an increase of in the near future – especially in the area of targeted attacks. While traditional defenses against malware are not ideally suited to blocking this new attacker vector – there are two free tools which can offer very good protection:
- BrowserGuard: Trend Micro’s own BrowserGuard tool includes a range of features to block web-based attacks, including advanced heuristic technologies.
Our paper HTML5 Overview: A look at HTML5 Attack Scenarios is now online and available for download.