* - Sure that article says "The default answer is Cancel" but it should probably say "The default answer is whatever makes everything appear to work again" which in this case is OK. And the user actually won't have to fix anything in your scenario.
Block every port except 443 and 80... this wouldn't stop all bots, but it should make enough of a difference and still allow users the freedom to even choose AV solutions the ISP may not have heard of (which would be a problem if they used an IP whitelist). Also some injection of HTML content every so often (or a redirect to an ISP server) so the user is warned they have an infection and their internet connection is limited until they take steps to remove the infection. Injection would break some web pages but it would be worth it to warn the user imo.
Although I dislike the idea of Internet Explorer actually becoming somewhat usable, (if there's no villains, there can be no heroes!) I suppose it's better for everyone that it happens. Besides, when everyone improves, consumers are the real winners...
That was a common initial reaction but think of it this way: All the DLC so far has been free, and some of us have only had to pay a one time charge of $20 for three years of one of the best games of all time (well some of us think so). So this is a way for some of us to say "thank you" to Valve for all the free updates.
I won't be getting the $50 thing but I might buy a few lesser-priced things like the trial rocket launcher and maybe a key or two.
Um, they have to spread them out so that the coverage is as close to 100% as possible. Limiting the land they can build in means the optimum coverage is likely far less...
Based on how it worked, it was likely using JavaScript to set CSS styles. So it's not really a far leap of logic that other JavaScript would work too (the key was that it couldn't have spaces in it).
That won't do anything. t.co is only used in order to trick twitter into creating an anchor tag, to which the onmouseover handler can be attached. Since you're on twitter.com the only place an AJAX call can be sent to retweet is... twitter.com. example.com can be used instead of t.co and the exploit would still work the same.
Using NoScript or Google Chrome's Content Settings to block JavaScript on twitter.com is also an option, maybe. Not sure how well twitter.com works that way but onmouseover handlers won't run and AJAX won't work so this exploit is useless then.
I'm sure glad all the tweets about this have the #mouseover hash tag so I can click on it in my client to open the twitter.com web interface and read about how I shouldn't use the twitter.com web interface.
Slashdot Mirror
Web browsers can too. Some bittorrent clients have a web interface.
As long as it would have gotten him jailed for more than 16 weeks, it was worth it.
I'm glad they reminded me it happened on the weekend, I have a short attention span and forgot by the time I reached the end of the first line.
"Expert mode" won't work. Neither will a dialog box.*
* - Sure that article says "The default answer is Cancel" but it should probably say "The default answer is whatever makes everything appear to work again" which in this case is OK. And the user actually won't have to fix anything in your scenario.
Block every port except 443 and 80... this wouldn't stop all bots, but it should make enough of a difference and still allow users the freedom to even choose AV solutions the ISP may not have heard of (which would be a problem if they used an IP whitelist). Also some injection of HTML content every so often (or a redirect to an ISP server) so the user is warned they have an infection and their internet connection is limited until they take steps to remove the infection. Injection would break some web pages but it would be worth it to warn the user imo.
But we already pay for cable/satellite TV... commercials on public airwaves I understand.
Although I dislike the idea of Internet Explorer actually becoming somewhat usable, (if there's no villains, there can be no heroes!) I suppose it's better for everyone that it happens. Besides, when everyone improves, consumers are the real winners...
You sure? I posted this so fast in Chrome my head is still spinning.
And now I'M conscious of my breathing. Now you are too. >:(
That was a common initial reaction but think of it this way: All the DLC so far has been free, and some of us have only had to pay a one time charge of $20 for three years of one of the best games of all time (well some of us think so). So this is a way for some of us to say "thank you" to Valve for all the free updates.
I won't be getting the $50 thing but I might buy a few lesser-priced things like the trial rocket launcher and maybe a key or two.
You sound stressed. You should try playing this game I found. It's very relaxing.
A couple months ago, out of the blue. I changed my password of course
Um, they have to spread them out so that the coverage is as close to 100% as possible. Limiting the land they can build in means the optimum coverage is likely far less...
TinyURL has a cool feature to help with this. For TinyURLs, of course.
Based on how it worked, it was likely using JavaScript to set CSS styles. So it's not really a far leap of logic that other JavaScript would work too (the key was that it couldn't have spaces in it).
And then the virus disables the desktop firewall so it can spread. What's your point?
Firefox already has.
For the super-impatient, a link you can click!
The LHC employs its own SPIES? That's... oh... that's not what it means. :(
No, Chrome has already done that stuff for a while now. This overlays a google search page over your web browser as you type.
Oh fun, the Chromed Bird extension for Chrome will happily inject onmouseover events into its popup HTML too. Good thing extensions are sandboxed.
That won't do anything. t.co is only used in order to trick twitter into creating an anchor tag, to which the onmouseover handler can be attached. Since you're on twitter.com the only place an AJAX call can be sent to retweet is... twitter.com. example.com can be used instead of t.co and the exploit would still work the same.
Using NoScript or Google Chrome's Content Settings to block JavaScript on twitter.com is also an option, maybe. Not sure how well twitter.com works that way but onmouseover handlers won't run and AJAX won't work so this exploit is useless then.
Looks like any JS event for anchor tags can be used (I just made one using the sample seen in the article for an onclick handler that returns false).
I'm sure glad all the tweets about this have the #mouseover hash tag so I can click on it in my client to open the twitter.com web interface and read about how I shouldn't use the twitter.com web interface.