Ok, as I understand it the bug can be exploited by Web sites through downloading specifically designed WMF files? Right?
So get onto your firewall/proxy and block any URL's with WMF in them. Problem solved - unless the WMF bugs relate to non-WMF files (which wouldn't surprise me).
We recently advertised for a graduate developer through a very well known Job Search website at a very well known University (and hospital...). Of the 2 dozen or so replys we got we binned close to half almost immediately simply based on the terrible cover letters (Eg. I would like to work for your Origination). 2 of the applications were Aussies, the rest were foreign students. Out of the dozen or so left (the ones we read past the front cover) only 3 could actually string a sentence together (the 2 Aussies and one Chinese guy on a student visa).
When we interviewed the 3 the Chinese guy had obviously copied his resume from someone else as he hardly spoke a word of English. The other two we pretty much ended up flipping a coin to pick our new employee.
I used to work for the parent company of an IT Employment Agency that organises the immigration of significant numbers of people from India. When their Candidates couldn't find work they'd "organise" a contract with us. Whilst their resumes often looked good (Gee I wonder why) they generally didn't have anywhere near the skills claimed.
I have also worked with alot of the Deadwood (having worked for Aus' biggest Telco and with a few ppl from Big Blue). IMO alot of the dead wood in the market is their because they were released into the market by the transfer from the Telco to the Big Blue.
That being said you hire Graduates because they are cheap - and you train them. If you want someone with experience you go to one of the many Employment Agencies and they'll find more than enough candidates for you.
Yes, you are correct, storing a unique ID for a session (be it the session ID - which may repeat - or an application/database generated value) in a Cookie would be one use for a cookie - but it is not a cookie.
Since you have worked with cookies 'extensivly' I suggeast you take 2 seconds out of your day and do some research about cookie exploits.
I suggest google.
a. I didn't say I used cookies extensively - Though I have (and do) use them quite a bit.
b. I did say it was probably only possible through an exploit - I've found mention of a couple of exploits and they are either VERY old (like your reference) or mentioned in security updates. To base your ability to profile Internet users (like doubleclick) on an exploit would be a great way to have a short career.
Holy crap - you've based your response on an article from June 2000 AND it contains the phrase "cookie program". It still doesn't explain HOW they can exploit to get cookies from other web sites. It implies they store your e-mail address - but it doesn't state how they get it (they user must enter the e-mail address to get it).
If doubleclick were installing a "program" on your machine then that would be akin to Sony's rootkit.
Sure - but then you're only tracking which ad's the user is clicking on (and in the case of google which of the search results you are selecting). Big deal - there's no issue in that. Again you can do that without cookies.
The idea behind the paranoia is that you can track everything a user does in their browser with respect to the sites they visit.
A thoroughly informative and useful article... not
on
More Cookie Investigations
·
· Score: 3, Informative
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits.
Unique ID numbers? Cookies are (essentially) text files, that allow the web developer to write the limited amount of information they can gather on you (or more commonly anything they need to track from page to page) onto your machine so that it can be retrieved at a later date by the same web application that stored them.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session. Shut down and then reopen your browser, and you'll (most likely) get a different session ID. The completely stuffed thing about the paranoia regarding cookies is that any information that the browser could determine about you (IP, the port you are using, the page you last visited in order to get the the current page) could simply be written to the servers database - irrespective of whether or not you have cookies enabled.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
The study, replicated in four different labs, found that homeopathic solutions - so dilute that they probably didn't contain a single histamine molecule - worked just like histamine.
Step 1: Take 10 molecules of the histamine - place in a sterile test tube. (Carefully so as to not drop and lose any molecules)
Step 2: Take another test tube with 100 ml of deionized water.
Step 3: Throw away the first Test tube - just leaving a test tube full of deionized water
Step 4: Administer the deionized water to the patient
The concept of diluting a solution to the point where it "probably didn't contain a single histamine molecule" sounds like absolute hokum to me. Even with a VERY small amount of the original substance you would need to dilute the solution to a point where you had the histamine "concentrated" into one part of the solution, which you then separated from the "clean" part. And for an "imprint" of the substance to be made on the water molecules they would have to "bump" into the substance, and then move into the "clean" part of the solution (which could happen - but really?).
