This is exactly the problem I fear. All it takes is one spammer/cracker to bulk mail a hundred of pictures to random HTML accounts (Hotmail, etc).. and you can see exactly where this is going to lead.
Also those who use Firefox may not be 100% protected, because consider this scenario.
1. Install Firefox 2. Set Firefox as default browser 3. Use MSN Messenger. 4. MSN messenger pops up "you have new hotmail" 5. Click link to see new mail, MSN Messenger opens up in INTERNET EXPLORER despite setting firefox as the default browser. 6. You are owned.
I am more concerned that after this, people may even mistakenly critisize Firefox, thinking that Firefox was there default browser, and that they got infected via firefox, instead of IE.
"I set up this firefox thingie, and set it as a default browser, yet I still have a virus, by just reading my email. Firefox is just as bad as IE"
A second attack vector could be to change the mimetype of the JPEG, causing Firefox to download, then open it in the system handler for JPEGS.. and a possibility of being owned that way.
Still this may also be very good grounds for a class action against MS, as they are not honouring a users request NOT to use IE.
This all goes to prove, MS is a security hole, that can even make secure applications appear insecure
Ow, my head hurts from thinking of this.. let me get some Paracetamol.
The SecurID card i have you have to ALSO type a pic number onto the card itsself. EVen if someone finds the card, they will not be able to get in, unless they also type the pin.
Its called SecureID, and there are two types. one type is a keyfob that generates a number randomly every minuite.
The second type which I use to access my company Intranet is liek a credit card, where i also have to type a pin into the Card, and the generated key is further masked. Very Secure
For those outside the UK, who didnt understand a word of that:
Camden Council in London have been looking at the explosion of "Fly Posting" for various Albums. These Posters are stuck on window boards or closed down shops and buildings, and other property, and is actually illegal, and considered vandalism.
Although heavy fines and possible prison sentances exist for anyone caught flyposting, often its hard to briing on arrests for people, for it is hard to catch them as it is, and when anyone is caught, often are poor, or sometimes exploited immigrants.
Camden Council had enough and decided to go after the person at the top of the chain, the Music Industry Executives selling the advertised albums. And are thinking of taking out a ASBO on the CEO of Sony Music, and BMG.
The Java Plugin error is not very obvious but it has somethign to do with an extension doign a User Agent spoofing IE. You nomrally get that error IF the browser is spoofing IE, or the Java Plugin is not compatible.
Also with the UK and most European countries havign far superior Digital Terestrial networks, WHY ANALOGUE? these units are already old technology!
Why have an expensive brick, decoding 5 channels (UK) of analogue signals into what is basically a framebuffer, digitising it, sending it uncompressed through the USB2, then if you wish to record the laptop then has to recode it into MPEG1/MPEG2/Whatever?
A Better product will receive the 40+ digital channels (UK) send the raw MPEG2 stream direct to the laptop, where either the laptop can display the stream, or save to disk, or both.
Well said, in fact I woudl prefer it even MORE if no individual browser having a substancially larger share fo the market than others. for example eaching having between 15 to 20% of the market share.
This will do a LOT to prevent crackers targetting a specific browser, like whats happening with IE, and it would give incentive for the web browsers to design to standards, and incentive for the web developers to adhere to those standards.
I do not Understand some of the AOL Bashing that goes on here.
AOL develops an "Internet Expereince" for computer Newbies, their service is not for experts, and thats it. They DO dumb down their internet, for reason, because thats exactly what their costomers demand.
The ISP market has a lot of choice, unlike the OS market, and AOL caters for a particular type of market. They are not trying to cater for all users (though their Netscpae Online ISP may be an exception). Those AOL customers whinging that AOL doesnt allow this, AOL doesnt allow that, well thats because what is beign requested is not regarded as important to the average AOL user. The Average usere donesnt know what an SMTP server, iand they do not care about finding out. They just want to send email.
