For those that are SO lazy that you can't click on the link:
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:
A cross-site scripting vulnerability in a Local HTML Resource. IE ships with several files that contain HTML on the local file system to provide functionality. One of these files contains a cross-site scripting vulnerability that could allow a script to execute as if it were run by the user herself, causing it to run in the local computer zone. An attacker could craft a web page with a URL that exploits this vulnerability and then either host that page on a web server or send it as HTML email. When the web page was viewed and the user clicked on the URL link, the attacker's script injected into the local resource, the attacker's script would run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.
An information disclosure vulnerability related to the use of am HTML object provides that support for Cascading Style Sheets that could allow an attacker to read, but not add, delete or change, data on the local system. An attacker could craft a web page that exploits this vulnerability and then either host that page on a web server or send it as HTML email. When the page was viewed, the element would be invoked. Successfully exploiting this vulnerability, however, requires exact knowledge of the location of the intended file to be read on the user's system. Further, it requires that the intended file contain a single, parcicular ASCII character.
An information disclosure vulnerability related to the handling of script within cookies that could allow one site to read the cookies of another. An attacker could build a special cookie containing script and then construct a web page with a hyperlink that would deliver that cookie to the user's system and invoke it. He could then send that web page as mail or post it on a server. When the user clicked the hyperlink and the page invoked the script in the cookie, it could potentially read or alter the cookies of another site. Successfully exploiting this, however, would require that the attacker know the exact name of the cookie as stored on the file system to be read successfully.
A zone spoofing vulnerability that could allow a web page to be incorrectly reckoned to be in the Intranet zone or, in some very rare cases, in the Trusted Sites zone. An attacker could construct a web page that exploits this vulnerability and attempt to entice the user to visit the web page. If the attack were successful, the page would be run with fewer security restrictions than is appropriate.
Two variants of the "Content Disposition" vulnerability discussed in Microsoft Security Bulletin MS01-058 affecting how IE handles downloads when a downloadable file's Content-Disposition and Content-Type headers are intentionally malformed. In such a case, it is possible for IE to believe that a file is a type safe for automatic handling, when in fact it is executable content. An attacker could seek to exploit this vulnerability by constructing a specially malformed web page and posting a malformed executable file. He could then post the web page or mail it to the intended target. These two new variants differ from the original vulnerability in that they for a system to be vulnerable, it must have present an application present that, when it is erroneously passed the malformed content, chooses to hand it back to the operating system rather than immediately raise an error. A successful attack, therefore, would require that the attacker know that the intended victim has one of these applications present on their system.
Finally, it introduces a behavior change to the Restricted Sites zone. Specifically, it disables frames in the Restricted Sites zone. Since the Outlook Express 6.0, Outlook 98 and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 all read email in the Restricted Sites zone by default, this enhancement means that those products now effectively disable frames in HTML email by default. This new behavior makes it impossible for an HTML email to automatically open a new window or to launch the download of an executable.
This rugged home lighting system will allow people in some of the poorest and least developed rural communities to light up their homes and raise their quality of living
Remind me how exactly having to ride an exercise bike to generate electricity would raise my quality of living? I'm not in a place without power, but I seriously don't think I'd be buying this (probably expensive) device when a few lanterns would do just fine. (Although I MIGHT be tempted to get the whole hookup just so I could use my computer.)
I wonder if the areas that don't have electricity have broadband??? DOH!
But playing the game encourages you to relax. And if you get a lot of practice relaxing, you can apply that to real world situations where you need to relax.
It's almost like training yourself to build up your relaxation "muscle"...
On top of that, the 50% pay cut only applies to ONE paycheck of bi-weekly employees. I think most people missed that. They're actually getting 75% of one month's salary.
I'm now 99% sure it was ViewS. I downloaded it from http://www.sac.sk/files.asp?name=UTILTEXT&page=1&i snew=3&letter=V , and the memories come flooding back (even though it creates an error in XP when you try to exit.)
