Monday, October 14, 2013

The unfortunate cookies

Cookies sent over plain HTTP to Google websites can reveal information about a user


Disclaimer
The following has been reported to Google and is considered not an issue

Recently while visiting Google scholar I noticed that on the top right corner my Google username was displayed.

This appeared to me very strange, since I was not accessing this service using HTTPs. I fired up Wireshark and I revisited scholar once again. From the captured traffic it was obvious that my browser was sending a bunch of cookies over plain HTTP. I stored these cookies to a file, I imported them to a Firefox private browsing window and I visited Google scholar once again. To my surprise my username was still there. Moreover I was able to see my citations and my updates just like if I was signed in. By observing the cookies I noticed that most of them were for the domain *.google.gr, so as next step I visited http://www.google.gr/ig  in the same private session: all gadgets that do not require authentication (like weather) were there!

But the surprises continued. I edited the cookies file and I replaced the domain *.google.gr with *.youtube.com, I loaded the new file in a new Firefox private browsing window and I visited http://www.youtube.com. As it can be observed from the screenshot, my username, my subscriptions, as well as posts of my friends in google+, all were there!


It is astonishing how much information about a user can be gained simple by monitoring a mere HTTP session. 

Edit 1:
Even if the user logs out, the captured cookies continue to reveal the same information


Monday, August 12, 2013

Convert video files and embed subtitles using VLC

VLC player, by VideoLAN, is a handy media player with many features. VLC, among other things, enables the conversion of video files, from one format to another, enabling the same time the incorporation of subtitles.

Suppose that  we want to convert an h.254 video file to DivX with embedded subtitles. Suppose also that subtitles are stored in a separate (.srt) file with the same name as the video file.  Here are the steps that should be followed:

Run VLC and from the Media menu, select Convert/Save (Ctrl + R).

Select Convert/Save

In the file selection area, press Add, and choose the video file to be converted. Moreover, on the button-left menu press the arrow and select  Convert.

Select the Convert optionn

In the Destination area, press Browse, and select where your file should be saved (Note that you have to add the filename as well the extension). In the Settings area, select the Convertion profile and press the Edit selected profile button.

Press the button marked with the black square

In the new window select the Subtitles tab, check the Subtitles check box, select DVB subtitle on the listbox on the left, and check the Overlay subtitles on the video check box. Then press Save.

Subtitle options

Now by pressing Start, your video will be converted to desired format and the subtitles will be embedded in the output video file.