Those moaning about AOL, are free to switch. The majority CHOSE AOL, and are free to switch. Those non-AOL users who are moaning about AOL, again, whats it to do with you? you dont use their services, so why moan?
Secondly, that doesnt mean that AOL is titally unfriendly towards techs, though they do that using other "labels". FOr example, they did sponsor Mozilla, and paid the developers to do a great job in creating our browser, and dont say they got a payoff from Microsoft, because if you look at the figures, AOL still made a monatary loss on the whole Netscape/Mozilla thing. However as a result, we have Mozilla.
When dissolving Netscape, they gave full freedom to Mozilla, transfering copyright, etc. They COULD have been a bitch about it, but they didnt. You can compare their actions to almost like a parent who has a extremely talented child that "outgrew" the rules of the home. Instead of hiding the child, to destroying the child, it let the child go, with some money to help it make its own way.
Also about Netscape, there are somepeople who do NOT trust Mozilla just yet (my parents). Yet they still trust Netscape. Still providing Netscape (another loss to them) is a good thing.
ABout Nullsoft, whatever bad people talk about them, they still were instumental in turning WinAMP into a free (price) product. Ok its not Opensource, but at least we can create puligins and stuff easily, without sellign out to the devil, thanks to its fairly open standards.
I do not recall them going after XMMS either, dispite some similarities between the two.
AOL is not bad, its just different to what we expect, but its not bad, and i do think some of the bashing here is a little unfair. Save it for MS.
I am not too sure what could have caused it to barf (I have the JDK 1.4_2 installed + Netbeans IDE, and the transition went smoothly).
I can only suspect maybe you had more than one version of the JRE (eg 1.3 and 1.4 for example) and the installer barfed up, or soemthign stranger during the import.
However, I can for sure say i have installed on many normal users who have just the JRE, installed direct from Sun, via EXE, IE, or XPI, and none of them failed when firefox was upgraded.
So i guess the problem you had is due to some strange configuration which maybe you haev set up as a developer, and therefore since you are developer, it was pretty easy for you to fix it. Normal users probably woudl not be downloading the JDK etc.. and it should work ok anyway.
True, the loss to MS is zero in ONLY the browser space. In other spaces, the loss may be FAR greater.
Microsoft didnt make IE out of the goodness of their hearts, they paid staff, millions of hours of development time, a court case with the DOJ, to get this "free" browser out. And we know MS doesnt give things away unless they are either goign to earn profit somewhere else, or to prevent loss occuring somewhere else.
going back to 1996/1997, Microsoft realised that Netscape, the dominant browser at the time, were slowly morphing from "Just a Browser" into something that together with Java resembles an OS. It was a platform that allowed applications to be delivered over the net, making the core OS irrelevent. Have a look at archived docs about Netscape's Aurora, and you will understand why MS was scared.
Secondly the Java & HTML can be developed by MOST students for free. You only needed a Text Editor, a paint package and a freely obtainable JDK. There is no relatively "simple" ways to create windows applications for free. This was the reason why Microsoft gave away Visual Basic Active X edition for free, to get people less intrested in Java, and create More MS centric solutions.
Therefore dont assume that there is no value to MS from Internet Explorer. It is core to them. They only got a bit of a breathing space because fo the Dot Com bust, didnt create as much intrest for Web Applications as originally thought.
Obligatory Mastercard Parody: - development time: 10000 Man hours - Cost of development: $1million - Sending SP2 free to anyone who asks: $1 per CD
Mahing the Windows/Office/Visual Studio triopoly maintained, and seeing Netspace and many other compeitors ground to dust - PRICELESS.
Disclaimer, I LOVE Firefox, and Mozilla.org. I have been supporting Mozilla since 1998. I have been grokking Mozilla/Firefox (Not Netscape), since it was a "tiny" 4 button browser called Raptor (anyone remember that?).
I am worried about Script Kiddies poaching my favourite browser. And lets not kid ourselves, it is possible as its popularity goes up.
