Re:poor choice of story for slashdot frontpage
on
The Jobs Crunch
·
· Score: 1
Umm, how could this post be considered to be trolling?
poor choice of story for slashdot frontpage
on
The Jobs Crunch
·
· Score: 0, Troll
I dont think a story like this really belongs on slashdot to be honest, especially not the front page, and is a better choice for other sites. The reason I feel this is because a large percentage of readers are not American, and articles like this inevitably result in 50% of the forum threads being flamebait because of feelings towards the political parties at the moment.
The story itself is just a massive advertisement to vote against Bush too.
At least, thats just my personal opinion. Either way, I know I wont be trying to moderate anyone in this thread, because every second post will look like trolling or flamebait depending on the perspective of the reader.
Actually, I think thats the wrong approach. I just think vendors like Microsoft need to take responsibility for the poor security in their products.. Many exploits against windows products for instance were long known to come out before they were released, amongst many others. There was a time when eeye had serious exploits listed that took Microsoft longer then 100 days to fix.
Also, from past experience, legislation is often abused in computer cases (as demonstrated by people like the RIAA). Personally, its been pretty rare to see decent laws against computer crimes (I haven't heard of any I agree with so far).
I think the development of sender verification frameworks for Email will also eventually help, provided that MS is willing to accept the open standards for once.
This isn't always strictly true.. For eg, in Linux, after 896 megs, you need to enable large memory support, which slows things down.. Personally, I've got 1 gig, and I never reach past 500megs usage..
Even with 10 gigs of ram, you'll still need stuff like swap anyway, for reasons described on http://kerneltrap.org/node/view/3202..
Also, think about how you can access memory in a linear way with 4gigs of ram (which is a very large amount of memory pages), some of the operating systems internal data structures would be getting pretty hefty. Fortunately, one benefit from this will be that computer products will require more optimised access methods if the product is to succeed..
Apple claim 8 hours battery life on my ipod, but after using it 5 hours, its mostly empty, and the battery shouldn't be fully discharged either. Personally, I dont foresee me being able to accomplish 8 hours even when the battery was brand new.
Battery life is dependant on the way their record it. Remember that the battery life they claim is max battery life, in perfect temperature conditions probably, low humidity, with the volume of the player down to 0, the backlight off, etc. Just because a battery has even 30 hours playback time, it might only last 4 or 5 months or so, and if it costs a fortune to replace, then longativity is very important.
Personally, I'm more interested in a player which is highly upgradable, so that in 12 months when a new Music format gets released, you can utilise it. Another issue I'd imagine are the upcoming DRM issues.. I'd hate to discover in 12 months that its impossible to upload your own CD's to more then one music player, or even that every file you upload to it from computer needs to be digitally signed by Microsoft or something
With the advent of new technologies like OLED screens, amongst other things, I'm surprised companies aren't eager to release them.
One reason I'd imagine there are so many LCD's overstocked is that LCD screens might have nice refresh rates, but the monitors which dont suffer excessive blurring which is bad for gamers, tend to be the ones which cost a few grand. And while LCD screens best benefit the development of large monitors, large LCD monitors cost so much barely anyone has one these days (I still know people using ancient 15" CRT monitors.. I'm one of them).
Maybe if they helped companies like Nvidia to work on algorithms which would help reduce the blurring effect by adjusting the brightness of a colour which only gets drawn for a milisecond to help reduce the blurring), or something better, it could give them a killer market.. Every gamer on the block would want one.
Personally, the dead pixel problems some of the Manufacturers have on their monitors is one thing that makes me highly cautious about the cheap LCD screens
Maybe we should find a good pic and put it on the webpages, although, I severely doubt a future with 100 screaming females chasing me around, maybe David Zeuthen who leads the HAL project will get more lucky
It should theoretically work with the current Driver on demand in CVS.. Unfortunately, there wasn't much support for the driver on demand project previously, which is why I've been working on a search engine for linux drivers instead now.