I remember playing a Wolfenstien3d mod that replaced most of the Nazis with Barney. I found it around 1993, but it had probably been around much longer. There was a lengthy story in which Barney incited the children of the world to revolt and kill anyone over 13. It came with a DOS-based text editor that "glided" text onto the page (scrolling was very smooth.) It was a really cool story, and I've been looking for that text editor for the past few years, but have been unable to find it...
Ok... so they can now make 3 times as many Playstation 2's as possible... I don't know about where you live, but here there's not exactly a shortage of PS2's. What does increased production mean? Certainly not improved sales... To me, all that means is more units sitting on the shelf.
A website listing the 10 largest companies with Administrator password == NULL
Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.
Actually, about 3 months ago I put Win95 (sr2) on my Pentium 3 laptop (512mb RAM). It ran like a DREAM! I hated moving to XP (I had to for driver support, but I'm thinking about switching back and just ignoring the lack of drivers...)
This is news???? How many people here didn't know that this was Microsoft's stance on this? It's like someone found a slashdot post from 6 years ago (Win95), and just pasted it here verbatim...
Unfortunately, it is only for spammers located in state. From the TN law (here),
No person or entity conducting business in this state shall facsimile (fax) or cause to be faxed, or e-mail or cause to be e-mailed, documents consisting of unsolicited advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services...
I did a little bit of research last week on Spam laws in my home state (Tennessee) According to Tennessee Spam laws, if a company based in Tennessee spams you after you have requested they remove your name, you can sue them for up to $5000 per day they continue to spam them. I found out about this law at SueSpammers.org.
Incidentally, I have a spamcop IMAP e-mail account that filters out potential spam. There was one guy from Canada that kept spamming me over and over. I noticed that the unsubscribe link (which I had tried twice) pointed to a top level domain. Using Internic's WHOIS, I got the jerk's home address, phone number, and e-mail address. Luckily in this case it wasn't forged. After personally contacting him (and threatening legal action), I have gotten no spam from his "company" in 1 week. (Funny thing is, Canada has no anti-spam laws... it was all BSing)
This gives all new meaning to the term "frisbee" being used for bad CDRs. All they need now is a little ridge around the edge and they could be dual purpose frisbee-cd's.
I agree with you totally... I just don't like the fact that the Slashdot community in general is ready to condemn anything Microsoft before they've even heard about it. It doesn't matter what it is.. if it comes from Microsoft, it's bad. If the SAME THING comes from Red Hat, I guarantee you'll see a post on slashdot praising them for their ingenuity!;P
Slashdot Mirror
For those that are SO lazy that you can't click on the link:
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and 6.0. In addition, it eliminates the following six newly discovered vulnerabilities:
Finally, it introduces a behavior change to the Restricted Sites zone. Specifically, it disables frames in the Restricted Sites zone. Since the Outlook Express 6.0, Outlook 98 and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 all read email in the Restricted Sites zone by default, this enhancement means that those products now effectively disable frames in HTML email by default. This new behavior makes it impossible for an HTML email to automatically open a new window or to launch the download of an executable.
Don't they realize that they can't patent the Humouse? The creators of Stuart Little have prior works...
This rugged home lighting system will allow people in some of the poorest and least developed rural communities to light up their homes and raise their quality of living
Remind me how exactly having to ride an exercise bike to generate electricity would raise my quality of living? I'm not in a place without power, but I seriously don't think I'd be buying this (probably expensive) device when a few lanterns would do just fine. (Although I MIGHT be tempted to get the whole hookup just so I could use my computer.)
I wonder if the areas that don't have electricity have broadband??? DOH!
Better yet, imagine a device where you got shocked every time you did relax. Talk about a torture device...
But playing the game encourages you to relax. And if you get a lot of practice relaxing, you can apply that to real world situations where you need to relax.
It's almost like training yourself to build up your relaxation "muscle"...
Did he say FFX? Because I could swear he said Final Fantasy 11...
