Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble

Rss Bot

Members
 View Profile  See their activity

  • Content Count

    16,684

  • Joined

  • Last visited

    Never

  • Feedback

    N/A

Everything posted by Rss Bot

  1. Rss Bot
    You're reading 4 Ways to Improve Usability and User Experience by Decluttering Designs, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! We often speak about decluttering in the sense of physical stuff like closets or storage. But, we can also speak about decluttering designs too. Decluttering can help improve usability and the user experience on websites. Here are four tips for decluttering you designs. 1. Shorten the Copy Dating back to 1997, Nielsen Norman Group conducted […] View the full article
  2. Rss Bot
    You're reading Our Favorite WordPress Themes of 2016, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Every fourth site you came across on the web is made on WordPress. More than 60 million websites are running the popular CMS to present ideas, promote services or sell products. Bloggers, designers, corporate entities, news magazines, banks, NGOs and many other individuals and organizations rely on WordPress to maintain an online presence. Launched 13 […] View the full article
  3. Rss Bot
    You're reading Which Languages Should I Learn for Web Development?, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Getting started with web development can be strenuous and confusing. There’s so much to learn and you have so many different options for languages, frameworks, and open source projects to choose from. Where do you even start? There is no single correct answer but there is a natural progression that most developers take. It’s easier […] View the full article
  4. Rss Bot
    You're reading Top 50 Fonts of 2016, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Typography is an art combining perspective, technique and ingenuity. A great design comes with great typography. Whether you are creating for web or print, designing brochures or user interfaces, developing a brand identity or creating a logo, one of the key elements of a successful project is the typeface you are using. In fact, the […] View the full article
  5. Rss Bot
    You're reading Adobe Introduces Project Felix, Sensei, Updates Creative Cloud and More, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! This year Adobe’s MAX conference brought a lot of exciting news and product updates. While there is nothing out of the extraordinary in the updates for Photoshop and Illustrator, the Creative Cloud received a significant boost in creativity and an AI personality. The star of Adobe Max 2016 is Adobe Sensei, an advanced machine learning […] View the full article
  6. Rss Bot
    You're reading WebAssembly Now in Browser Preview Mode, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Major browser vendors have agreed to implement a new web standard that will bring near native performance to the web for online games, music and video streaming, AR and VR, and other applications. The result, WebAssembly, is a portable, cross-vendor, cross-language, size and load time Abstract Syntax Tree (AST) that gets stored in a binary […] View the full article
  7. Rss Bot
    You're reading How to Create Checkout Form Using HTML, CSS3 and jQuery, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Topic: HTML / CSS3 / jQuery Difficulty: Intermediate Estimated Completion Time: 30 minutes Hello, everyone! In this tutorial, we are going to create a Shopping Checkout Form using HTML, CSS3 and a little bit of jQuery. We’re going to use Google Fonts for this tutorial, specifically Montserrat. HTML The first thing we need to do […] View the full article
  8. Rss Bot
    You're reading Tips for Creating a Great Personal Online Portfolio, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! As a designer I think we’ve all experienced the difficulty of creating something personal, including a portfolio. You end up spending countless hours in Photoshop, trying a hundred different things and after two months you realize that your homepage still says “under construction.” This might not be the case for everybody, but being my own […] View the full article
  9. Rss Bot
    You're reading Node.js v7 Has Arrived, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! The Node.js Foundation released version 7 of the ubiquitous Node.js JavaScript runtime environment. With the io.js phenomena a thing of the past, thinks are looking great for Node.js. Today, Node.js is being adopted at an increasing pace by enterprises seeking to gain a competitive advantage. Benefitting from rapid I/O, Node.js produces fast, responsive load times […] View the full article
