JoinRed, Microsoft and Dell Today i got to know about and the new Red series computers by Dell featuring a customized version of Windows Vista. It is a cause to end AIDS in Africa.

Here is what the website has to say

Bono, co-founder of (RED); Bill Gates, founder and Chairman of Microsoft; and Michael Dell, founder and Chairman of Dell; together at the World Economic Forum announce that Dell and Microsoft are joining (RED) to help fight AIDS in Africa, with the introduction of a series of Dell (PRODUCT) RED personal computers powered by Windows Vista Ultimate (PRODUCT) RED.

Just take a look at the homepage here.

I wonder when i would be able to see any (Red) products in my country. Transecute Gateway Error Transecute Gateway Error, originally uploaded by asim.zeeshan.

Take  a look at this one. This is, one of India’s largest domain registrar and this is what i get when i try to add funds … huh!! what a service.

What if there is a situation when you need to add funds to protect a domain from being deleted? is it really reliable !????

PHP Cheat Sheet

PHP Cheat Sheet, originally uploaded by Dave Child (ILoveJackDaniels).

PHP Cheat Sheet from, there are more available from the following URL:

If you prefer Flickr then visit here.

phpMyChat Vulnerability – seeking help from the officials

A post from my old blog (archives):

On May 5th 2005, we had to close our chat room because of some “bad users” getting into the chat room using the vulnerability in phpMyChat that allows a remote user to bypass authentication. I looked at the vendor’s website but to my surprise the development is put to a full stop. There was no official or unofficial patch for the above problem. While I was looking for a patch i found numerous security monitoring websites that has listed this and many other BUGS since June 2004 (almost a year ago). I was like;

“The security holes were discovered almost a year before but there is no, absolutely NO comment over that. An immediate patch is also missing. The point to note is that since 2002, phpMyChat is included in CPanel the most popular and widely used linux based hosting control panel.”

Luckily I found the Official Support Discussion List of phpMyChat, and i immediately posted my query there on 8th July, 2005 but to my surprise i got this reply

“I checked out the and tried some of the exploits myself, and at leat the first script. None of them actually do anything. The first script reports a successful transaction, but I see that no actual changed take place in the database. I tried injecting some SQL too, and no luck. However, I still have to explore some of this further. The exploits DO allow somebody to see a user list without logging in. Big whoop. But then, I might be missing some steps, so don’t take this as saying that phpMyChat is secure.”

It seems that no one is paying attention to the serious/critical Vulnerabilities found in phpMyChat 0.14.x reported in June 2004 (last year). No patch is available both officially and unofficially. And i am surprized to see that no one here, even knows that these security holes exist in the software. The community and the admins are sleeping since years. I posted some replies and made them realize that this is not an ignorable issue and that they must wake-up and at least release a patch for it before they give me the
solution to replace it with another chat script.

Some of the websites that listed phpMyChat Vulnerabilities in detail are:

  1. Security Tracker Alert for phpMyChat 0.14.x
  2. PHPMyChat Vulnerabilities EXPLAINED with CODES
  3. Secunia Vulnerability Report – phpMyChat 0.14.x
  4. SecurityFocus Newsletter #254 dated 21st June 2004 (a year old, read section ’27’)
  5. PHPMyChat Multiple Vulnerabilities

I hope i will get a satisfactory reply and a patch to fix the vulnerabilities.

Update: It really does not matter if phpMyChat works or not since i am using FlashChat for the last many months and i am satisfied with its performance.

Three on a bike, two of them are new Traffic Police sargents

Three on a bike, two of them are new Traffic Police sargents, originally uploaded by asim.zeeshan.

lol, here is one picture from my Flickr account that i took in December 2007.

Please use freely but give credit where it is due. Enjoy!

Domain Tasting ends in 2008

Yes you heard it right, Domain Tasting will end in 2008. This year i have been seeing some positive motion to end this domain-tasting/front-running and i am hopeful that it will be at least minimized to greater extent if not stopped completely.

This is what DomainTools Blog comments on it:

The ICANN board just passed the following motion to end Domain Tasting, “THEREFORE, the Board resolves to encourage ICANN’s budgetary process to include fees for all domains added, including domains added during the AGP, and encourages community discussion involved in developing the ICANN budget, subject to both Board approval and registrar approval of this fee.

It did not directly deal a death blow to tasting, but it was a definitive motion that will kill it this year. This policy is expected to go into effect when the new budget is approved, and that process typically happens in the summer.

Read more about this @ Domain Tools Blog here

Those of you who might be wondering what is Domain Tasting, well this is what WikiPedia has to say

Domain tasting is the practice of a domain name registrant using the five-day “grace period” at the beginning of the registration of an ICANN-regulated second level domain to test the marketability of the domain. During this period, when a registration must be fully refunded by the domain registry, a cost-benefit analysis is conducted by the registrant on the viability of deriving income from advertisements being placed on the domain’s web site.

Domains that are deemed “successes” and retained in registrant’s portfolio often represent domains that were previously used and have since expired, misspellings of other popular sites, or generic terms that may receive type-in traffic. These domains are usually still active in search engines and other hyperlinks and therefore receive enough traffic such that advertising revenue exceeds the cost of the registration. The registrant may also derive revenue from eventual sale of the domain, at a premium, to a third party.

Continue reading