I actually think that if it was turned into a community project more, and we had a full package management system in it (maybe use a modified portage system), added vendor Id's, BUS type, revision, etc, we could do pretty well. Since the release of DVD's now (and BLU-ray dvd's holding 27gigs next year), it should even be possible to have GCC, the standard linux tools, and the linux kernel source on the CD at the same time allowing drivers to be compiled during the installation, which, for the first time would allow linux to have all the drivers installed during install, making up for the lack of ABI compatibility. Who said that we need to use compiled binaries to share drivers anyway?? The Nvidia ones would still need to have ABI compatibility in the package, but imagine, driver manufacturers for the first time in history could provide disks with the source code instead/binaries instead of doing as we are doing now which is hoping that linux has support included. If we really want linux to take off, this is what we really need!!!!!
Its not borrowing ideas at all... Alot of things MS does are just simple steps, but the trick is they generally implement them in the poor and easy way, instead of the proper way. The truth is that Linux has had the equivilent of Microsofts Plug and play system for a very long time. All their system is, is a bunch of modules, we do exactly the same thing, the difference is that since people dont notice it because distro's have most fo the drivers included, so you dont notice them existing.
Also, Microsoft charges for getting drivers digitally signed to get on their database, and I severely doubt many are of decent quality (I know the nvidia ones they have are useless). Its easy to code somethign when you charge for addition to the database, because its just like any other database.. But to do full, dynamic driver management where you can get drivers that dont even exist on your system, thats what MS is NOT able to do. In fact, because they put poor drivers in their database, I'd say you get driver upgrade warnings which wipe out your already working drivers and replace them with poor copies.. Evidence of poor design.
Either way. I dont believe either HAL or Driver on demand is really a clone, but then again, I am the author of Driver on Demand, and I'm biased. The focus in recent times for driver on demand has been to create a driver search engine anyway first.
They were right to reject it. The open source world often stands together in such issues, and the only end result that could happen is a truly free standard that will take on the world. Now that issues have been raised, it means every other distro will analyse it, and probably not include it either but help work on a "free" one, and the internet in reality runs off Unix, so we have a VERY good chance of getting a strongly supported standard out there.. Very few major mail servers run off Windows, hotmail is probably the only one I'd imagine.
Just one question, has there been any work on a open standard yet?
I guess it would be like saying that IE consumes 99.99% of the total browsers installed by checking the users on MSN.com, which is what the default homepage on msn.com is. Only way to do something like this is to get statistics from thousands of websites
ahh, I just found the whole DNS thing funny too. Yes you could use it for a MITM attack or something, but honestly, everyone would just reverse the install because they thought their internet was broken and there would be no such thing as wireless hotspots.
Forgot to mention that I believed that the problem with windows has always been very poor internal security (sometimes it has taken Microsoft months on time to fix even the smallest privlage elevation exploits), and its always been my belief that the worm coders have just been too stupid to be capable of coding a decent worm based on already established connections.
I also never expected a worm based on port scanning to take over the planet, but rather believe ones based on sneaking in through established connections are the worse, and they are the hardest to stop because a firewall wont stop them. Melissa was a great example of one. One benefit is that these programs are the ones which stackguarding isn't enabled for by default, and in most cases dont even use buffer overflows.
I said that I thought this article didn't belong on OSnews, and I think its quite unfortunate it ended up on frontpage of slashdot too..
Actually, the author is unaware of new measures like stack protection built in, that actually strongly suggests to me that the author hasn't gone any further then a normal port scan, and this isn't a true analysis..
Stack protection would have stopped just about every worm so far in windows (except the shared drives ones in win2k).. Anyway, its a disillusion that worms need ports open to spread.
In reality, its really irrelevant if they are open or not due to the forced automatic updates and stack protection, and your biggest risk is stuff like internet explorer..