  10. Rss Bot
    You're reading A Design Workflow Comparison: Photoshop vs Illustrator vs Sketch, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! The ever-expanding world of design can be tough to comprehend as a newcomer. With so many tools and techniques available it’s hard to know where to start. Three of the most widely used design programs are Adobe Photoshop, Adobe Illustrator, and the newer Sketch by Bohemian Coding. In this guide I want to compare these […] View the full article
  11. Rss Bot
    You're reading A Design Workflow Comparison: Photoshop vs Illustrator vs Sketch, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! The ever-expanding world of design can be tough to comprehend as a newcomer. With so many tools and techniques available it’s hard to know where to start. Three of the most widely used design programs are Adobe Photoshop, Adobe Illustrator, and the newer Sketch by Bohemian Coding. In this guide I want to compare these […] View the full article
  12. Rss Bot
    You're reading Top 5 Underutilized Web Performance Tricks for WordPress, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Most of us know by now that speed is a ranking factor with Google. What this means is that WordPress sites that load faster will have a bigger advantage in Google over those that don’t. So it is very important that your WordPress site loads as fast as possible, especially on mobile. And besides the ranking […] View the full article
  13. Rss Bot
    You're reading Top 5 Underutilized Web Performance Tricks for WordPress, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Most of us know by now that speed is a ranking factor with Google. What this means is that WordPress sites that load faster will have a bigger advantage in Google over those that don’t. So it is very important that your WordPress site loads as fast as possible, especially on mobile. And besides the ranking […] View the full article
  14. Rss Bot
    You're reading Simbla: Responsive Website Maker, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! It’s no longer surprising that we now have the freedom to make our own websites without having any prior knowledge of code, thanks to the various website makers available. But to find a top website maker that renders this process efficient and easy is something else. Fortunately, Simbla is a top website maker that accommodates […] View the full article
  15. Rss Bot
    You're reading Simbla: Responsive Website Maker, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! It’s no longer surprising that we now have the freedom to make our own websites without having any prior knowledge of code, thanks to the various website makers available. But to find a top website maker that renders this process efficient and easy is something else. Fortunately, Simbla is a top website maker that accommodates […] View the full article
  16. Rss Bot
    You're reading Emotional Intelligence and the Uncomfortable Side of Design, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! In March 2016, Twitter celebrated its 10th birthday. It was a day filled with pride for the company and many of its followers. In order to make the day amazing for its users, Twitter released a delightful like/heart button animation. It was awesome, but as soon as the day was over the animation was gone […] View the full article
  17. Rss Bot
    You're reading Emotional Intelligence and the Uncomfortable Side of Design, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! In March 2016, Twitter celebrated its 10th birthday. It was a day filled with pride for the company and many of its followers. In order to make the day amazing for its users, Twitter released a delightful like/heart button animation. It was awesome, but as soon as the day was over the animation was gone […] View the full article
  18. Rss Bot
    You're reading Linux Foundation Launches JS Foundation, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! JavaScript is a high-level, dynamic, untyped and interpreted programming language used in most modern day web applications. With thousands of modules in NPM, the JavaScript ecosystem is the largest open source platform. And while the language is standardized in a vendor-neutral ECMAScript language specification, the ecosystem is deeply convoluted and fragmented. To address this issue, […] View the full article
  19. Rss Bot
