You heard it here first on slashdot. I haven't posted this to any security lists yet. I just proved this on my system 5 minutes ago.
IDN Allows Bypass of Mozilla's "Allowed Sites" List
Background:
DN[International Domain Name] support in Mozilla allows bypass of 'Allow Sites'.
Problem is caused in the way Mozilla handles IDN when used to handle checking of the
list of allowed sites.
Example:
<a href='http://update.xn--mozill-8nf.org/ malicious.xpi'>Friendly Extension Name</a > Update.mozilla.org will be checked against the whitelist instead of update.xn--mozill-8nf.org.
Threat:
Exploit could be used to trick users into installing malicious extensions.
Solution:
Don't trust 'Software Install Prompts'
Use a different browser
"Which could be described as nothing more or less than a particularly effective denial-of-service attack. In no way was the information on the target computer compromised. Bad, yes, but not the same thing as what we're talking about here. Plus, it was fixable by hitting the "restart" button."
Wow you could work for apple management. Not a problem, just don't get bored college kids nailing the dorm IPs over and over all night long. Lots of fun especially when your word processor doesn't have an autosave (wordperfect). It was fixable by going to debug screen and typing "g f" but in return you'll lose all your current apps. I guess pulling out your network cable is acceptable patch. Not a problem at all.
I guess you don't remember NVIR,WDEF or the other many mac viruses. Or how viruses got so rampant that even a CD that came with one of the mac magazines was infected.
There was also the ping of death that Apple just simply ignored for a couple of years. And when they finally fixed it in System 8, it was a $75 "upgrade".
Lets also not forget about 4 new vunerabilities that came out last week. These were discovered back in June 2004.
Blind faith of apple uses amazes me, apple loves to screw over its customers. From having my macplus burn out its power supply($300) because apple was too cheap to install a fan, to not providing upgrade paths for any of their machines even though they had a fricking slot. Luckily 3rd parties stepped in with upgrade daughter cards. Or when apple decided to switch to PPC, leaving everyone else who bought 680xxx mac screwed. Then doing same thing when going over to OSX, screwing customers that had legacy apps to run in slow/unstable emulated mode.
You know what I can do with my PC today? Use software that was written back in the early 90s. The other day I was playing "XCOM planetary defense" on my PC, game I used to be envious of pc users back when I was apple fanatic. Luckily the koolaid wore off and switching over to PC has my made my wallet fatter. And upgrade means simply buying a processor or a new video card.
Not every worker in the US runs a website. I think 18x is too high for the average worker. How many people at an average business have their email address posted on a website? I have my address posted on craigslist,dice.com and monster.com on our job listings and I only recieve about 1 or 2 a day. I can't see any reason why anyone else at my office would need to share their email address on the net. Hell even my our support@, abuse@ don't recieve that much spam. And those are listed both in our whois information and webpages.
Its funny when people complain about spam or spyware at work, thats a clear indication they aren't working and using our equipment for personal use. Usually when you find spyware, you find P2P applications like kazaa, or something stupid like comet cursors. How many work related sites have activex spyware installs on them? I can't name a single one.
Umm... 3 years ago google was responsible for 70% of all searches on the internet. Last stat I saw, they are now at 47% and that was before the launch of Microsofts new search engine. Inktomi(yahoo) was been rising and now makes up 27% of all searches.
Your search phrases only have
As for XHTMl, it doesn't make a difference. Page level optimization counts so little on google. Which is why when you search for miserable failure, it list pages that don't even have the search term in the content. For high value terms like Mesothelioma($160 per click last time I checked on overture), none of the top results are xhtml compliant. For a term worth $250k+ a month on overture, there is lot people vying for the top spot. If xhtml made a big difference you'd see it being heavely used.
In many studies, it is shown that women make more errors than men in driving. Men on the otherhand are more risk takers and their accidents are usually associated with excess speed which has a higher percentage of fatalities. That is why men pay more for insurance.