IMO this is actually a case of more evidence for the placebo effect
It is a bit pricey, but it's about the only Beer I can stand. Boag's is popular, as are Carona's (the spelling doesn't look right there) and (yek) VB also seems to be popular (here in Vic at least). In my opinion (not that it counts much) VB is what a Roo produces after you've given it a case of Crownies...
Re:Target Audience: Your Parents & Relatives
on
Firefox Secrets
·
· Score: 1
This is the sort of book that you put in your parents, relatives, or friends stocking to introduce them to Firefox and make it super-easy for them to get started.
The less non "out of the box" software on my parents, relatives and friends PC's, the more time I have for reading/.
If I encouraged the use of ultra configurable software, by non-IT people (ie. friends, family and my parents), I'd be spending all my time fixing the stuff ups. Which is fine, I don't mind helping them with their IT problems - but some of us have to work for a living too.
Very easy - but if the system detects the licence plates and identifies them as being (a) not valid (ie. Not a number in the database), (b) duplicates or (c) stolen - then that would flag the system and tell it to track the plates. Which could then be used to get the Police to investigate.
Not forgetting that if you have the same people working on the same kinds of problems for extended periods of time they develop a certain way of doing things, and a certain set of "beliefs". Someone outside the loop might have a completely different way of thinking about the problems and might be more likely to come up with a completely revolutionary way of accomplishing a goal. And it might be someone who otherwise has no interest or involvement in space exploration, but who is drawn by the "carrot" offered.
As the saying goes, the worlds best motorbike racer has never ridden a motorbike...
Just the Audio would be a plus on races where Channel 10 decides that we don't want to hear the knowledgable and entertaining commentary of Martin Brundle (and the other guy who I've listened to for years but can never remember his name).
But you are correct - at low frames rates you could be looking at the field one frame, and a great big pile of rubble the next. And that would ruin the whole experience.;)
If someone would do this with F1GP (from TV1) then those of us in Oz that are interested in Grand Prix could watch the GP's while they are on (rather than an hour or so after they are finished) and we wouldn't have to put up with the dumb monkeys that Channel 10 (our local F1GP broadcaster) force upon us. We wouldn't have to wait while the previous show ran over by half an hour, or watch the 20 minute intro that shows all the details of the last race we watched.
Whether it's been done before, I think it's a fantastic concept purely for getting rid of the dumb arse Aussie wannabe commentators. (Though Darryl Beattie using the word "Bestest" was amusing...)
Neither I, nor the post I replied to used the word "Hash".
And, as has been pointed out, if you get the list of <encrypted | hashed> passwords, and the code for calculating the <encrypted | hashed > passwords you can use that code to (a) reverse the encryption or (b) hash a dictionary etc. to find hits.
(b) is the premise of how "Passware" works to recover passwords from Excel spreadsheets etc.
Sure, it'll take longer than my suggested 10 minutes (unless you make "password" the first word you hash) but there's probably some pretty determined haxor's out there with nothing better to do.
Slashdot Mirror
Hmm. Run it on Windows and bring real meaning to the Blue Screen of Death...
Yikes. Personally I'd rather just hone my Photoshop skills
Ok, as I understand it the bug can be exploited by Web sites through downloading specifically designed WMF files? Right?
So get onto your firewall/proxy and block any URL's with WMF in them. Problem solved - unless the WMF bugs relate to non-WMF files (which wouldn't surprise me).
We recently advertised for a graduate developer through a very well known Job Search website at a very well known University (and hospital...). Of the 2 dozen or so replys we got we binned close to half almost immediately simply based on the terrible cover letters (Eg. I would like to work for your Origination). 2 of the applications were Aussies, the rest were foreign students. Out of the dozen or so left (the ones we read past the front cover) only 3 could actually string a sentence together (the 2 Aussies and one Chinese guy on a student visa).