Basically, I dont believe the author really has much of an insight into computer security at all
I can see how it could, i just think that there is no possible way that 10X more costs could be accumulated on a small server anyway, especially considering its not the os itself that causes most the cost, but rather the programs you use in it, and to me, theres probably no easy way to measure that
Ok, so thats the standard response, but the main benefits will be stuff like:
encryption plugins (so easy per directory encryption).. Finally maybe we'll have fully encrypted home directories easily.
and stuff like the winFS system integrated into the filesystem possibly.
its also 2X faster then reiserfs, and 4X faster then NTFS
The big issue though is that until freebsd gets these benefits, apps aren't likely to get these capabilities:(
so maybe someone should work on porting this, then maybe theres a good chance these technologies will be used extensively..
OK. I want to know how Windows has a lower TCO if Linux already has stackguards, and windows doesn't. The author talks about UT2003 not having protection under linux from the stackguards, but what I want to know is if thats really relevant, because he goes and says that because when u install third party software in linux, its not protected, but its the same in windows.
I also like how they said in Linux 0days take 6 days while in Windows 0days take 1 day to be fixed..
I find that funny consider there have been cases where microsoft have kept valnerabilities secret from 3 months (and thats a known fact, especially with IE exploits).
And I think he must have been interviewing the script kiddies when he mentioned that many good hackers use windows, because thats total fud too. The really hardcore hackers use openbsd as their primary OS. I've never seen any real 'hackers' who use windows as their primary operating system. By the sounds of things, it seemed he just walked into a warez channel and asked for 'hackers'.
Dont take this article too seriously, its obviously total fud. If you read it, theres parts which just dont make sense, and strongly suggest that some of their results are fabricated..
I can see it now. Considering people have managed to access a bluetooth mobile from 2 miles away with a well designed antenna, it wont take long for people to catch on with the RFID's.
Makes it easier for stalkers too I guess
In 99% of cases, he doesn't need to, he just needs to be close enough. For such a thing to work well, he'd probably have to/want to open up a new window anyway full screen, during which time, 99% of people will forget if theres a special bar there, and not notice that their theme is a light white instead of their normal light pink, and 99% of ppl dont touch the bookmarks bar, so the defaults would be fine.. And nevertheless, those who would fall for something like this would just assume that those small changes are a bug in mozilla. I dont think with this 'exploit' they can put your extension bars there anyway.. Maybe your bookmark bar, but you'll notice that if u look at the code of the spoof, that there might not actually be a way to do that.
You have to think logically, to do something like this you have to give someone a link too, thats where most likely the best place to do a check.. Make sure that if a hyperlink on a page says its http://www.paypal.com, make sure it doesn't go to http://killme.com.. Because in most phishing cases, people actually fall for it because the link is false anyway and just looks the same..
I still think that something like that something like this in javascript would affect just as many ppl as the XUML version.. But be more dangerous because it affects every browser
actually, you can make javascript almost as interactive.. The only advantage for this one is the theme is the same, and the bookmarks are there.. I'm actually thinking about whether its worth making a javascript clone which would fool 90% of people, and be actually a higher risk because it would work on IE too, and safari, and whatever else available.. Of course, I believe in reusable programming and the only people who would look at the code for such a thing, would be the last people you want to see it
You can pretty much just use javascript to open a new window anyway.. For the people who are unthemed, javascript works just as well, and ppl who are, most would just assume that its a bug which causes the theme to change back.. Throw in precaching and HELLO.. those buttons load instantly
Same thing, just different implementation, and cant be stopped either without disabling javascript.. My issue with this is that attacks like these have been known throughout the community for years, but not many people knew about it. because of their nature, they can even be implemented in html without javascript, so they cant be stopped.. Now these geniuses have made it a big enough issue so that every spammer and script kiddie in the world knows, so has informed spammers of an easy way to harvest emails, frauders an easy way to pretend that their purchases are valid and credit card kiddies with a credit card harvester..
Basically, thanks to him, from this time on, we'll probably see a massive increase in spam and online fraud..