"This supports the suggestion by Storie (1977) that men are more at risk from accidents involving high speed while women are at more likely to be involved in accidents resulting from perceptual judgement errors."
More stock based incentives for employees. Didn't we learn from Enron, Worldcom or the dot com boom that stock base incentives causes people to do everything possible to raise the price of the stock including fraud and other dubious business practices. Why can't companies just give cash bonuses.
People are switching away from google. 2 years ago google had 70% of the search market now they are hovering around 40% . With yahoo at 25% and remaining going to MSN, jeeves etc. With launch of msn new search engine, I can see google's market share going down even more.
You mean what tivo currently does? I love how my directivo requires a daily call even though it downloads updates straight off the sat feed and gets the guide from the feed aswell.
You actually had public machines that allowed users to have privs to install software on the box? Wow, you my friend are dumbest admin i know. I mean seriously, anyone could have came along downloaded and installed a keylogger or any other malicous software. Not only did you put your machines at risk, you put your customers personal information at risk .
Apple powerbooks can no way compete against the speed, and lightness of PCs. Come back when you apple has a laptop with a 14" screen or larger thats under 5 pounds like the IBM T Series, dell D600 or other brands. Apple's only sub 5 pound laptop has a pitful 12" screen but apple has always been behind the times, i'm still waiting for a g5 laptop.
There's a reason why the FCC created two broadcast frequencies for sat radio. If Sirius wants to merge, I say allow them to but they can't bring over their frequency but allowed to auction off instead.
BTW, clearchannel only owns about a 2% stake in XM, I dont' even think they have representative on the board now. Considering clearchannel has been trying to get XM to drop their localized weather and traffic channels, they have very little control over XM.
No you don't, extensions have always been handled by the associated application. If you change an.exe to.zip and try to run it, you get a corrupted zip file error message.
Problem isn't people going through trash, its people stealing your mail from the unlocked mailbox most people have. Best solution is getting a lock for you mailbox.
it just wraps itself again in an installer and sends itself to anyone willing to accept it in the vicinity - the key word is willing to accept it.
If we look at email worms today, they spread by users clicking on attachments. End users will click on anything and it is problem. Obviously its a problem for cars since people are getting their cars infected hence it made the news.
As long as there's ignorant users, there's always a need for antivirus software. People like to open things.
Lot of times the HVAC,NAV, Entertainment will share the same computer/board. Problems with the computer/board, can cause the HVAC to stop working which may seem annoying but can be dangerous especially when condensation forms on the inside of the windshield.
Slashdot Mirror
IDN Allows Bypass of Mozilla's "Allowed Sites" List
Background:
DN[International Domain Name] support in Mozilla allows bypass of 'Allow Sites'. Problem is caused in the way Mozilla handles IDN when used to handle checking of the list of allowed sites.
Example:
<a href='http://update.xn--mozill-8nf.org/ malicious.xpi'>Friendly Extension Name</a >Update.mozilla.org will be checked against the whitelist instead of update.xn--mozill-8nf.org.
Threat:
Exploit could be used to trick users into installing malicious extensions.
Solution:
Don't trust 'Software Install Prompts' Use a different browser
Author: Todd Lehr
Majority posts are defending microsoft.
Wow you could work for apple management. Not a problem, just don't get bored college kids nailing the dorm IPs over and over all night long. Lots of fun especially when your word processor doesn't have an autosave (wordperfect). It was fixable by going to debug screen and typing "g f" but in return you'll lose all your current apps. I guess pulling out your network cable is acceptable patch. Not a problem at all.
There was also the ping of death that Apple just simply ignored for a couple of years. And when they finally fixed it in System 8, it was a $75 "upgrade".
Lets also not forget about 4 new vunerabilities that came out last week. These were discovered back in June 2004.
Blind faith of apple uses amazes me, apple loves to screw over its customers. From having my macplus burn out its power supply($300) because apple was too cheap to install a fan, to not providing upgrade paths for any of their machines even though they had a fricking slot. Luckily 3rd parties stepped in with upgrade daughter cards. Or when apple decided to switch to PPC, leaving everyone else who bought 680xxx mac screwed. Then doing same thing when going over to OSX, screwing customers that had legacy apps to run in slow/unstable emulated mode.
