Comments for Dinesh Mistry: http://www.dman.com Search Engine Optimization, InfoSec and Ethical Hacking Tue, 08 Nov 2011 07:42:56 +0000 hourly 1 Comment on Tracking Google Instant Partial Queries in Google Analytics by MCA Suman http://www.dman.com/tracking-google-instant-partial-queries-in-google-analytics/#comment-284 MCA Suman Tue, 08 Nov 2011 07:42:56 +0000 http://www.dman.com/?p=354#comment-284 Field B -> Extract B: Medium:^organic$ I am not getting this (Medium) option in Field B, Google has been remove it or make other option... Please tell me the same... Field B -> Extract B: Medium:^organic$

I am not getting this (Medium) option in Field B, Google has been remove it or make other option…

Please tell me the same…

]]> Comment on Google Launches New Algorithm Update to Target Link Farms by Tweets that mention Google Launches New Algorithm Update to Target Link Farms -- Topsy.com http://www.dman.com/google-launches-farmer-algorithm-updat/#comment-112 Tweets that mention Google Launches New Algorithm Update to Target Link Farms -- Topsy.com Fri, 25 Feb 2011 05:00:53 +0000 http://www.dman.com/?p=556#comment-112 [...] This post was mentioned on Twitter by Jason Stultz and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Google Launches New Algorithm Update to Target Link Farms http://bit.ly/evYAcK [...] [...] This post was mentioned on Twitter by Jason Stultz and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Google Launches New Algorithm Update to Target Link Farms http://bit.ly/evYAcK [...]

]]> Comment on Cloud Computing – Multi-Tenancy and Application Security by Tweets that mention Cloud Computing - Multi-Tenancy and Application Security -- Topsy.com http://www.dman.com/cloud-computing-multi-tenancy-and-application-security/#comment-109 Tweets that mention Cloud Computing - Multi-Tenancy and Application Security -- Topsy.com Thu, 24 Feb 2011 02:50:27 +0000 http://www.dman.com/?p=548#comment-109 [...] This post was mentioned on Twitter by Trevor Hinson and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Cloud Computing - Multi-Tenancy and Application Security http://bit.ly/hXRSMh [...] [...] This post was mentioned on Twitter by Trevor Hinson and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Cloud Computing – Multi-Tenancy and Application Security http://bit.ly/hXRSMh [...]

]]> Comment on Steal iPhone passwords in six minutes by Tweets that mention Steal iPhone passwords in six minutes -- Topsy.com http://www.dman.com/steal-iphone-passwords-in-six-minutes/#comment-98 Tweets that mention Steal iPhone passwords in six minutes -- Topsy.com Fri, 11 Feb 2011 04:57:17 +0000 http://www.dman.com/?p=514#comment-98 [...] This post was mentioned on Twitter by Defcon 201 and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Steal iPhone passwords in six minutes http://bit.ly/eIcAi4 [...] [...] This post was mentioned on Twitter by Defcon 201 and Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Steal iPhone passwords in six minutes http://bit.ly/eIcAi4 [...]

]]> Comment on Experiment – How Twitter Links Effect Search Engine Ranking by Tweets that mention Experiment - How Twitter Links Effect Search Engine Ranking -- Topsy.com http://www.dman.com/experiment-how-twitter-links-effect-search-engine-ranking/#comment-90 Tweets that mention Experiment - How Twitter Links Effect Search Engine Ranking -- Topsy.com Fri, 10 Dec 2010 22:13:51 +0000 http://www.dman.com/?p=431#comment-90 [...] This post was mentioned on Twitter by MyFairyTaleBooks, Dinesh Mistry. Dinesh Mistry said: New Post: Experiment - How Twitter Links Effect Search Engine Ranking http://bit.ly/eyAa8s [...] [...] This post was mentioned on Twitter by MyFairyTaleBooks, Dinesh Mistry. Dinesh Mistry said: New Post: Experiment – How Twitter Links Effect Search Engine Ranking http://bit.ly/eyAa8s [...]