Anyone who assumes that using Mozilla is immune to issues is kidding themselves, and if you are spreading the word about FireFox, please do NOT market it as a miracle cure for all problems, temping as it may be.
Mozilla uses a lot of Scripting, and tools such as XUL. Rememeber, the browsers CHROME is efectively generated from XML, and often uses JavaScript to bind the components together. It is possible some enterprising person will attempt to thwarte it. there may be a lot of developers, but they dont match the millions of people who would try and attack FireFox if inclined to.
On a more positive note, I still have more trust in Firefox than in IE. I feel whereas IE makes it easier for the script kiddies, Mozilla makes it easier for ME. So yeah, both are not 100% perfect, but Mozilla is closer to that than IE.
Oh and the Opensource nature.. which as we are in slashdot, I do not need to explain!
I think you're full of it. If what you said was real, you wouldn've
given SOME details on such a beneficial transaction!
Not pointing fingers, when some of the tinfoil crowd comes ups with wild theories, we all sit and agree, partly because we WANT to agree. Slashdot comments are known for sometiems being low on facts, and high on heresay. Face it!
the Grandparent post comes up with a story, whcih may be true or false. However, face it, I am sure MOST of the geeks wish we would have done something similar, and are probably kicking ourselves in the pants for missing the train. After all we all had the information that SCO was full of "shit", why dont we put out money on it, and make a tidy sum whilst at it?
I think the parent poster, more than thinking the parent is full of crap, somewhat wishes he was the one who did that
Come on, us geeks get used every day for many reasons, by the stockmarkets, etc. Its harder to find jobs now because of silly runaway things in the past, like the Dot Bomb fiasco. Its time to turn the tables somewhat, and make some money on the very stupid investors that have played with our lives int he past.
I am aware the parent may have intended this is a Satrical way....
I think its better a few "researchers" losing their jobs, than many losing their life. Plus the researchers have another job to go to. People dont have another "live" if they loose their current one....
My girlfriend died of Luekemia due to her being unable to cope with Chemo.
Since her death, I have met many researchers in the field, espeically those looking at research on Taxine from the English Yew. All those researchers are extremely dedicated to their jobs, and if anythign, they are also eager to stike gold on the cure.
I live in Harrow, a suburb of London... the CLosed cuircuit TV was first trialed here, in the early/mid 90's, as well as in Bournemouth.... SO you can say i have been living with this for well over a decade.
Harrow itself is one of the more safer areas in terms of crime, and many doubted the reasons for putting such a system in place, but it was a success.. when i walk around Harrow, i very rarely see any vandlaism, or graffitti, as people get caught... it feels safe to walk even at midnight.. although i used to be worried about the big brother aspect of it.. btu i have not seen or heard of one case where the cameras have been used for anythign other than its intended use, public safety...
there has been many cases in the past, where people have been kidnapped, or murdered, and the use of CCTV has been very valubale in the FINDING the criminals..
Survielence is in itslef nto a bad thing, it is only if used for the wrong purposes, that it can be seen bad.. but so far, it has been a success...
Slashdot Mirror
As i said in an earlier comment.. no need for outlook:
HTML Mail + *ANY* web based email system + Unpatched Internet Exploder = bad day for ALL
This is exactly the problem I fear. All it takes is one spammer/cracker to bulk mail a hundred of pictures to random HTML accounts (Hotmail, etc).. and you can see exactly where this is going to lead.
Also those who use Firefox may not be 100% protected, because consider this scenario.
1. Install Firefox
2. Set Firefox as default browser
3. Use MSN Messenger.
4. MSN messenger pops up "you have new hotmail"
5. Click link to see new mail, MSN Messenger opens up in INTERNET EXPLORER despite setting firefox as the default browser.
6. You are owned.
I am more concerned that after this, people may even mistakenly critisize Firefox, thinking that Firefox was there default browser, and that they got infected via firefox, instead of IE.
