An Amazing little flaw, that could be very, very dangerous.
http://www.insert-title.com/web_design/default.aspx?page=articles/dev/danger
Holy @%&!
<button onclick="location.href=
unescape('http://www.microsoft.com%01@
insert-title.com/web_design/default.aspx?page=articles/dev/danger');">
Danger
</button>
Notice the address bar after clicking....
I am sure you can see very clearly why I say this is a very dangerous bug...
But in case you're not sure... imagine..
You're grandma gets an email that says it's from her bank or paypal or ebay or anywhere else you may utilize the benefits of online shopping or banking.
Why wouldn't she trust it?
Why wouldn't I?
Thanks to ZDnet for making me aware of this
01.24.04
Microsoft has admitted that it is still unable to release a fix for a serious flaw in Internet Explorer (IE) that allows hackers to clone websites. Security experts notified the software giant about the vulnerability, exploited in so-called 'phishing' attacks, early last month.
The company was expected to solve the problem in its monthly security bulletin last week, but it failed to appear.
If Microsoft decides not to release the patch until its next security bulletin, users will have to wait until at least 10 February for a solution.
"We know, and have recorded, that there is an issue and a problem, and we are working on a patch that will be issued as soon as possible," Stuart Okin, chief security officer at Microsoft UK.
The IE flaw allows websites to be copied and passed off as the real thing. Fraudsters send emails to consumers claiming to be from a bank or other organisation, with a link to the spoofed site asking for details such as security information and passwords.
Companies hit by phishing attacks in recent months include Visa, CitiBank, Lloyds TSB, Barclays and eBay.
Okin is unclear about the progression of the IE patch, or when it will be released.
"We haven't decided if it will be out of the monthly patch cycle or within the main release. This will be based on consumer feedback," he said. Security experts believe that the flaw has serious implications that could damage consumer trust in the internet. "I think this is a major problem," said Dinis Cruz, chief technology officer at security firm CISSP.
"It has the potential to affect the amount of trust consumers have in the internet. Once you break that trust, it is very hard to get it back."
I'm into minature gaming, these models are made out of paper, Pretty cool huh.
http://www.ebblesminiatures.com/
MB
I had a Blast! at Vegas!!!
We stayed at the Boardwalk hotel/Casino (A great spot if you're on a budget) It was not the nicest place on the strip, but the location was perfect. (A block from Ballagio, New York New York, Monte Carlo and a tram to a few other casinos)
I was on a roll! but My Lady was not, so for every dollar I won, she lost. So we broke even. But we had a GREAT time!
Took about a $1000 out there came back with around $800 in cash, (That's including all events, food but not the room or the flight)
I would recommend this to anyone that enjoys gambling evena lil bit!
Markus
So I'm going to Vegas tomorrow and I tell myself I gotta break this losing streak before I go. (I'm down $50)
I logon to PartyPoker.com and enter into a $10 turney. I get to 4th place, no prize I sit back and think about how I lost, hummmm.
I enter into a $5 turney and bet only when I have a good head. I come in 3rd, $10 winnings. I'm up $5 for the night.
I play another $5 turney, but this time I bluff a little, lose.
I go back to the $10 turney and play only good hands. I win.
Rules to self:
When playing poker only bet when you hold one of the better possible hands. Fold to a show of strength.
Bluf only when all signs point to every one being weak.
I wil test these rules out somemore tonight and let you know how it goes.
Someone mentions more about this in another post, I just thought I'd remind everyone again.
VB 2005 Beta Edition - http://lab.msdn.microsoft.com/express/
Went to my local hobby shop to play Hero Clixs yesterday. (For those of you not geekish enough, imagine playing minature soldiers with a lot of rules and dice, then turn the soldiers into comic book characters and put them on a printed map, add objects that superhero's could through around, and u got some good clean fun.)
I always lose, but I'm always coming in 2nd, Of course seconds wins you squat, and first place gets you a free figure.
Well yesterday it hit me as to why I lose, the game hinges around a point system. You recieve points as you defeat people. I usually only play to “win” the immediate game. This means once I kill off your high point character, I play defensivly.
I win almost every match that I play, but I lose the tournament. Winning my battles but losing the war.
I wonder where else in life I do this.
Just a Daily Musing
Yeah!!!!
I'm going to vegas for the 4th of July. Managed to get tickets from NC for $187 a person. (Thanks to travelocity)
I'm staying in the Boardwalk hotel. (Not the nicest place, but a great location!) Got that for $75 a night.
I'm psyched!!!
Any suggestions of things to do (besides gamble *grin*) would be much appreciated!
