Info: ATI Drivers 9.8 Doesnt Work with Fedora 11 (2.6.29+)

After a night out I was about to go to bed when I saw the news that ATI has released a new version of ATI Catalystโ„ข 9.8 Proprietary Linux x86 Display Driver, its proprietary display drivers for Linux. I immediately downloaded the drivers to test with my Fedora 11 as I am getting more and more desperate to watch HD Movies ๐Ÿ˜ Installed them on a manually compiled kernel 2.6.27 and the build failed ๐Ÿ™ Installed the latest kernel version (for fedora 11) 2.6.29.6.xxx and build failed yet another time. Switched back to 2.6.27 and tried to build again. This time build was successful. Everything worked as expected. I was getting 1500FPS with glxgears and 300FPS with fgl_glxgears. But after sometime display hanged inturn freezing the system. Hard reboot was the only solution and then this happened for a few times in a row. Now, I am back to radeonhd, waiting for yet another release of ATI drivers so that I can try them yet another time to see yet another failure ๐Ÿ™

Update : Drivers are working now. Move on to How To: Install ATI Catalyst (fglrx) 9.8 Drivers on Fedora 11.

 

MSN Crawlers Pawned

After seeing the way MSN crawled my last post, I just realized why Microsoft could never do good in Search Engine Market ๐Ÿ™‚

I wonder why MSN would crawler same page from two different machines. I wonder if a single page can be divided further for crawling. Checkout the screenshots below ๐Ÿ™‚

Why Google Wins

A few minutes later. Three Microsoft machines were crawling the same page ๐Ÿ˜›

MSN Crawler Pawned

I have conformed using ARIN that all these IPs belong to Microsoft ๐Ÿ˜€

 

Info: ATI Drivers 9.7 does not work in Fedora 11 (2.6.29+)

Yesterday, AMD released ATI Catalystโ„ข 9.7 Proprietary Linux x86/x86_64 Display Drivers. I happened to checkout the website today. Initially I was very excited about it hoping that these drivers will work with 2.6.29+ and I’ll be able to use my ATI Radeon HD 3200 which is lying dead since a fortnight or so. I downloaded the drivers immediately and switched to Fedora 11 default kernel. Installed the drivers and checked the install log located at /usr/share/ati/fglrx-install.log. And I saw a failure. AMD disappointed me, yet another time ๐Ÿ™

In case you happen to screw your graphics display while trying to install ATI drivers, use the following command to uninstall fglrx.

[root@fedora ~]$ /usr/share/ati/fglrx-uninstall.sh

Well, I am back to square one. Have to wait for another month and I hope next release will have support for kernel 2.6.29+.

Update : Drivers are working now. Move on to How To: Install ATI Catalyst (fglrx) 9.8 Drivers on Fedora 11.

 

Crack: Google Authentication Services are Vulnerable

There is a vulnerability in the way Google authentication service works. Whenever you login to any of the Google’s online services like GMail, Orkut, Groups, Docs, Youtube, Calendar etc., you are redirected to an authentication server which authenticates against the entered username and password and redirect back to the required service (GMail, Youtube etc.) setting the session variables.

Now, if you are able to grab the url used to set the session variables, you can login as the user to whom that url belongs from any machine on the Internet (need not be the machine belonging to the same subnet) without entering the username and password of the user.

The proxy servers in the organizations can be used to exploit this vulnerability. Squid is the most popular proxy server used. In the default configuration, squid strips the query terms of a url before logging. So, this vulnerability can’t be exploited. But if you turn off the stripping mechanism by adding the line shown below, then squid will log the complete url.

strip_query_terms off

So, after turning stripping mechanism off, the log will contain urls which will look like this

http://www.google.co.in/accounts/SetSID?ssdc=1&sidt=Q5UrfB0BAAA%3D.oHVGErODzffQ%2Bms%2FOKfk53g5naReDKehRNHOBsmJlBu3VTNXjF03SbgX%2FVEEhmImhR4mlu5IAAjM%2BdbuXvMMSIb0oU8IGCYpnLcSNkbCIrG%2BQnm81YmX5%2Brcrq7U6Qx65%2F1yaQ2NzgmKD94jg0Iw13iXDen3qD5qn6L%2FhmmYWwTrcOeuTzGbO%2BAehpjEU3mrWapRafaq3b4kxyigJ68s8QrGQqZTINNE%2Bs%2BoIkZWmGt5kNzoT8fkVAsWJeu3CKFkxj4oVMngeDvpwb1nyFpsJCltOzmAr46fTxVJSpvQdx0%3D.BMLtjUdIDCcuszktZSvYzA%3D%3D&continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D0%26ts%3D1226148773097%3A1226148773386%3A1226148774868%26auth%3DDQAAAIcAAAC1pPE1QT4chKgrU4B3oyKZrQRkEVPtYlclpESQoXV_d9x9gdoe75Z0hfJ_22Pn5tVMR7j-uV5YCps3NB48L0bFlDeX-4PGHVT6Loztp_ru3tAy_gxDa9_YAEbz4d9CO4wD2VTKtzax9zvpGgrnJVZQfoWPkkIomUmxDtVGoH7g3fA3UjS0vdBJ2PJtgFMElso

Replace .co.in with your tld specific to your country. If you paste this url in any browser, it’ll directly log you in and you can do whatever you want to that account. Remember that all such urls remains valid only for two minutes. So, if you use that url after two minutes, it’ll lead nowhere.

At the time of writing this post Orkut, Google Docs, Google Calendar, Google Books and Youtube are vulnerable.

So, make sure your squid has stripping mechanism turned on and your squid server is properly firewalled.

You can watch the Video proof for Orkut on Blip.tv, Youtube.