"I set up this firefox thingie, and set it as a default browser, yet I still have a virus, by just reading my email. Firefox is just as bad as IE"
A second attack vector could be to change the mimetype of the JPEG, causing Firefox to download, then open it in the system handler for JPEGS.. and a possibility of being owned that way.
Still this may also be very good grounds for a class action against MS, as they are not honouring a users request NOT to use IE.
This all goes to prove, MS is a security hole, that can even make secure applications appear insecure
Ow, my head hurts from thinking of this.. let me get some Paracetamol.
yes.. but you are talking about the keyfob type.
The SecurID card i have you have to ALSO type a pic number onto the card itsself. EVen if someone finds the card, they will not be able to get in, unless they also type the pin.
Its called SecureID, and there are two types. one type is a keyfob that generates a number randomly every minuite.
The second type which I use to access my company Intranet is liek a credit card, where i also have to type a pin into the Card, and the generated key is further masked. Very Secure
For those outside the UK, who didnt understand a word of that:
Camden Council in London have been looking at the explosion of "Fly Posting" for various Albums. These Posters are stuck on window boards or closed down shops and buildings, and other property, and is actually illegal, and considered vandalism.
Although heavy fines and possible prison sentances exist for anyone caught flyposting, often its hard to briing on arrests for people, for it is hard to catch them as it is, and when anyone is caught, often are poor, or sometimes exploited immigrants.
Camden Council had enough and decided to go after the person at the top of the chain, the Music Industry Executives selling the advertised albums. And are thinking of taking out a ASBO on the CEO of Sony Music, and BMG.
well. i seriously DOUBT anyone would want to pirate THAT film!
Yeah, i hope our "Teflon Tony" is also similarly unelected too!
Erm.... the BBC brought us Mr Blobby, which is itself enough to shoot it!!!!
Wonder how much R&D that took!!!
PS. I love the BBC, the above is a JOKE
The Java Plugin error is not very obvious but it has somethign to do with an extension doign a User Agent spoofing IE. You nomrally get that error IF the browser is spoofing IE, or the Java Plugin is not compatible.
Best to reinstall JAVA.
Thanks for ruining my keyboard with coffee!!!
That was funny!
Also with the UK and most European countries havign far superior Digital Terestrial networks, WHY ANALOGUE? these units are already old technology!
Why have an expensive brick, decoding 5 channels (UK) of analogue signals into what is basically a framebuffer, digitising it, sending it uncompressed through the USB2, then if you wish to record the laptop then has to recode it into MPEG1/MPEG2/Whatever?
A Better product will receive the 40+ digital channels (UK) send the raw MPEG2 stream direct to the laptop, where either the laptop can display the stream, or save to disk, or both.
Well said, in fact I woudl prefer it even MORE if no individual browser having a substancially larger share fo the market than others. for example eaching having between 15 to 20% of the market share.
This will do a LOT to prevent crackers targetting a specific browser, like whats happening with IE, and it would give incentive for the web browsers to design to standards, and incentive for the web developers to adhere to those standards.
Microsoft incorporates security in its products, its just not valid security!
COme on guys! I am sure you can do better than that feeble excuse! ;)
I do not Understand some of the AOL Bashing that goes on here.
AOL develops an "Internet Expereince" for computer Newbies, their service is not for experts, and thats it. They DO dumb down their internet, for reason, because thats exactly what their costomers demand.
The ISP market has a lot of choice, unlike the OS market, and AOL caters for a particular type of market. They are not trying to cater for all users (though their Netscpae Online ISP may be an exception). Those AOL customers whinging that AOL doesnt allow this, AOL doesnt allow that, well thats because what is beign requested is not regarded as important to the average AOL user. The Average usere donesnt know what an SMTP server, iand they do not care about finding out. They just want to send email.