    You're reading Linux Foundation Launches JS Foundation, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! JavaScript is a high-level, dynamic, untyped and interpreted programming language used in most modern day web applications. With thousands of modules in NPM, the JavaScript ecosystem is the largest open source platform. And while the language is standardized in a vendor-neutral ECMAScript language specification, the ecosystem is deeply convoluted and fragmented. To address this issue, […] View the full article
  20. Rss Bot
    By Behzad Najjarpour Jabbari, Senior Security Specialist On October 18, 2016, Oracle released an update for Oracle Outside-In Technology as part of the Oracle Critical Patch Update for October 2016 [1] to fix a heap-based buffer overflow and a use-after-free vulnerability that have been discovered by Secunia Research [2]. Both of which may ultimately result in a system compromise through an application that uses and exposes the affected functionality of Oracle Outside-In Technology and thus are rated as “Highly Critical” by Secunia Research. Additionally, Oracle addressed three further vulnerabilities discovered by Secunia Research that may result in a so-called "Denial of Service" (DoS) condition of an application using Oracle Outside-In Technology. This blog post focusses on the heap-based buffer overflow vulnerability. Product Background: Oracle Outside-In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats [3]. This Oracle product... View the full article
  21. Rss Bot
    On October 18, 2016, Oracle released an update for Oracle Outside-In Technology as part of the Oracle Critical Patch Update for October 2016 [1] to fix a heap-based buffer overflow and a use-after-free vulnerability that have been discovered by Secunia Research [2]. Both of which may ultimately result in a system compromise through an application that uses and exposes the affected functionality of Oracle Outside-In Technology and thus are rated as “Highly Critical” by Secunia Research. Additionally, Oracle addressed three further vulnerabilities discovered by Secunia Research that may result in a so-called “Denial of Service” (DoS) condition of an application using Oracle Outside-In Technology. This blog post focusses on the heap-based buffer overflow vulnerability. Product Background: Oracle Outside-In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats [3]. This Oracle product is frequently bundled and used in many popular applications such as Microsoft Exchange, Novell GroupWise, and IBM WebSphere Portal. File Format Background: StarWriter files (SDW) are the default file format used by the StarWriter component of StarOffice versions prior to 5.x. Vulnerability Summary: The vulnerability is caused due to a boundary error within the “VwStreamRead()” function (vssdw.dll), which can be exploited to cause an out-of-bounds write memory access via a specially crafted SDW file and subsequently cause a crash of, or potentially execute arbitrary code within the context of, an application using the product Oracle Outside-In. The vulnerability is confirmed in version 8.5.3 (vssdw.dll version 8.5.3.1604151004). Technical Details: A fixed-size heap memory block gets allocated by “VwAllocProc()” function, which is being used while processing SDW files: .text:67AA1400 push esi .text:67AA1401 push 8FCh ; dwBytes .text:67AA1406 push 0 ; dwFlags .text:67AA1408 call ds:GetProcessHeap .text:67AA140E push eax ; hHeap .text:67AA140F call ds:HeapAlloc .text:67AA1415 mov esi, eax .text:67AA1417 test esi, esi .text:67AA1419 jnz short loc_67AA141D .text:67AA141B pop esi .text:67AA141C retn .text:67AA141D ; --------------------------------------------------------------------------- .text:67AA141D .text:67AA141D loc_67AA141D: ; CODE XREF: VwAllocProc+19 .text:67AA141D push 8FCh ; size_t .text:67AA1422 push 0 ; int .text:67AA1424 push esi ; void * .text:67AA1425 call memset .text:67AA142A add esp, 0Ch .text:67AA142D mov [esi+8F8h], esi .text:67AA1433 mov eax, esi .text:67AA1435 pop esi .text:67AA1436 retn .text:67AA1436 VwAllocProc endp The function “VwStreamRead()” uses and manages this memory block while processing the SDW file. After some initialization, the function tries to read the bitmap stream embedded in the SDW file: .text:67AA39F3 loc_67AA39F3: ; CODE XREF: VwStreamRead+13A4 .text:67AA39F3 mov eax, [esi+3Ch] .text:67AA39F6 dec dword ptr [eax] .text:67AA39F8 js short loc_67AA3A09 .text:67AA39FA mov ecx, [esi+3Ch] .text:67AA39FD mov eax, [ecx+10h] .text:67AA3A00 movzx edx, byte ptr [eax] .text:67AA3A03 inc eax .text:67AA3A04 mov [ecx+10h], eax .text:67AA3A07 jmp short loc_67AA3A17 .text:67AA3A09 ; --------------------------------------------------------------------------- .text:67AA3A09 .text:67AA3A09 loc_67AA3A09: ; CODE XREF: VwStreamRead+1378 .text:67AA3A09 push dword ptr [esi+3Ch] .text:67AA3A0C call sub_67AA3D90 .text:67AA3A11 add esp, 4 .text:67AA3A14 movsx edx, ax .text:67AA3A17 .text:67AA3A17 loc_67AA3A17: ; CODE XREF: VwStreamRead+1387 .text:67AA3A17 movzx eax, di .text:67AA3A1A inc edi .text:67AA3A1B mov [eax+esi+470h], dl .text:67AA3A22 test dl, dl .text:67AA3A24 jnz short loc_67AA39F3 This loop ends when it reaches a Null byte in the stream. As the stream is user-controlled and there are no boundary checks, it’s possible to trigger an out-of-bounds write memory access. By overwriting vftable pointers, it’s possible to change the application’s flow: .text:67AA3A59 lea ecx, [esi+470h] .text:67AA3A5F lea eax, [edi-2] .text:67AA3A62 mov [ecx], ax .text:67AA3A65 push dword ptr [esi+8F0h] .text:67AA3A6B mov eax, [esi+854h] .text:67AA3A71 push dword ptr [esi+8ECh] .text:67AA3A77 push ecx .text:67AA3A78 push edi .text:67AA3A79 push 326h .text:67AA3A7E call eax .text:67AA3A80 push dword ptr [esi+8F0h] .text:67AA3A86 mov eax, [esi+854h] .text:67AA3A8C push dword ptr [esi+8ECh] .text:67AA3A92 push 0 .text:67AA3A94 push 0 .text:67AA3A96 push 327h .text:67AA3A9B call eax .text:67AA3A9D push dword ptr [esi+8F0h] .text:67AA3AA3 mov eax, [esi+854h] .text:67AA3AA9 mov ebx, 1 .text:67AA3AAE push dword ptr [esi+8ECh] .text:67AA3AB4 push 0 .text:67AA3AB6 push 0 .text:67AA3AB8 push 325h .text:67AA3ABD call eax .text:67AA3ABF mov eax, 0E10h .text:67AA3AC4 add esp, 3Ch .text:67AA3AC7 cmp word ptr [esp+0D8h+var_C4], ax 0:000> g ModLoad: 777d0000 77830000 C:WindowsSysWOW64IMM32.DLL ModLoad: 75f40000 7600c000 C:Windowssyswow64MSCTF.dll ModLoad: 709c0000 709ea000 C:UsersbehzadDesktopvw-8-5-3-win-x86-32sdkdemoscclo.dll ModLoad: 709b0000 709bb000 C:UsersbehzadDesktopvw-8-5-3-win-x86-32sdkdemoSCCSD.DLL ModLoad: 709a0000 709ad000 C:UsersbehzadDesktopvw-8-5-3-win-x86-32sdkdemoSCCXT.DLL ModLoad: 70990000 70999000 C:UsersbehzadDesktopvw-8-5-3-win-x86-32sdkdemovssdw.dll (c04.f64): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=34333231 ebx=00000d0d ecx=070bdb70 edx=00000000 esi=070bd700 edi=0001041d eip=34333231 esp=0044e6bc ebp=070bffd8 iopl=0 nv up ei ng nz ac pe cy cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010297 34333231 ?? This control puts an attacker ultimately in the position to potentially compromise an application using Oracle Outside-In Technology. References: [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixFMW[2] http://secunia.com/advisories/65000/[3] http://www.oracle.com/us/technologies/embedded/025613.htm View the full article
  22. Rss Bot
    You're reading Typography Cheat Sheet [Infographic], originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Understanding type can be one of the most difficult elements of design. There’s a lot of terminology and lingo that type designers (and designers, in general) use when talking about lettering. Sometimes it can be tough to decipher it all. If you find yourself wondering what the difference between a hook and a counter are […] View the full article
  23. Rss Bot
    You're reading Typography Cheat Sheet [Infographic], originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Understanding type can be one of the most difficult elements of design. There’s a lot of terminology and lingo that type designers (and designers, in general) use when talking about lettering. Sometimes it can be tough to decipher it all. If you find yourself wondering what the difference between a hook and a counter are […] View the full article
  24. Rss Bot
    You're reading Google Releases Chrome 54, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Google updated the Chrome desktop browser with Custom Elements V1, BroadcastChannel and more. Wednesday, the Google updated to Chrome 54 and will be rolling out on Windows, Mac and Linux in the upcoming days. If Google nicknamed its browser releases, then Chrome 54 should have been named “Desserts for Developers.” Along with the usual bug […] View the full article
  25. Rss Bot
    You're reading Google Releases Chrome 54, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Google updated the Chrome desktop browser with Custom Elements V1, BroadcastChannel and more. Wednesday, the Google updated to Chrome 54 and will be rolling out on Windows, Mac and Linux in the upcoming days. If Google nicknamed its browser releases, then Chrome 54 should have been named “Desserts for Developers.” Along with the usual bug […] View the full article
×