Its not really an issue though.. Even if this is fixed, theres 10000 different ways of doing the same kind of thing that will throw off even most security experts. Even if its changed, there will be other ways of pretending the bar exists.. They made it confidential because theres no way to fix it.. If they fix it this way, blackhats use javascript..
Rat never thought this thru. I think his trying to gain attention over something which he never bothered contemplating that there was no possible solution anyway.
Thanks to him now, his given just about every credit card frauder on the planet new ideas (and even implemented the paypal clone code for it too). They made it confidential to just stop ppl panicing about something which has always been possible and to try to stop frauders from adding this technique to their arsenal.. Now, Rat has done an incredibly smart move and gave spammers, credit card frauders, script kiddies some new ideas.. And for that, we have to thank him
This is basically a screenshot of a toolbar at the top of the browser.. I barely think its classed as a true exploit anyway, so the author got it wrong really..
The good thing is that I'm guessing people will fix it, but regardless, the only way to get tricked by it would be to click something on a webpage, so its unlikely that theres an easy way to give the link to the user without them noticing its dodgy.. Either way, its probably something which should be fixed, but its not something which can be fixed easily..
Either way, even if its fixed, its pretty trivial to make something with javascript that does exactly the same effect but does it better.. so I'm not worried at all.. Something like this can be done on any browser, so I think rat144 is using very poor judgement, and at the end, is:
-Causing ppl to worry about something which can be done in other ways anyway almost as well..
-Has now given a bad idea to blackhat crackers around the world, which is great, especially because there is no effective way of fixing this other then forcing a taskbar at the bottom with the effective address, which wont help everyone, and at the very least informing script kiddies of attacks like these will encourage them to attack every server..
I wonder why people like announcing problems like these without trying to implement a solution themselves, so at least they know if its possible before causing havoc online for everyone..
Slashdot Mirror
Umm, how could this post be considered to be trolling?
I dont think a story like this really belongs on slashdot to be honest, especially not the front page, and is a better choice for other sites. The reason I feel this is because a large percentage of readers are not American, and articles like this inevitably result in 50% of the forum threads being flamebait because of feelings towards the political parties at the moment.
The story itself is just a massive advertisement to vote against Bush too.
At least, thats just my personal opinion. Either way, I know I wont be trying to moderate anyone in this thread, because every second post will look like trolling or flamebait depending on the perspective of the reader.
Anyone else agree?
Actually, I think thats the wrong approach. I just think vendors like Microsoft need to take responsibility for the poor security in their products.. Many exploits against windows products for instance were long known to come out before they were released, amongst many others. There was a time when eeye had serious exploits listed that took Microsoft longer then 100 days to fix.
Also, from past experience, legislation is often abused in computer cases (as demonstrated by people like the RIAA). Personally, its been pretty rare to see decent laws against computer crimes (I haven't heard of any I agree with so far).
I think the development of sender verification frameworks for Email will also eventually help, provided that MS is willing to accept the open standards for once.
This isn't always strictly true.. For eg, in Linux, after 896 megs, you need to enable large memory support, which slows things down.. Personally, I've got 1 gig, and I never reach past 500megs usage..
..
Even with 10 gigs of ram, you'll still need stuff like swap anyway, for reasons described on http://kerneltrap.org/node/view/3202
Also, think about how you can access memory in a linear way with 4gigs of ram (which is a very large amount of memory pages), some of the operating systems internal data structures would be getting pretty hefty. Fortunately, one benefit from this will be that computer products will require more optimised access methods if the product is to succeed..
Apple claim 8 hours battery life on my ipod, but after using it 5 hours, its mostly empty, and the battery shouldn't be fully discharged either. Personally, I dont foresee me being able to accomplish 8 hours even when the battery was brand new.
