Another serious Web Browser hole

Contexis Security has found a BIG problem with WebGL implementations on Windows, Mac and Linux have numerous vulnerabilities which allow malicious web pages to capture any window on the system or crash the computer, according to research from Context Information Security. They actually demonstrate how to steal user data through web browsers using this vulnerability!

The report comes right on the heels of Microsoft’s denunciation yesterday of the security architecture of WebGL and announcement that it wouldn’t be seen in Microsoft products any time soon see here .

Sheesh! IE 9 is proving to be WAY more secure that FireFox and even Chrome! But until I can get the Firefox Extensions I use (or comparable) in IE I’m still a FireFox guy.

So let’s fix that:
To Disabe WebGL in Firefox 4

1. Type about:config in Firefox address bar and continue on through past the warning dialog.

2. Type "webgl.disabled" (no quotes) into the Filter box then Double click Webgl.disabled entry and turn its value into “True”.

3. Restart Firefox browser, WebGL is now disabled in Firefox 4.

To disable WebGL in Google Chrome you will need to:

1. Rright-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

2. Restart Chrome

As always please keep your systems, Web Browses and their plug-ins, Anti-virus/Antispyware software, and applications (especially Adobe products!!) up to date and fully patched.

And try and be vigilant about security and always ‘on guard’.

WordPress 500 internal Server Error xmlrpc.php fix part 2

I had this issue previously and it appeared resolved. But it has returned after upgrading my WordPress installation to 3.x.

So I tried the simple thing of just disabling all my plug-ins but that didn’t do it this time.

I had to do that (disable my plug-ins as described here) and all this too!

I hope this helps some of you. Please make sure you have a complete backup of our MYSQL dbase AND your blog in case you hose something! I am a nut about backups and you should be too.

OK so..

Do this:
1. Using either FTP or CPanel, navigate to your WordPress root directory.
2. You should find the file “xmlrpc.php” there. Make a back up copy of it, just in case. Download it and then.
3. Open xmlrpc.php in an editor
4. Go to the end of the file.
5. Put your cursor after the final ?>
6. Delete anything there, including spaces, or blank lines.
7. Save the edited xmlrpc.php back to your WordPress root directory. [I also changed the permissions on this file to allow the Owner to ‘Execute’ too!]

image

Then:

If you don’t have one (php.ini) then create a text file and name it “php.ini” (without the quotes 😉 ) and with a single line of code in it:

memory=20MB

[If you have one just add that line.]
This file has to be placed into the root directory OR /wp-admin/ within your WordPress installation.
It caused me problems being in the /wp-admin/ directory so I deleted it from there and place it in the root of my blog /mysite/blog/
So keep that in mind!
Also if you are creating the file locally and then uploading it make sure you change the file to a .ini and it does not still have the .txt extension on it.

Then you might want to find your .htaccess file
[It is a hidden file! So if you are using an FTP client make sure you set your ‘filter’ with the ‘-a’ option to ‘see hidden files’ and directories.]
Add this line to the beginning of the file:

AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
<Files xmlrpc.php>
SecFilterInheritance Off
</Files>

And lastly I did this

Run the following database query to change the data type on the post_parent column:

ALTER TABLE wp_posts CHANGE post_parent post_parent BIGINT;

So after a few hours of aggravation I can now publish posts with loads of content from Window Live Writer again!

UPDATE: This guy here has a new solution for 1&1 users that works well!

Windows Live Writer WordPress 500 Internal Server Error

This problem cropped up and recently and really got me pissed.

I absolutely LOVE Windows Live Writer. If you post often to sites or blogs this is probably the best tool I’ve found for easy posting, short of a full fledged website/content management application or system [Dreamweaver, SharePoint or the like]. I will post much more in the future on all you can do with this application or you can just ‘Google’ your time away and look for tips.

But.
Basically what happed when I used Windows Live Writer to upload my blog post to one of my websites that has a WordPress installation I then got the error message with the xmlrpc.php:

image

So I set out to find the solution with the best support tool around – Google

I tried this:
http://affiliate-minder.com/wordpresstutorials/livewriter-500-server-error-xmlrpc/
and this:
http://www.codedifferent.com/2009/01/12/solution-for-500-internal-server-error-after-upgrading-to-wordpress-27-at-1and1-server/
and this:
http://www.mindtweaks.com/wordpress/?p=233
and this:
http://ardentdev.com/fix-for-wordpress-xmlrpc-500-internal-server-error/
and this:
http://wordpress.org/tags/500-internal-server-error/page/2
and this:
http://www.43things.com/things/view/425695/find-out-why-xmlrpcphp-isnt-working-on-my-wordpress-blog
and a whole bunch of others.

I messed with php files, ini’s, mysql tables, and on and on.

NONE WORKED!

Then I found a site that suggested something silly:

“disable/deactivate all your plug-ins, try uploading and see what happens.”

Well dang if that didn’t work!!

I then just re-activated my plug-ins and all was good.

Maybe some of you might use this info one day.

Windows Live Applications on Windows 2003 Server

After searching far and wide I found a solution to not being able to install the lates version of Windows Live applications on Windows 2003(and 2008) Server.

My desire is pretty much for only Live Writer but all the ‘Live’ apps are now completely bundled.

You can’t simply download and install the ‘writer installer’ anymore. [this was a solution for Live Writer beta 3]

After downloading the full Windows Live installer – wlsetup-all.exe

You must make adjustments to the actual installer that will allow for a ‘server’ install (A ‘non supported’ OS).

First download and extract ‘Resource Hacker’ to a folder (desktop is simplest)

Next run ResHacker.exe and open the setup file – wlsetup-all.exe

Locate CONFIG 0. and expand

Then go to ‘View’ on the menu bar and ‘Find’ enter ‘Workstation’ and find any references and replace with Server.

Then ‘Compile’ and Save the installer.

You can then run the install and all should work!!! Did for me anyways.

Good luck.