Those moaning about AOL, are free to switch. The majority CHOSE AOL, and are free to switch. Those non-AOL users who are moaning about AOL, again, whats it to do with you? you dont use their services, so why moan?
Secondly, that doesnt mean that AOL is titally unfriendly towards techs, though they do that using other "labels". FOr example, they did sponsor Mozilla, and paid the developers to do a great job in creating our browser, and dont say they got a payoff from Microsoft, because if you look at the figures, AOL still made a monatary loss on the whole Netscape/Mozilla thing. However as a result, we have Mozilla.
When dissolving Netscape, they gave full freedom to Mozilla, transfering copyright, etc. They COULD have been a bitch about it, but they didnt. You can compare their actions to almost like a parent who has a extremely talented child that "outgrew" the rules of the home. Instead of hiding the child, to destroying the child, it let the child go, with some money to help it make its own way.
Also about Netscape, there are somepeople who do NOT trust Mozilla just yet (my parents). Yet they still trust Netscape. Still providing Netscape (another loss to them) is a good thing.
ABout Nullsoft, whatever bad people talk about them, they still were instumental in turning WinAMP into a free (price) product. Ok its not Opensource, but at least we can create puligins and stuff easily, without sellign out to the devil, thanks to its fairly open standards.
I do not recall them going after XMMS either, dispite some similarities between the two.
AOL is not bad, its just different to what we expect, but its not bad, and i do think some of the bashing here is a little unfair. Save it for MS.
I kinda suspected it was the SDK!
I am not too sure what could have caused it to barf (I have the JDK 1.4_2 installed + Netbeans IDE, and the transition went smoothly).
I can only suspect maybe you had more than one version of the JRE (eg 1.3 and 1.4 for example) and the installer barfed up, or soemthign stranger during the import.
However, I can for sure say i have installed on many normal users who have just the JRE, installed direct from Sun, via EXE, IE, or XPI, and none of them failed when firefox was upgraded.
So i guess the problem you had is due to some strange configuration which maybe you haev set up as a developer, and therefore since you are developer, it was pretty easy for you to fix it. Normal users probably woudl not be downloading the JDK etc.. and it should work ok anyway.
True, the loss to MS is zero in ONLY the browser space. In other spaces, the loss may be FAR greater.
Microsoft didnt make IE out of the goodness of their hearts, they paid staff, millions of hours of development time, a court case with the DOJ, to get this "free" browser out. And we know MS doesnt give things away unless they are either goign to earn profit somewhere else, or to prevent loss occuring somewhere else.
going back to 1996/1997, Microsoft realised that Netscape, the dominant browser at the time, were slowly morphing from "Just a Browser" into something that together with Java resembles an OS. It was a platform that allowed applications to be delivered over the net, making the core OS irrelevent. Have a look at archived docs about Netscape's Aurora, and you will understand why MS was scared.
Secondly the Java & HTML can be developed by MOST students for free. You only needed a Text Editor, a paint package and a freely obtainable JDK. There is no relatively "simple" ways to create windows applications for free. This was the reason why Microsoft gave away Visual Basic Active X edition for free, to get people less intrested in Java, and create More MS centric solutions.
Therefore dont assume that there is no value to MS from Internet Explorer. It is core to them. They only got a bit of a breathing space because fo the Dot Com bust, didnt create as much intrest for Web Applications as originally thought.
Obligatory Mastercard Parody:
- development time: 10000 Man hours
- Cost of development: $1million
- Sending SP2 free to anyone who asks: $1 per CD
Mahing the Windows/Office/Visual Studio triopoly maintained, and seeing Netspace and many other compeitors ground to dust - PRICELESS.
Disclaimer, I LOVE Firefox, and Mozilla.org. I have been supporting Mozilla since 1998. I have been grokking Mozilla/Firefox (Not Netscape), since it was a "tiny" 4 button browser called Raptor (anyone remember that?).
I am worried about Script Kiddies poaching my favourite browser. And lets not kid ourselves, it is possible as its popularity goes up.