Battery life is dependant on the way their record it. Remember that the battery life they claim is max battery life, in perfect temperature conditions probably, low humidity, with the volume of the player down to 0, the backlight off, etc. Just because a battery has even 30 hours playback time, it might only last 4 or 5 months or so, and if it costs a fortune to replace, then longativity is very important.
Personally, I'm more interested in a player which is highly upgradable, so that in 12 months when a new Music format gets released, you can utilise it. Another issue I'd imagine are the upcoming DRM issues.. I'd hate to discover in 12 months that its impossible to upload your own CD's to more then one music player, or even that every file you upload to it from computer needs to be digitally signed by Microsoft or something
With the advent of new technologies like OLED screens, amongst other things, I'm surprised companies aren't eager to release them.
One reason I'd imagine there are so many LCD's overstocked is that LCD screens might have nice refresh rates, but the monitors which dont suffer excessive blurring which is bad for gamers, tend to be the ones which cost a few grand. And while LCD screens best benefit the development of large monitors, large LCD monitors cost so much barely anyone has one these days (I still know people using ancient 15" CRT monitors.. I'm one of them).
Maybe if they helped companies like Nvidia to work on algorithms which would help reduce the blurring effect by adjusting the brightness of a colour which only gets drawn for a milisecond to help reduce the blurring), or something better, it could give them a killer market.. Every gamer on the block would want one.
Personally, the dead pixel problems some of the Manufacturers have on their monitors is one thing that makes me highly cautious about the cheap LCD screens
Hopefully lots of single ones ;)
Maybe we should find a good pic and put it on the webpages, although, I severely doubt a future with 100 screaming females chasing me around, maybe David Zeuthen who leads the HAL project will get more lucky
It should theoretically work with the current Driver on demand in CVS.. Unfortunately, there wasn't much support for the driver on demand project previously, which is why I've been working on a search engine for linux drivers instead now.
I actually think that if it was turned into a community project more, and we had a full package management system in it (maybe use a modified portage system), added vendor Id's, BUS type, revision, etc, we could do pretty well. Since the release of DVD's now (and BLU-ray dvd's holding 27gigs next year), it should even be possible to have GCC, the standard linux tools, and the linux kernel source on the CD at the same time allowing drivers to be compiled during the installation, which, for the first time would allow linux to have all the drivers installed during install, making up for the lack of ABI compatibility. Who said that we need to use compiled binaries to share drivers anyway?? The Nvidia ones would still need to have ABI compatibility in the package, but imagine, driver manufacturers for the first time in history could provide disks with the source code instead/binaries instead of doing as we are doing now which is hoping that linux has support included. If we really want linux to take off, this is what we really need!!!!!
Its not borrowing ideas at all... Alot of things MS does are just simple steps, but the trick is they generally implement them in the poor and easy way, instead of the proper way. The truth is that Linux has had the equivilent of Microsofts Plug and play system for a very long time. All their system is, is a bunch of modules, we do exactly the same thing, the difference is that since people dont notice it because distro's have most fo the drivers included, so you dont notice them existing.
Also, Microsoft charges for getting drivers digitally signed to get on their database, and I severely doubt many are of decent quality (I know the nvidia ones they have are useless). Its easy to code somethign when you charge for addition to the database, because its just like any other database.. But to do full, dynamic driver management where you can get drivers that dont even exist on your system, thats what MS is NOT able to do. In fact, because they put poor drivers in their database, I'd say you get driver upgrade warnings which wipe out your already working drivers and replace them with poor copies.. Evidence of poor design.
Either way. I dont believe either HAL or Driver on demand is really a clone, but then again, I am the author of Driver on Demand, and I'm biased. The focus in recent times for driver on demand has been to create a driver search engine anyway first.
They were right to reject it. The open source world often stands together in such issues, and the only end result that could happen is a truly free standard that will take on the world. Now that issues have been raised, it means every other distro will analyse it, and probably not include it either but help work on a "free" one, and the internet in reality runs off Unix, so we have a VERY good chance of getting a strongly supported standard out there.. Very few major mail servers run off Windows, hotmail is probably the only one I'd imagine.