]]> Comment on Hacking With Copier Machines by Tweets that mention Hacking With Copier Machines -- Topsy.com http://www.dman.com/hacking-with-copier-machine/#comment-86 Tweets that mention Hacking With Copier Machines -- Topsy.com Mon, 08 Nov 2010 03:41:14 +0000 http://www.dman.com/?p=411#comment-86 [...] This post was mentioned on Twitter by Defcon 201, Dinesh Mistry. Dinesh Mistry said: New Post: Hacking With Copier Machines http://bit.ly/9L6wpg [...] [...] This post was mentioned on Twitter by Defcon 201, Dinesh Mistry. Dinesh Mistry said: New Post: Hacking With Copier Machines http://bit.ly/9L6wpg [...]

]]> Comment on Peek-a-boooooooo – Default web pages, and why you should care to change or eliminate them by Jason http://www.dman.com/default-web-pages-and-why-you-should-change-them/#comment-72 Jason Fri, 15 Oct 2010 15:59:42 +0000 http://www.dman.com/?p=144#comment-72 Also, note that you can find more sensitive information with even more basic queries. For example, searching for <a href="http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3AQDF+QDF" rel="nofollow">filetype:QDF QDF</a> will yield a slough of interesting details from folks who have allowed Quicken detail to be crawled. Also, note that you can find more sensitive information with even more basic queries. For example, searching for filetype:QDF QDF will yield a slough of interesting details from folks who have allowed Quicken detail to be crawled.

]]> Comment on Google Instant Expands – Adds Keyboard Navigation by Tweets that mention Google Instant Expands - Adds Keyboard Navigation -- Topsy.com http://www.dman.com/google-instant-expands-adds-keyboard-navigation/#comment-49 Tweets that mention Google Instant Expands - Adds Keyboard Navigation -- Topsy.com Thu, 30 Sep 2010 00:54:09 +0000 http://www.dman.com/?p=390#comment-49 [...] This post was mentioned on Twitter by HomePCTechnician, Dinesh Mistry. Dinesh Mistry said: New Post: Google Instant Expands - Adds Keyboard Navigation http://bit.ly/cRKe2K [...] [...] This post was mentioned on Twitter by HomePCTechnician, Dinesh Mistry. Dinesh Mistry said: New Post: Google Instant Expands – Adds Keyboard Navigation http://bit.ly/cRKe2K [...]

]]> Comment on Twitter Hacked – onMouseover Bug by Dinesh Mistry http://www.dman.com/twitter-hacked-onmouseover-bug/#comment-36 Dinesh Mistry Wed, 22 Sep 2010 02:36:56 +0000 http://www.dman.com/?p=382#comment-36 Good question, from what I gather it only seemed to hold true for the older interface. Good question, from what I gather it only seemed to hold true for the older interface.

]]> Comment on Twitter Hacked – onMouseover Bug by HudsonValleyTec http://www.dman.com/twitter-hacked-onmouseover-bug/#comment-35 HudsonValleyTec Wed, 22 Sep 2010 02:35:43 +0000 http://www.dman.com/?p=382#comment-35 Did this hold true for the new twitter.com interface or just the old one? Did this hold true for the new twitter.com interface or just the old one?

]]> Comment on Twitter Hacked – onMouseover Bug by Tweets that mention Twitter Hacked - onMouseover Bug -- Topsy.com http://www.dman.com/twitter-hacked-onmouseover-bug/#comment-34 Tweets that mention Twitter Hacked - onMouseover Bug -- Topsy.com Wed, 22 Sep 2010 00:17:10 +0000 http://www.dman.com/?p=382#comment-34 [...] This post was mentioned on Twitter by Jason Stultz and HomePCTechnician, Dinesh Mistry. Dinesh Mistry said: New Post: Twitter Hacked - onMouseover Bug http://bit.ly/95DeBK [...] [...] This post was mentioned on Twitter by Jason Stultz and HomePCTechnician, Dinesh Mistry. Dinesh Mistry said: New Post: Twitter Hacked – onMouseover Bug http://bit.ly/95DeBK [...]

