I suppose you mean "use different passwords for different levels of access"? The current story is an example of why do so, if someone uses the same password for their IRC nick and email or banking info, then their data is now at risk, they should assume that their other accounts are also compromised, and take the appropriate measures (change passwords).
Revolutionary Game and GPL'ed Engine
on
Quake is 10
·
· Score: 3, Interesting
Happy birthday Quake!
And thanks to Id for releasing its source code under GPL, because of this, the game is still being played and mod'ed after 10 years of its initial release, check Tenebrae for example, which adds modern rendering techniques like per-pixel lighting and stencil shadows to the original game.
When I came across the parent comment, I was curious to see how it actually worked. Unlike the common XSS attacks, this one doesn't require JavaScript to be enabled, when searching the vulnerable site, it outputs the search query back to the browser, the query is stored in the $s variable, apparently the variable isn't sanitized before being output, so one can inject whatever HTML code they like into the page. The vulnerability is mentioned here on the WP support forums, sadly posters assumed that such code wasn't vulnerable.
It looks like Maxthon isn't entirely IE-based, its Wikipedia entry suggests that it can use the Gecko engine as well (which is the same rendering engine used by Firefox):
Maxthon (formerly MyIE2) (pronounced "max-ton") is a freeware browser. It uses Trident, the same layout engine used by Internet Explorer as its default layout engine, but can use the Gecko technology used in Mozilla Firefox as well.
Maxthon, a browser made by a tiny Beijing company of the same name, has attracted millions of users in China for functionality that can funnel traffic through a Web proxy and circumvent government controls on information in search engines like Google, Yahoo, MSN, Baidu.com and other popular sites or Internet service providers in that country.
Neither the article nor Maxthon's feature list go into the details of how this feature is implemented, does it simply provide a list of open proxy and an easy way to switch to one of them? Or is it something more sophisticated? Anyone tried this feature?
I wonder if Chinese users are aware of TorPack, it is Tor + portable Firefox + some extensions. Being Firefox-based, it can benefit from the wide range of extensions available, and is arguably more secure.
I know your comment is a joke, but the article suggests that the study in question checked for IP addresses originating from Microsoft, not the Referrer header.
No, if it was a trojan you'd receive an executable file in email (like.exe or.bat). In this case however, you receive what looks like a data file (.doc), but this file exploits a vulnerability in MS Word to execute code.
Slashdot Mirror
Happy birthday Quake!
And thanks to Id for releasing its source code under GPL, because of this, the game is still being played and mod'ed after 10 years of its initial release, check Tenebrae for example, which adds modern rendering techniques like per-pixel lighting and stencil shadows to the original game.
When I came across the parent comment, I was curious to see how it actually worked. Unlike the common XSS attacks, this one doesn't require JavaScript to be enabled, when searching the vulnerable site, it outputs the search query back to the browser, the query is stored in the $s variable, apparently the variable isn't sanitized before being output, so one can inject whatever HTML code they like into the page. The vulnerability is mentioned here on the WP support forums, sadly posters assumed that such code wasn't vulnerable.
Here, this page explains it.
I wonder if Chinese users are aware of TorPack, it is Tor + portable Firefox + some extensions. Being Firefox-based, it can benefit from the wide range of extensions available, and is arguably more secure.
Bah, never mind that, both the IP address and referrer header are required, so removing the referrer header would work.
I know your comment is a joke, but the article suggests that the study in question checked for IP addresses originating from Microsoft, not the Referrer header.
One of the funnies comments ever, thank you!
No, if it was a trojan you'd receive an executable file in email (like .exe or .bat). In this case however, you receive what looks like a data file (.doc), but this file exploits a vulnerability in MS Word to execute code.