Just one question, has there been any work on a open standard yet?
I guess it would be like saying that IE consumes 99.99% of the total browsers installed by checking the users on MSN.com, which is what the default homepage on msn.com is. Only way to do something like this is to get statistics from thousands of websites
ahh, I just found the whole DNS thing funny too. Yes you could use it for a MITM attack or something, but honestly, everyone would just reverse the install because they thought their internet was broken and there would be no such thing as wireless hotspots.
Forgot to mention that I believed that the problem with windows has always been very poor internal security (sometimes it has taken Microsoft months on time to fix even the smallest privlage elevation exploits), and its always been my belief that the worm coders have just been too stupid to be capable of coding a decent worm based on already established connections.
I also never expected a worm based on port scanning to take over the planet, but rather believe ones based on sneaking in through established connections are the worse, and they are the hardest to stop because a firewall wont stop them. Melissa was a great example of one. One benefit is that these programs are the ones which stackguarding isn't enabled for by default, and in most cases dont even use buffer overflows.
I said that I thought this article didn't belong on OSnews, and I think its quite unfortunate it ended up on frontpage of slashdot too..
Actually, the author is unaware of new measures like stack protection built in, that actually strongly suggests to me that the author hasn't gone any further then a normal port scan, and this isn't a true analysis.. Stack protection would have stopped just about every worm so far in windows (except the shared drives ones in win2k).. Anyway, its a disillusion that worms need ports open to spread. In reality, its really irrelevant if they are open or not due to the forced automatic updates and stack protection, and your biggest risk is stuff like internet explorer.. Basically, I dont believe the author really has much of an insight into computer security at all
I can see how it could, i just think that there is no possible way that 10X more costs could be accumulated on a small server anyway, especially considering its not the os itself that causes most the cost, but rather the programs you use in it, and to me, theres probably no easy way to measure that
considering my home server running windows cost $100 for the windows copy, and my linux server cost $0 for the software, hmm, I wonder whats cheaper
Ok, so thats the standard response, but the main benefits will be stuff like: encryption plugins (so easy per directory encryption).. Finally maybe we'll have fully encrypted home directories easily. and stuff like the winFS system integrated into the filesystem possibly. its also 2X faster then reiserfs, and 4X faster then NTFS The big issue though is that until freebsd gets these benefits, apps aren't likely to get these capabilities :(
so maybe someone should work on porting this, then maybe theres a good chance these technologies will be used extensively..
OK. I want to know how Windows has a lower TCO if Linux already has stackguards, and windows doesn't. The author talks about UT2003 not having protection under linux from the stackguards, but what I want to know is if thats really relevant, because he goes and says that because when u install third party software in linux, its not protected, but its the same in windows.
I also like how they said in Linux 0days take 6 days while in Windows 0days take 1 day to be fixed..
I find that funny consider there have been cases where microsoft have kept valnerabilities secret from 3 months (and thats a known fact, especially with IE exploits).
And I think he must have been interviewing the script kiddies when he mentioned that many good hackers use windows, because thats total fud too. The really hardcore hackers use openbsd as their primary OS. I've never seen any real 'hackers' who use windows as their primary operating system. By the sounds of things, it seemed he just walked into a warez channel and asked for 'hackers'.
Dont take this article too seriously, its obviously total fud. If you read it, theres parts which just dont make sense, and strongly suggest that some of their results are fabricated..
I can see it now. Considering people have managed to access a bluetooth mobile from 2 miles away with a well designed antenna, it wont take long for people to catch on with the RFID's. Makes it easier for stalkers too I guess
In 99% of cases, he doesn't need to, he just needs to be close enough. For such a thing to work well, he'd probably have to/want to open up a new window anyway full screen, during which time, 99% of people will forget if theres a special bar there, and not notice that their theme is a light white instead of their normal light pink, and 99% of ppl dont touch the bookmarks bar, so the defaults would be fine.. And nevertheless, those who would fall for something like this would just assume that those small changes are a bug in mozilla. I dont think with this 'exploit' they can put your extension bars there anyway.. Maybe your bookmark bar, but you'll notice that if u look at the code of the spoof, that there might not actually be a way to do that.