]]> Comment on Stack-based buffer overflow – Adobe Reader and Acrobat 9.3.4 by Tweets that mention Stack-based buffer overflow - Adobe Reader and Acrobat 9.3.4 -- Topsy.com http://www.dman.com/stack-based-buffer-overflow-adobe-reader-and-acrobat-9-3-4/#comment-26 Tweets that mention Stack-based buffer overflow - Adobe Reader and Acrobat 9.3.4 -- Topsy.com Wed, 15 Sep 2010 05:52:07 +0000 http://www.dman.com/?p=365#comment-26 [...] This post was mentioned on Twitter by Ganesh babu, Dinesh Mistry. Dinesh Mistry said: New Post: Stack-based buffer overflow - Adobe Reader and Acrobat 9.3.4 http://bit.ly/9IG1ES [...] [...] This post was mentioned on Twitter by Ganesh babu, Dinesh Mistry. Dinesh Mistry said: New Post: Stack-based buffer overflow – Adobe Reader and Acrobat 9.3.4 http://bit.ly/9IG1ES [...]

]]> Comment on Google Instant – New Search Enhancement by Tracking Google Instant Partial Queries in Google Analytics http://www.dman.com/google-instant-new-search-enhancement/#comment-18 Tracking Google Instant Partial Queries in Google Analytics Thu, 09 Sep 2010 02:55:59 +0000 http://www.dman.com/?p=339#comment-18 [...] previous post describes Google Instant and the new search results user interface. Now that folks have had several hours to play certain [...] [...] previous post describes Google Instant and the new search results user interface. Now that folks have had several hours to play certain [...]

]]> Comment on Internet Explorer 8 | Arbitrary Sites allowed to tweet by J http://www.dman.com/internet-explorer-8-arbitrary-sites-allowed-to-tweet/#comment-12 J Sat, 04 Sep 2010 17:27:29 +0000 http://www.dman.com/?p=316#comment-12 Very interesting article, yay for session-hijacking. Very interesting article, yay for session-hijacking.

]]> Comment on Internet Explorer 8 | Arbitrary Sites allowed to tweet by Tweets that mention Internet Explorer 8 | Arbitrary Sites allowed to tweet -- Topsy.com http://www.dman.com/internet-explorer-8-arbitrary-sites-allowed-to-tweet/#comment-11 Tweets that mention Internet Explorer 8 | Arbitrary Sites allowed to tweet -- Topsy.com Sat, 04 Sep 2010 03:12:12 +0000 http://www.dman.com/?p=316#comment-11 [...] This post was mentioned on Twitter by Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Internet Explorer 8 | Arbitrary Sites allowed to tweet http://bit.ly/9tydR7 [...] [...] This post was mentioned on Twitter by Kelly Mistry, Dinesh Mistry. Dinesh Mistry said: New Post: Internet Explorer 8 | Arbitrary Sites allowed to tweet http://bit.ly/9tydR7 [...]

]]> Comment on Crazy Egg – A Must Have Analytics Tool by Dinesh http://www.dman.com/crazy-egg-is-a-must-have-too/#comment-10 Dinesh Fri, 27 Aug 2010 12:57:49 +0000 http://www.dman.com/?p=236#comment-10 Alex, Sure. So just to be clear this was for another site not this one. What I learned was that most all of the visitors clicked links on the left hand side of the screen; I initially had 2 navigation areas (left & right). I was able to notice that 80% of clicks occurred on the left side which meant my navigation (and ultimately content/pages) on the right was only seen by a few visitors. Switching the navigation 100% to the left, increased my click thru, which lead to an increase in conversation rate. Visitors were able to actually find the products they were looking for! Alex,

Sure. So just to be clear this was for another site not this one. What I learned was that most all of the visitors clicked links on the left hand side of the screen; I initially had 2 navigation areas (left & right). I was able to notice that 80% of clicks occurred on the left side which meant my navigation (and ultimately content/pages) on the right was only seen by a few visitors. Switching the navigation 100% to the left, increased my click thru, which lead to an increase in conversation rate. Visitors were able to actually find the products they were looking for!

]]> Comment on Crazy Egg – A Must Have Analytics Tool by Alex http://www.dman.com/crazy-egg-is-a-must-have-too/#comment-9 Alex Thu, 26 Aug 2010 17:20:41 +0000 http://www.dman.com/?p=236#comment-9 I just started using Crazy Egg as well. I picked it up from SumoApp, fantastic deal. The app is awesome. Easy to use and very visual. Can you explain what kind of changes and adjustments you made after using Crazy Egg? I just started using Crazy Egg as well. I picked it up from SumoApp, fantastic deal. The app is awesome. Easy to use and very visual.

