MSN Censors Your IM

Jamie ran across a story about censorship on MSN. Essentially, a number of suspicious strings result in silent failure of delivery. The strings are unsurprisingly things like .scr and .info. They've started maintaining a list if you're interested. Personally, I'd rather they fix the vulnerabilities that make those strings dangerous in the first place: it's not like IM is the only place a URL can get on your machine.

The genius that is Microsoft...

[KingSkippus]

From an article that is linked to from this one:

The link filter does not take canonical URLs into account: http: //evil.example.com/download.php and http: //evil.example.com/down%6Coad.php is the same URL, expressed in two different ways. The first one is blocked, while the second one is not.

Or for that matter, http: //tinyurl.com/z35a5.

Kind of reminds me of our software filter where I work. They blocked firefox.exe from running. My solution? I renamed the file to iexplore.exe. Worked like a charm.

It's also probably worth noting that the messages are blocked on the server, not the client. That means that it will block the message whether you're using the MSN client, Pidgin, or any other client to access MSN.

My advice: Get a frickin' Google mail account already and use Google Talk instead.

Re:Blocked firefox.exe

[lattyware]

An inept IT department?
OMFG!
Someone alert the world press!

MSN does some weiiiiiird things...

[jez9999]

Here's one it started doing since the recent MS security drive. Any file that could possibly exploit a hole in any piece of software seems to be treated with serious suspicion. Somehow, this seems to include GIF files. So, when someone tried to send me a GIF file, I get this warning. I download it anyway, and it's sitting on my hard drive. I can copy it somewhere else, open it, etc.

However - and this is the kicker - when I click on the blue link to the file in the MSN chat window, I get this dialog. Yeah, it actually DELETED the file I just downloaded. After I copied it using Explorer. And I have full access to it. Dunno who implemented that piece of genius.

Four ways to hide the .php extension

[tepples]

And what does every Linux web server come with?

Perl.

Still, the administrator of a server running PHP 5 can get scripts to run without having .php in the URL by using various forms of content negotiation:

• With Options MultiViews, the client requests /download?foo=bar. Apache HTTP Server will look for a file called download, not find it, and then search for download.* and run the first thing it finds.
• Type-mapped negotiation in Apache works much the same way, except it uses .var files (similar to Windows shortcuts) that point to your script. For instance, /download?foo=bar would reference /download.var, which points to /download.php. It's useful if you have a lot of small requests, for which the repeated directory scans performed by MultiViews might become CPU-bound.
• Rename download.php to download/index.php, and Apache will find it when it scans index.* to display a default page for a directory.
• Last but not least, mod_rewrite.

Re:Four ways to hide the .php extension

[Zonk+(troll)]

Or, do it the way I do.

1. Name the PHP file "download".
2. Use this option either in httpd.conf or .htaccess:

<Files /path/to/file/download>
SetHandler application/x-httpd-php
</Files>

3. Access it like:
http://localhost/download or accept arguments like http://localhost/download/file.odt

If you want to get what comes after the slash, this is all you need:

$thePath = explode("/",ereg_replace($_SERVER['SCRIPT_NAME']," ",$_SERVER['REQUEST_URI']));


file.odt would be located in $thePath[1].

Re:-gasp- Slashdot, too!

[glitch23]

Ah, the northern Uk town of Scunthorpe has been affected by this problem for some time now. I think a "Scun" must be a rude word in American English or something.

No, it's "Thor". We don't like Scandinavians.