Just Learned: Self-XSS

0

Have you ever tried chrome inspector with Facebook? If so, I am sure you have seen this. This warning message is to help prevent Self-XSS scams.

Facebook-Self-XSS-Warning

Self-XSS

Self-XSS is a social engineering attack that is designed to gain control of your social media account. In a self-XSS attack, an attacker convinces a user to runs malicious code on the address bar of his/her web browser.

Following video covers both share-baiting (a pure social engineering attack) and self-XSS (a combination of social engineering and a browser vulnerability).

 

Addition Reference:

How to create formatted console.log message

https://developer.chrome.com/devtools/docs/console

console.log ("%cThis will be formatted with large, blue text", "color: blue; font-size: x-large");

Formatted Crome Console

How Facebook disabled Chrome developer console earlier

http://stackoverflow.com/questions/21692646/how-does-facebook-disable-the-browsers-integrated-developer-tools/21692733#21692733

Automate PNG & JPG Image Optimization

0

Download Source Code

Introduction

If you are a web developer, you already know how important to reduce the image size by compressing the image. When you are checking the page speed using the tool like “Google PageSpeed Insight” or “Yahoo YSlow”, you can see how many bytes we can save by compressing the image.

Google:Page Speed

Images saved from programs like Fireworks can contain kilobytes of extra comments, and use too many colors, even though a reduction in the color palette may not perceptibly reduce image quality. Improperly optimized images can take up more space than they need to; for users on slow connections, it is especially important to keep image sizes to a minimum.

You should perform both basic and advanced optimization on all images. Basic optimization includes cropping unnecessary space, reducing the color depth to the lowest acceptable level, removing image comments, and saving the image to an appropriate format. You can perform basic optimization with any image editing program, such as GIMP.  Advanced optimization involves further (lossless) compression of JPEG and PNG files. You should see a benefit for any image file that can reduced by 25 bytes or more (less than this may not result in any appreciable performance gain). Optimize images  https://developers.google.com/speed/docs/best-practices/payload#CompressImages >

There are some online tools like “Yahoo Smush.it” use lossless compression techniques and reduce file size by removing the unnecessary bytes from the image. However, if you want to make it automate, how do you do that? Several standalone tools are available that perform lossless compression on JPEG and PNG files.

For JPG Google recommended using,

  • Jpegtran – available for both Windows and Linux and Mac
  • Jpegoptim – available only on Linux

For PNG Google recommended using,

Using the code

Here I wrote a windows batch file that recursively search the given folder and optimized the JPEG and PNG files.

  1. Download jpegtran, OptPNG and PNGOUT executable files. (Or download attached zip file all the necessary files already included)
  2. Create a folder “ImageOptimization” in your C:\ Drive. (You can change those name and folder location by editing the batch file content) and put above downloaded utility files there.
  3. Create a batch file “optimize.bat” within the folder and copy following code into it
    @echo none
    REM Optimizing JPEG with jpegtran
    forfiles /p %1 /s /m "*.jpg" /c "cmd /c  echo processing @path && D:\ImageOptimization\jpegtran.exe -optimize -progressive -copy none -outfile @path @path"
    REM Optimizing PNG with pngout
    forfiles /p %1 /s /m "*.png" /c "cmd /c  echo processing @path && D:\ImageOptimization\pngout.exe @path"
    REM Optimizing PNG with optipng
    rem forfiles /p %1 /s /m "*.png" /c "cmd /c  echo processing @path && D:\ImageOptimization\optipng.exe -force -o7 @path"
    pause
    

    Although I included both PNGOUT and OPTPNG in the script you no need to use both.

  4. Finally, you can execute the bat file by passing the image folder you wish to optimize
    optimize.bat “D:\image”

How it works

  • forfiles command – Select a file (or set of files) and execute a command on each file (Batch processing) Refer: http://ss64.com/nt/forfiles.html
  • %1 – accept the folder as a parameter. In above example, this equals to “D:\Image”

forfiles command find all the images in the given directory (recursively) and execute the optimizing executable by passing the image as a parameter to them (@path).

Try

  1. You can further improve by adding this batch command as a context menu command
    http://msdn.microsoft.com/en-us/library/windows/desktop/cc144169(v=vs.85).aspx
  2. Alternatively, even you can use a scheduler (e.g. Windows scheduler) to find the daily updated file and optimize them by slightly modifying the forfiles command with “/d” option.

How to transfer ownership of your android application

0

Suppose you have developed an Android game and publish that on the Google play. Many users downloaded your app, and you have released few versions also. What if a company wants to acquire your app game? You need to transfer your app to the new business account, and it should display as their registered app. Google makes it quicker and easier way to transfer the ownership of application from one account to another account.

  1. First you have to login to the Google play publish account using the original app owner’s credentials.
  2. Then click Help & Feedback -> Contact Support
    Google Play: Contact Support
  3. Select “I would like to have my apps transferred to a new account. Once you select that it asks to fill the form to resolve the issue.
    Google Play: Contact Support
    Google Play: App Transfer Form
  4. Follow the provided guidelines. It contains several checklist to make sure you are ready to submit the transfer request
    Google Play: App Transfer Checklist
    Make sure,
    You’ll need to prepare both developer account tosubmit your app transfer.

    Original Account – This is the account where your app is currently published.
    Target Account – This is the account you want to transfer your app to.

    Google Play: App Transfer Checklist
    Google Play: Checklist step

  5. Finally, Fill the “Application Transfer Request” and submit the form. Normally Google responds to your request within a day, and if all the details are correct they transfer the app to new account
    Google Play: App Transfer Final Step
    Google Play: Application Transfer Request Form

Google Play: Submit Success