You know what I can do with my PC today? Use software that was written back in the early 90s. The other day I was playing "XCOM planetary defense" on my PC, game I used to be envious of pc users back when I was apple fanatic. Luckily the koolaid wore off and switching over to PC has my made my wallet fatter. And upgrade means simply buying a processor or a new video card.
It could never go to court because you have to serve the papers to the defendant which would be quite hard to do.
Its funny when people complain about spam or spyware at work, thats a clear indication they aren't working and using our equipment for personal use. Usually when you find spyware, you find P2P applications like kazaa, or something stupid like comet cursors. How many work related sites have activex spyware installs on them? I can't name a single one.
2) msnsearch.com
Umm... 3 years ago google was responsible for 70% of all searches on the internet. Last stat I saw, they are now at 47% and that was before the launch of Microsofts new search engine. Inktomi(yahoo) was been rising and now makes up 27% of all searches.
Your search phrases only have As for XHTMl, it doesn't make a difference. Page level optimization counts so little on google. Which is why when you search for miserable failure, it list pages that don't even have the search term in the content. For high value terms like Mesothelioma($160 per click last time I checked on overture), none of the top results are xhtml compliant. For a term worth $250k+ a month on overture, there is lot people vying for the top spot. If xhtml made a big difference you'd see it being heavely used.
"This supports the suggestion by Storie (1977) that men are more at risk from accidents involving high speed while women are at more likely to be involved in accidents resulting from perceptual judgement errors."
Social Research Centre Study
My passenger is blind you insensitive clod.
Because apple invented the first mp3 player. Oh wait they didn't. What have they invented? GUI nope, mouse nope.
I guess you don't use googles image search much, that thing is at least two months out of date compared to the main index.
More stock based incentives for employees. Didn't we learn from Enron, Worldcom or the dot com boom that stock base incentives causes people to do everything possible to raise the price of the stock including fraud and other dubious business practices. Why can't companies just give cash bonuses.
That isn't msn version of adwords. Its overture PPC which google has a license to use the same technology in adwords.
Market Share
You mean what tivo currently does? I love how my directivo requires a daily call even though it downloads updates straight off the sat feed and gets the guide from the feed aswell.
Meaning of the word performed
You actually had public machines that allowed users to have privs to install software on the box? Wow, you my friend are dumbest admin i know. I mean seriously, anyone could have came along downloaded and installed a keylogger or any other malicous software. Not only did you put your machines at risk, you put your customers personal information at risk .
Apple powerbooks can no way compete against the speed, and lightness of PCs. Come back when you apple has a laptop with a 14" screen or larger thats under 5 pounds like the IBM T Series, dell D600 or other brands. Apple's only sub 5 pound laptop has a pitful 12" screen but apple has always been behind the times, i'm still waiting for a g5 laptop.
BTW, clearchannel only owns about a 2% stake in XM, I dont' even think they have representative on the board now. Considering clearchannel has been trying to get XM to drop their localized weather and traffic channels, they have very little control over XM.
Clear water complains to FCC about XM and Sirius
No you don't, extensions have always been handled by the associated application. If you change an .exe to .zip and try to run it, you get a corrupted zip file error message.
Problem isn't people going through trash, its people stealing your mail from the unlocked mailbox most people have. Best solution is getting a lock for you mailbox.
If we look at email worms today, they spread by users clicking on attachments. End users will click on anything and it is problem. Obviously its a problem for cars since people are getting their cars infected hence it made the news.
As long as there's ignorant users, there's always a need for antivirus software. People like to open things.
Lot of times the HVAC,NAV, Entertainment will share the same computer/board. Problems with the computer/board, can cause the HVAC to stop working which may seem annoying but can be dangerous especially when condensation forms on the inside of the windshield.