When we interviewed the 3 the Chinese guy had obviously copied his resume from someone else as he hardly spoke a word of English. The other two we pretty much ended up flipping a coin to pick our new employee.
I used to work for the parent company of an IT Employment Agency that organises the immigration of significant numbers of people from India. When their Candidates couldn't find work they'd "organise" a contract with us. Whilst their resumes often looked good (Gee I wonder why) they generally didn't have anywhere near the skills claimed.
I have also worked with alot of the Deadwood (having worked for Aus' biggest Telco and with a few ppl from Big Blue). IMO alot of the dead wood in the market is their because they were released into the market by the transfer from the Telco to the Big Blue.
That being said you hire Graduates because they are cheap - and you train them. If you want someone with experience you go to one of the many Employment Agencies and they'll find more than enough candidates for you.
my 2c
If the base of your triangle is so small after 6 months, why not wait a whole year! (yes I am kidding)
Yes, afterall we are all using NC's these days...
Yes, you are correct, storing a unique ID for a session (be it the session ID - which may repeat - or an application/database generated value) in a Cookie would be one use for a cookie - but it is not a cookie.
Actually, contrary to what the "experts" may believe is the case, it's the consumer that makes this decision.
Since you have worked with cookies 'extensivly' I suggeast you take 2 seconds out of your day and do some research about cookie exploits. I suggest google.
a. I didn't say I used cookies extensively - Though I have (and do) use them quite a bit.
b. I did say it was probably only possible through an exploit - I've found mention of a couple of exploits and they are either VERY old (like your reference) or mentioned in security updates. To base your ability to profile Internet users (like doubleclick) on an exploit would be a great way to have a short career.
Holy crap - you've based your response on an article from June 2000 AND it contains the phrase "cookie program". It still doesn't explain HOW they can exploit to get cookies from other web sites. It implies they store your e-mail address - but it doesn't state how they get it (they user must enter the e-mail address to get it).
If doubleclick were installing a "program" on your machine then that would be akin to Sony's rootkit.
Sure - but then you're only tracking which ad's the user is clicking on (and in the case of google which of the search results you are selecting). Big deal - there's no issue in that. Again you can do that without cookies.
The idea behind the paranoia is that you can track everything a user does in their browser with respect to the sites they visit.
Cookies are unique ID numbers that a remote Web site hands a browser, which automatically regurgitates them upon subsequent visits. They can be used for something as innocuous as permitting someone to customize a Web site's default language for return visits.
Unique ID numbers? Cookies are (essentially) text files, that allow the web developer to write the limited amount of information they can gather on you (or more commonly anything they need to track from page to page) onto your machine so that it can be retrieved at a later date by the same web application that stored them.
The Unique ID number they are talking about is actually the Session ID allocated by the server that identifies an individual browser session. Shut down and then reopen your browser, and you'll (most likely) get a different session ID. The completely stuffed thing about the paranoia regarding cookies is that any information that the browser could determine about you (IP, the port you are using, the page you last visited in order to get the the current page) could simply be written to the servers database - irrespective of whether or not you have cookies enabled.
In the worst case, they can be used to invade privacy by correlating one person's visits to potentially thousands of different Web sites.
OMG - that'll end civilisation as we know it! Of course this assumes that some can get their hands on ALL your cookies. Perhaps with Netscape it wasn't so hard given they were all stored in a single file - but I would think (I've never tried myself but the how of it is not obvious) you would need some sort of ActiveX control or an exploit of some kind to be able to access Cookies other than those from your web site.
He will have to do 100 hours of community service, and apologize for the blog posts.
Here in Oz you have to prove you're a lowlife scum to get 100 hours community service.
That's also the same sentence given to the Author of the Sasser/Netsky worm.