Can you explain what kind of changes and adjustments you made after using Crazy Egg?

]]> Comment on .htaccess 101: how to password protect a directory by Jay http://www.dman.com/htaccess-101-how-to-password-protect-a-directory/#comment-3 Jay Wed, 23 Jun 2010 01:59:48 +0000 http://www.dman.com/?p=120#comment-3 Good advice; far too few small-shop webpages have proper access control in place, this is definitely a step (out of many) in the right direction. I cannot emphasize enough the significance of ensuring that the password file is stored <b>outside</b> of the web directory. Even if it only contains hashes, a well-equipped novice hacker could easily use a brute force tool such as <i>John</i> to enumerate the keys to your web server "castle". Additionally, ensure that access to these files is strictly locked down (<i>man chmod</i> may very well be your best friend), especially if the server resides within a shared environment. Good advice; far too few small-shop webpages have proper access control in place, this is definitely a step (out of many) in the right direction.

I cannot emphasize enough the significance of ensuring that the password file is stored outside of the web directory. Even if it only contains hashes, a well-equipped novice hacker could easily use a brute force tool such as John to enumerate the keys to your web server “castle”. Additionally, ensure that access to these files is strictly locked down (man chmod may very well be your best friend), especially if the server resides within a shared environment.

]]> Comment on Cross Site Scripting (XSS) Attack by Jay http://www.dman.com/cross-site-scripting-xss-attack/#comment-4 Jay Wed, 23 Jun 2010 01:36:19 +0000 http://www.dman.com/?p=131#comment-4 I'm guessing the "auto-attack" he's referring to in said post is actually what's referred to as <i>Persistent</i> XSS, in which a user enters a strategically-crafted string (possibly including JS, VBS, ActiveX, etc) into a form that serves as database input via a web application. That database input may potentially be called by the web frontend as part of a dynamically-produced page (in the context of a SELECT statement made by the application), serving the script to the browser as parsed HTML. The script may contain a malicious payload, and can potentially compromise the browsing system (e.g. The newest version of the ASPRox botnet propagation tool features a form injector that allows this method to be exploited) This can be prevented by using one (or more) of the below tactics, which are listed in order of feasibility and effectiveness from greater to lesser: - Validate form input within the web application code - there are libraries to make this reasonably easy. - Validate database output to avoid dynamically producing a webpage that includes unexpected script content. - Run a script to audit the contents of the database for unexpected special characters (primarily things like '<'). This is time and resource consuming, though periodic integrity checks are always a good idea. As a web user, I highly recommend utilizing an addon such as <i>noscript</i> as a precautionary measure against Persistent Cross-Site Scripting. I’m guessing the “auto-attack” he’s referring to in said post is actually what’s referred to as Persistent XSS, in which a user enters a strategically-crafted string (possibly including JS, VBS, ActiveX, etc) into a form that serves as database input via a web application. That database input may potentially be called by the web frontend as part of a dynamically-produced page (in the context of a SELECT statement made by the application), serving the script to the browser as parsed HTML. The script may contain a malicious payload, and can potentially compromise the browsing system (e.g. The newest version of the ASPRox botnet propagation tool features a form injector that allows this method to be exploited) This can be prevented by using one (or more) of the below tactics, which are listed in order of feasibility and effectiveness from greater to lesser:
- Validate form input within the web application code – there are libraries to make this reasonably easy.

- Validate database output to avoid dynamically producing a webpage that includes unexpected script content.

- Run a script to audit the contents of the database for unexpected special characters (primarily things like ‘<'). This is time and resource consuming, though periodic integrity checks are always a good idea.

As a web user, I highly recommend utilizing an addon such as noscript as a precautionary measure against Persistent Cross-Site Scripting.

]]> Comment on Wireless Network Security vs Wired Security by Kelly http://www.dman.com/wireless-network-security-vs-wired-security/#comment-2 Kelly Fri, 01 Jan 2010 02:21:55 +0000 http://www.dman.com/?p=29#comment-2 This was very helpful! This was very helpful!

]]>