Alex Concha http://alex.buayacorp.com Blog focused on web security, computer science and work experiences Fri, 25 Sep 2009 22:21:03 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 TeX: Autorefresh for your PDF documents in Windows http://alex.buayacorp.com/tex-autorefresh-for-your-pdf-documents-in-windows.html http://alex.buayacorp.com/tex-autorefresh-for-your-pdf-documents-in-windows.html#comments Fri, 25 Sep 2009 22:21:03 +0000 alex http://alex.buayacorp.com/?p=34 SumatraPDF for TeX users is a modified version of SumatraPDF that supports autorefresh, pdfsync backward and forward synchronization and synctex synchronization.

]]> http://alex.buayacorp.com/tex-autorefresh-for-your-pdf-documents-in-windows.html/feed 0 Java Server Faces sucks as much as ASP.NET webforms? http://alex.buayacorp.com/java-server-faces-sucks-as-much-as-asp-net-webforms.html http://alex.buayacorp.com/java-server-faces-sucks-as-much-as-asp-net-webforms.html#comments Mon, 14 Sep 2009 14:14:33 +0000 alex http://alex.buayacorp.com/?p=31 My classes have started again and like the last year, it seems everyone likes Java here.
Although I have no experience with Java, JSF and ASP.NET Webforms look very similar. I hope I am wrong, because they are “forcing us” to use it for a project because “it is cool”.

]]> http://alex.buayacorp.com/java-server-faces-sucks-as-much-as-asp-net-webforms.html/feed 0 Graffiti CMS Arbitrary File Upload Vulnerability http://alex.buayacorp.com/graffiti-cms-arbitrary-file-upload-vulnerability.html http://alex.buayacorp.com/graffiti-cms-arbitrary-file-upload-vulnerability.html#comments Sat, 12 Sep 2009 20:54:11 +0000 alex http://alex.buayacorp.com/graffiti-cms-arbitrary-file-upload-vulnerability.html It seems the FCKeditor’s bug is the same I discovered in Graffiti CMS. If anyone is interested, the details are published in milw0rm.

]]> http://alex.buayacorp.com/graffiti-cms-arbitrary-file-upload-vulnerability.html/feed 0 I’m back http://alex.buayacorp.com/im-back.html http://alex.buayacorp.com/im-back.html#comments Sat, 12 Sep 2009 20:45:37 +0000 alex http://alex.buayacorp.com/?p=28 It seems that it is time to start blogging again. :)

]]> http://alex.buayacorp.com/im-back.html/feed 0 Programming: You’re Doing it Completely Wrong http://alex.buayacorp.com/programming-youre-doing-it-completely-wrong.html http://alex.buayacorp.com/programming-youre-doing-it-completely-wrong.html#comments Sat, 27 Oct 2007 16:22:08 +0000 alex http://alex.buayacorp.com/programming-youre-doing-it-completely-wrong.html

Programming: You're Doing It Completely Wrong

]]> http://alex.buayacorp.com/programming-youre-doing-it-completely-wrong.html/feed 2 Insecure Way to Upgrade to WordPress 2.3 http://alex.buayacorp.com/insecure-way-to-upgrade-to-wordpress-23.html http://alex.buayacorp.com/insecure-way-to-upgrade-to-wordpress-23.html#comments Tue, 25 Sep 2007 14:28:50 +0000 alex http://alex.buayacorp.com/insecure-way-to-upgrade-to-wordpress-23.html As you may already know, WordPress 2.3 has been released yesterday and many folks around the world are sharing their upgrade experiences. The one that caught my attention was the “5 Step Failsafe upgrade for WordPress” published at BlogSecurity.

Not offense intended but I wonder why a blog dedicated to security recommends an insecure backup plugin that can allow anyone to download database backups or any file from the file system.

If you are planning to upgrade your WordPress blog, just try to do manual steps because many backup plugins are very insecure — if you still want to use some of them, deactivate it when the upgrade process is completed.

]]> http://alex.buayacorp.com/insecure-way-to-upgrade-to-wordpress-23.html/feed 8 Enable tag support on Windows Live Writer and WordPress 2.3 http://alex.buayacorp.com/enable-tag-support-on-windows-live-writer-and-wordpress-23.html http://alex.buayacorp.com/enable-tag-support-on-windows-live-writer-and-wordpress-23.html#comments Thu, 20 Sep 2007 12:45:59 +0000 alex http://alex.buayacorp.com/enable-tag-support-on-windows-live-writer-and-wordpress-23.html Update: Joseph Scott has made a better manifest file.

