Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSN Censors Your IM

Posted by CmdrTaco on from the its-for-your-own-good dept.

Jamie ran across a story about censorship on MSN. Essentially, a number of suspicious strings result in silent failure of delivery. The strings are unsurprisingly things like .scr and .info. They've started maintaining a list if you're interested. Personally, I'd rather they fix the vulnerabilities that make those strings dangerous in the first place: it's not like IM is the only place a URL can get on your machine.

3 of 287 comments (clear)

  1. The genius that is Microsoft... by KingSkippus · · Score: 5, Informative

    From an article that is linked to from this one:

    The link filter does not take canonical URLs into account: http: //evil.example.com/download.php and http: //evil.example.com/down%6Coad.php is the same URL, expressed in two different ways. The first one is blocked, while the second one is not.

    Or for that matter, http: //tinyurl.com/z35a5.

    Kind of reminds me of our software filter where I work. They blocked firefox.exe from running. My solution? I renamed the file to iexplore.exe. Worked like a charm.

    It's also probably worth noting that the messages are blocked on the server, not the client. That means that it will block the message whether you're using the MSN client, Pidgin, or any other client to access MSN.

    My advice: Get a frickin' Google mail account already and use Google Talk instead.

  2. Four ways to hide the .php extension by tepples · · Score: 5, Informative

    And what does every Linux web server come with?

    Perl.

    Still, the administrator of a server running PHP 5 can get scripts to run without having .php in the URL by using various forms of content negotiation:

    • With Options MultiViews, the client requests /download?foo=bar. Apache HTTP Server will look for a file called download, not find it, and then search for download.* and run the first thing it finds.
    • Type-mapped negotiation in Apache works much the same way, except it uses .var files (similar to Windows shortcuts) that point to your script. For instance, /download?foo=bar would reference /download.var, which points to /download.php. It's useful if you have a lot of small requests, for which the repeated directory scans performed by MultiViews might become CPU-bound.
    • Rename download.php to download/index.php, and Apache will find it when it scans index.* to display a default page for a directory.
    • Last but not least, mod_rewrite.
    1. Re:Four ways to hide the .php extension by Zonk+(troll) · · Score: 5, Informative

      Or, do it the way I do.

      1. Name the PHP file "download".
      2. Use this option either in httpd.conf or .htaccess:

      <Files /path/to/file/download>
      SetHandler application/x-httpd-php
      </Files>

      3. Access it like:
      http://localhost/download or accept arguments like http://localhost/download/file.odt

      If you want to get what comes after the slash, this is all you need:

      $thePath = explode("/",ereg_replace($_SERVER['SCRIPT_NAME']," ",$_SERVER['REQUEST_URI']));


      file.odt would be located in $thePath[1].

      --
      "The Federal Reserve is a fraudulent system."--Lew Rockwell
      End The FED. -