So given this blogger got the same penalty - MAYBE THEY SHOULD HAVE LOCKED THE SCUMBAG UP! (</sarcasm>)
Theory
Not a good idea - Evian would cost too much, better to use tap water. ;)
The study, replicated in four different labs, found that homeopathic solutions - so dilute that they probably didn't contain a single histamine molecule - worked just like histamine.
Step 1: Take 10 molecules of the histamine - place in a sterile test tube. (Carefully so as to not drop and lose any molecules)
Step 2: Take another test tube with 100 ml of deionized water.
Step 3: Throw away the first Test tube - just leaving a test tube full of deionized water
Step 4: Administer the deionized water to the patient
The concept of diluting a solution to the point where it "probably didn't contain a single histamine molecule" sounds like absolute hokum to me. Even with a VERY small amount of the original substance you would need to dilute the solution to a point where you had the histamine "concentrated" into one part of the solution, which you then separated from the "clean" part. And for an "imprint" of the substance to be made on the water molecules they would have to "bump" into the substance, and then move into the "clean" part of the solution (which could happen - but really?).
IMO this is actually a case of more evidence for the placebo effect
Here, here.
It is a bit pricey, but it's about the only Beer I can stand. Boag's is popular, as are Carona's (the spelling doesn't look right there) and (yek) VB also seems to be popular (here in Vic at least). In my opinion (not that it counts much) VB is what a Roo produces after you've given it a case of Crownies...
This is the sort of book that you put in your parents, relatives, or friends stocking to introduce them to Firefox and make it super-easy for them to get started.
/.
The less non "out of the box" software on my parents, relatives and friends PC's, the more time I have for reading
If I encouraged the use of ultra configurable software, by non-IT people (ie. friends, family and my parents), I'd be spending all my time fixing the stuff ups. Which is fine, I don't mind helping them with their IT problems - but some of us have to work for a living too.
Very easy - but if the system detects the licence plates and identifies them as being (a) not valid (ie. Not a number in the database), (b) duplicates or (c) stolen - then that would flag the system and tell it to track the plates. Which could then be used to get the Police to investigate.
You could always google for it.
"What happened to the Earth shattering Kaboom?"
Not forgetting that if you have the same people working on the same kinds of problems for extended periods of time they develop a certain way of doing things, and a certain set of "beliefs". Someone outside the loop might have a completely different way of thinking about the problems and might be more likely to come up with a completely revolutionary way of accomplishing a goal. And it might be someone who otherwise has no interest or involvement in space exploration, but who is drawn by the "carrot" offered.
As the saying goes, the worlds best motorbike racer has never ridden a motorbike...
Just the Audio would be a plus on races where Channel 10 decides that we don't want to hear the knowledgable and entertaining commentary of Martin Brundle (and the other guy who I've listened to for years but can never remember his name).
;)
But you are correct - at low frames rates you could be looking at the field one frame, and a great big pile of rubble the next. And that would ruin the whole experience.
If someone would do this with F1GP (from TV1) then those of us in Oz that are interested in Grand Prix could watch the GP's while they are on (rather than an hour or so after they are finished) and we wouldn't have to put up with the dumb monkeys that Channel 10 (our local F1GP broadcaster) force upon us. We wouldn't have to wait while the previous show ran over by half an hour, or watch the 20 minute intro that shows all the details of the last race we watched.
Whether it's been done before, I think it's a fantastic concept purely for getting rid of the dumb arse Aussie wannabe commentators. (Though Darryl Beattie using the word "Bestest" was amusing...)
Neither I, nor the post I replied to used the word "Hash".
And, as has been pointed out, if you get the list of <encrypted | hashed> passwords, and the code for calculating the <encrypted | hashed > passwords you can use that code to (a) reverse the encryption or (b) hash a dictionary etc. to find hits.
(b) is the premise of how "Passware" works to recover passwords from Excel spreadsheets etc.
Sure, it'll take longer than my suggested 10 minutes (unless you make "password" the first word you hash) but there's probably some pretty determined haxor's out there with nothing better to do.