Anyone who assumes that using Mozilla is immune to issues is kidding themselves, and if you are spreading the word about FireFox, please do NOT market it as a miracle cure for all problems, temping as it may be.
Mozilla uses a lot of Scripting, and tools such as XUL. Rememeber, the browsers CHROME is efectively generated from XML, and often uses JavaScript to bind the components together. It is possible some enterprising person will attempt to thwarte it. there may be a lot of developers, but they dont match the millions of people who would try and attack FireFox if inclined to.
On a more positive note, I still have more trust in Firefox than in IE. I feel whereas IE makes it easier for the script kiddies, Mozilla makes it easier for ME. So yeah, both are not 100% perfect, but Mozilla is closer to that than IE.
Oh and the Opensource nature.. which as we are in slashdot, I do not need to explain!
500MB of Java? woah!
Ok.. try the following, get the JRE direct from Sun, and install it cleanly.
Go to www.java.com
Select "Get Java"
And choose the "xpi" based installation.
It usually works!
Not pointing fingers, when some of the tinfoil crowd comes ups with wild theories, we all sit and agree, partly because we WANT to agree. Slashdot comments are known for sometiems being low on facts, and high on heresay. Face it!
the Grandparent post comes up with a story, whcih may be true or false. However, face it, I am sure MOST of the geeks wish we would have done something similar, and are probably kicking ourselves in the pants for missing the train. After all we all had the information that SCO was full of "shit", why dont we put out money on it, and make a tidy sum whilst at it?
I think the parent poster, more than thinking the parent is full of crap, somewhat wishes he was the one who did that
Come on, us geeks get used every day for many reasons, by the stockmarkets, etc. Its harder to find jobs now because of silly runaway things in the past, like the Dot Bomb fiasco. Its time to turn the tables somewhat, and make some money on the very stupid investors that have played with our lives int he past.
Right.. download OOo, convert all current documents, JUST to create a PDF?
or
download a simple PDF creater drinter driver, whcih works with *ANY* program that can print
Come on, I know you like Open Office, but if your dont want to be marked redundant, give the answer to the RIGHT question.
Tell that to poor aunty Millie, who has her winbox rooted into a zombie spewing out 1000's of messages a day.
She will have a heart Attack.
Not Dr Hienz Wolf of Brunel, is it?
Being an ex-brunel student, I haev great admiration for Dr Hienz Wolf, and i woudl be very surprised if he took such a harsh stance.
> Cure for Cancer - Nope reseachers out of jobs
I am aware the parent may have intended this is a Satrical way....
I think its better a few "researchers" losing their jobs, than many losing their life. Plus the researchers have another job to go to. People dont have another "live" if they loose their current one....
My girlfriend died of Luekemia due to her being unable to cope with Chemo.
Since her death, I have met many researchers in the field, espeically those looking at research on Taxine from the English Yew. All those researchers are extremely dedicated to their jobs, and if anythign, they are also eager to stike gold on the cure.
I agree on some of the other points you made.
I live in Harrow, a suburb of London... the CLosed cuircuit TV was first trialed here, in the early/mid 90's, as well as in Bournemouth.... SO you can say i have been living with this for well over a decade.
Harrow itself is one of the more safer areas in terms of crime, and many doubted the reasons for putting such a system in place, but it was a success.. when i walk around Harrow, i very rarely see any vandlaism, or graffitti, as people get caught... it feels safe to walk even at midnight.. although i used to be worried about the big brother aspect of it.. btu i have not seen or heard of one case where the cameras have been used for anythign other than its intended use, public safety...
there has been many cases in the past, where people have been kidnapped, or murdered, and the use of CCTV has been very valubale in the FINDING the criminals..
Survielence is in itslef nto a bad thing, it is only if used for the wrong purposes, that it can be seen bad.. but so far, it has been a success...
it woudl be great if that happend, but I would not hold my breath.....