.. Because in most phishing cases, people actually fall for it because the link is false anyway and just looks the same..
You have to think logically, to do something like this you have to give someone a link too, thats where most likely the best place to do a check.. Make sure that if a hyperlink on a page says its http://www.paypal.com, make sure it doesn't go to http://killme.com
I still think that something like that something like this in javascript would affect just as many ppl as the XUML version.. But be more dangerous because it affects every browser
actually, you can make javascript almost as interactive.. The only advantage for this one is the theme is the same, and the bookmarks are there.. I'm actually thinking about whether its worth making a javascript clone which would fool 90% of people, and be actually a higher risk because it would work on IE too, and safari, and whatever else available.. Of course, I believe in reusable programming and the only people who would look at the code for such a thing, would be the last people you want to see it
You can pretty much just use javascript to open a new window anyway.. For the people who are unthemed, javascript works just as well, and ppl who are, most would just assume that its a bug which causes the theme to change back.. Throw in precaching and HELLO.. those buttons load instantly
Same thing, just different implementation, and cant be stopped either without disabling javascript.. My issue with this is that attacks like these have been known throughout the community for years, but not many people knew about it. because of their nature, they can even be implemented in html without javascript, so they cant be stopped.. Now these geniuses have made it a big enough issue so that every spammer and script kiddie in the world knows, so has informed spammers of an easy way to harvest emails, frauders an easy way to pretend that their purchases are valid and credit card kiddies with a credit card harvester..
Basically, thanks to him, from this time on, we'll probably see a massive increase in spam and online fraud..
Its not really an issue though.. Even if this is fixed, theres 10000 different ways of doing the same kind of thing that will throw off even most security experts. Even if its changed, there will be other ways of pretending the bar exists.. They made it confidential because theres no way to fix it.. If they fix it this way, blackhats use javascript..
Rat never thought this thru. I think his trying to gain attention over something which he never bothered contemplating that there was no possible solution anyway.
Thanks to him now, his given just about every credit card frauder on the planet new ideas (and even implemented the paypal clone code for it too). They made it confidential to just stop ppl panicing about something which has always been possible and to try to stop frauders from adding this technique to their arsenal.. Now, Rat has done an incredibly smart move and gave spammers, credit card frauders, script kiddies some new ideas.. And for that, we have to thank him
Actually, just read the discussion and seems they agree with what I thought.. So seems Rat's just trying to get some attention..
This is basically a screenshot of a toolbar at the top of the browser.. I barely think its classed as a true exploit anyway, so the author got it wrong really..
The good thing is that I'm guessing people will fix it, but regardless, the only way to get tricked by it would be to click something on a webpage, so its unlikely that theres an easy way to give the link to the user without them noticing its dodgy.. Either way, its probably something which should be fixed, but its not something which can be fixed easily..
Either way, even if its fixed, its pretty trivial to make something with javascript that does exactly the same effect but does it better.. so I'm not worried at all.. Something like this can be done on any browser, so I think rat144 is using very poor judgement, and at the end, is:
-Causing ppl to worry about something which can be done in other ways anyway almost as well..
-Has now given a bad idea to blackhat crackers around the world, which is great, especially because there is no effective way of fixing this other then forcing a taskbar at the bottom with the effective address, which wont help everyone, and at the very least informing script kiddies of attacks like these will encourage them to attack every server..
I wonder why people like announcing problems like these without trying to implement a solution themselves, so at least they know if its possible before causing havoc online for everyone..
Cool thing is that theres already stuff that can use the new Xdamage and composite extensions too.. Mainly stuff like skippy-XD at the moment..