On top of that, the 50% pay cut only applies to ONE paycheck of bi-weekly employees. I think most people missed that. They're actually getting 75% of one month's salary.
I'm now 99% sure it was ViewS. I downloaded it from http://www.sac.sk/files.asp?name=UTILTEXT&page=1&i snew=3&letter=V , and the memories come flooding back (even though it creates an error in XP when you try to exit.)
It's at http://web.archive.org/web/19991012141834/http://h ome.earthlink.net/~bcbull/dotb.htm
Isn't it great how archive.org keeps stuff around just for situations like this???
No.. actually what I was looking for had a smooth scroll enabled by default which made it much easier to read long texts...
Yep.. that's the story. I'll check it out. Thanks a lot!
I remember playing a Wolfenstien3d mod that replaced most of the Nazis with Barney. I found it around 1993, but it had probably been around much longer. There was a lengthy story in which Barney incited the children of the world to revolt and kill anyone over 13. It came with a DOS-based text editor that "glided" text onto the page (scrolling was very smooth.) It was a really cool story, and I've been looking for that text editor for the past few years, but have been unable to find it...
Don't people watch the movies??? HAL has already simulated all that stuff... ;)
Ok... so they can now make 3 times as many Playstation 2's as possible... I don't know about where you live, but here there's not exactly a shortage of PS2's. What does increased production mean? Certainly not improved sales... To me, all that means is more units sitting on the shelf.
Here's what is next:
A website listing the 10 largest companies with Administrator password == NULL
Bleh... I've used Netcraft. It's pretty nice... you can find out what version of different software a webserver is running. Web pages like this though should emphasize how important it is to stay on top of the latest bugfixes... As often as exploits get posted for now outdated versions of software, not keeping things up-to-date is like hanging a "HackMePlease" sign on your back.
Actually, about 3 months ago I put Win95 (sr2) on my Pentium 3 laptop (512mb RAM). It ran like a DREAM! I hated moving to XP (I had to for driver support, but I'm thinking about switching back and just ignoring the lack of drivers...)
This is news???? How many people here didn't know that this was Microsoft's stance on this? It's like someone found a slashdot post from 6 years ago (Win95), and just pasted it here verbatim...
You may be on crack, but you're not hallucinating here. Slashdot did that on purpose. Go here:
http://apple.slashdot.org/
Hehe... ummmm... (looks around shiftily)... I dunno. I'd have to ask a lawyer, and I'm not one. :)
And if I'm lucky, it might cover my legal fees... ;P
I did a little bit of research last week on Spam laws in my home state (Tennessee) According to Tennessee Spam laws, if a company based in Tennessee spams you after you have requested they remove your name, you can sue them for up to $5000 per day they continue to spam them. I found out about this law at SueSpammers.org.
Incidentally, I have a spamcop IMAP e-mail account that filters out potential spam. There was one guy from Canada that kept spamming me over and over. I noticed that the unsubscribe link (which I had tried twice) pointed to a top level domain. Using Internic's WHOIS, I got the jerk's home address, phone number, and e-mail address. Luckily in this case it wasn't forged. After personally contacting him (and threatening legal action), I have gotten no spam from his "company" in 1 week. (Funny thing is, Canada has no anti-spam laws... it was all BSing)
This gives all new meaning to the term "frisbee" being used for bad CDRs. All they need now is a little ridge around the edge and they could be dual purpose frisbee-cd's.
And why don't you READ MY POST?
"Don't get me wrong... there are plenty of disadvantages, but WE CAN'T FOOL OURSELVES INTO THINKING THAT ALL THINGS MICROSOFT ARE BAD "
I agree with you totally... I just don't like the fact that the Slashdot community in general is ready to condemn anything Microsoft before they've even heard about it. It doesn't matter what it is.. if it comes from Microsoft, it's bad. If the SAME THING comes from Red Hat, I guarantee you'll see a post on slashdot praising them for their ingenuity! ;P