As you may already know, Wordpress 2.3 will have built-in tag support and to enable tags on Windows Live Writer you have to upload a manifest file to your blog’s root.

xml:

<manifest xmlns="http://schemas.microsoft.com/wlw/manifest/weblog">
<options>
<supportskeywords>Yes</supportskeywords>
<supportsfileupload>Yes</supportsfileupload>
<supportsextendedentries>Yes</supportsextendedentries>
<supportscustomdate>Yes</supportscustomdate>
<supportscategories>Yes</supportscategories>
<supportscategoriesinline>Yes</supportscategoriesinline>
<supportsmultiplecategories>Yes</supportsmultiplecategories>
<supportshierarchicalcategories>Yes</supportshierarchicalcategories>
<supportsnewcategories>Yes</supportsnewcategories>
<supportsnewcategoriesinline>Yes</supportsnewcategoriesinline>
<supportscommentpolicy>Yes</supportscommentpolicy>
<supportspingpolicy>Yes</supportspingpolicy>
<supportsauthor>Yes</supportsauthor>
<supportsslug>Yes</supportsslug>
<supportspassword>Yes</supportspassword>
<supportsexcerpt>Yes</supportsexcerpt>
<supportstrackbacks>Yes</supportstrackbacks>
<supportspages>Yes</supportspages>
<supportspageparent>Yes</supportspageparent>
<supportspageorder>Yes</supportspageorder>
<requiresxhtml>True</requiresxhtml>
<supportsautoupdate>No</supportsautoupdate>
</options>
<weblog>
<homepagelinktext>View your blog</homepagelinktext>
<adminlinktext>Administer your blog</adminlinktext>
<adminurl><!--[CDATA[
{blog-homepage-url}wp-admin
]]--></adminurl></weblog></manifest>

<posteditingurl><!--[CDATA[
{blog-homepage-url}wp-admin/edit.php
]]--></posteditingurl>
 
]]> http://alex.buayacorp.com/enable-tag-support-on-windows-live-writer-and-wordpress-23.html/feed 4 YouTube to MP3 Converter http://alex.buayacorp.com/youtube-to-mp3-converter.html http://alex.buayacorp.com/youtube-to-mp3-converter.html#comments Tue, 18 Sep 2007 02:23:11 +0000 alex http://alex.buayacorp.com/youtube-to-mp3-converter.html Check out this handy Free YouTube to MP3 Converter ;)


YouTube to MP3 Converter

You can download from dvdvideosoft.

]]> http://alex.buayacorp.com/youtube-to-mp3-converter.html/feed 0 Selling exploits http://alex.buayacorp.com/selling-exploits.html http://alex.buayacorp.com/selling-exploits.html#comments Fri, 24 Aug 2007 14:18:39 +0000 alex http://alex.buayacorp.com/selling-exploits.html Today I received a mail from a guy who want to buy some exploits for WordPress.

Hi. I have seen exploits for wordpress at milw0rm uploaded by you. If you have this kind of scripts for newer versions of wordpress i can buy them.

I responded:

Actually I only have one remote exploit for WordPress <= 2.2.2, it lets you retrieve user credentials from affected blogs. How much do you offer?

Actually, I’m not interested in selling exploits because they can be used to compromise many vulnerable blogs — two years ago my Spanish blog was defaced in the same fashion, but I wonder how much cost WordPress exploits.

Let’s see what he’ll respond :)

]]> http://alex.buayacorp.com/selling-exploits.html/feed 0 How to drive your manager crazy in three easy steps… http://alex.buayacorp.com/how-to-drive-your-manager-crazy-in-three-easy-steps.html http://alex.buayacorp.com/how-to-drive-your-manager-crazy-in-three-easy-steps.html#comments Tue, 07 Aug 2007 04:08:09 +0000 alex http://alex.buayacorp.com/how-to-drive-your-manager-crazy-in-three-easy-steps.html How to drive your manager crazy in three easy steps

Original image: CodeComics

]]> http://alex.buayacorp.com/how-to-drive-your-manager-crazy-in-three-easy-steps.html/feed 0