I'm a craps player at heart!
I was listening to NPR the other day and they reported about a killer whale that's stuck in a harbor. Evidently the Fishing Department is trying to catch the whale in a large net?? and fly him back to the ocean to get with his pod. (BTW: A pod is a herd of whales, as I understand it *grin*)
Anyway, this native american chief happens to die the day the killer whale gets stuck in the harbor. The Cheif tells his people that when he dies he will come back as.... u guess....a killer whale.
So the government hires the best “whale bounty hunters” (NPR's quote) to hunt for this whale while the indians paddle on canoes in the harbor, “singing” the whale away from the bounty hunters.
As if that's not comical enough.
The whale has been stuck for 3 years and evidently he's gotten a bit human friendly. It is reported the people have tried to brush the whale's teeth.
One guy even went so far as to pour beer down the whale's blow hole.....HOW DRUNK DO YOU HAVE TO BE TO TRY THAT?!
“Hey Bob, check it out a killer whale.....I wonder how much it takes to get it drunk...paddle on over there and find out for me will ya”
Anyway, I bought wrecked my car I was laughing so hard from the news report.
Markus
Not much going on in the last few days..but I did manage to do some surfing.
Found this unique chat site, you walk in virtual rooms and chat. Unfortunatly it seems to be filled with teens most of the time.
http://www.habbohotel.co.uk/habbo/en/
Calling me with a question --- $10
Calling me with a stupid question -- $20
Calling me with a stupid question you can't quite articulate - $30
Implying I'm incompetent because I can't interpret your inarticulate problem description - $1000 + punitive damages
Questions received via phone without first trying help desk - $10.00
Questions where answer is in TFM - $100.00
Calling me back with the same problem *after* I fix it once - $100
Insisting that you're not breaking the software, the problem is on my end somehow - $200
Asking me to walk over to your building to fix the problem - $5/step
Asking me to drive to another town to fix your problem - $50/mile + gas
If you interrupt me while I was trying to actually fix somebody else's problem - $45/hr
If you try to hang around and get me to fix it now - $50/hr
If you expect me to tell you how I fixed it - $60/hr
If you've come to ask me why something isn't working that I'm currently working on - $70/hr
If you're asking me to fix something I fixed for you yesterday - $75/hr
If you're asking me to fix something I told you I fixed yesterday, but never did fix - $85/hr
If you're asking me to fix a quick patch that I made that didn't work - $95/hr
If you're bugging me while there's another admin in the room who could have done it for you - $150/hr
Making me trek to your office to fix your problem then leaving immediately after hanging up the phone - $1500.00
Calling up with a problem which "everybody" in the office is having and which is "stopping all work." Not being there when I rush over to look at it and nobody else in the office knows anything about it. - $1700.00
Explaining a problem for 1/2 hour over the phone BEFORE mentioning it's your personal machine at home - $500.00
Self-diagnosing your problem and informing me what to do - $150.00
Having me bail you out when you perform your own repairs I told you not to do - $300.00
Not telling all of your co-workers about it - $850.00
Figuring out you mean floppy drive when you say hard drive - $50.00
-- AFTER I order your replacement hard drive - $250.00
Fixing your "broken" mouse with a mousepad - $25.00
Fixing your "broken" optical mouse by rotating the mousepad 90 degrees - $35.00
Fixing a "broken" mouse by cleaning the rollers - $50.00
Fixing your "broken" printer with an ink/toner cartridge - $35.00
Fixing your "broken" ANYTHING with the power button - $250.00
Fixing the "crashed" system by turning the external disk back on - $200.00
Fixing the "hung" system by plugging the ethernet transciver back in - $375.00
Fixing the crashed nameserver by plugging back in the SCSI cord someone accidentially yanked out on Friday afternoon when the 'real' sysadmin has just left for a two week vacation - $400
Visiting your old university and fixing the broken PC by plugging the monitor lead back in - $50
Explaining that you can't log in to some server because you don't have an account there - $10
Explaining that you don't have an account on the machine you used to have an account on because you used it to try to break into the above server - $500
Forgetting your password after it was tattooed on your index finger - $25
Changing memory partitions without informing me first - $50
Installing programs without informing me /getting permission first - $100 per program
Technical support for the above programs - $150 per hour (regardless of whether I know the program or not)
Spilling coke on keyboard - $25 plus cost of keyboard
Spilling coke on monitor - $50 plus cost of monitor
Spilling coke on CPU - $200 plus cost of motherboard swap plus hourly rate of $150 per hour spent reinstalling the system
Leaving files on desktop - $5 per file, $10 per day the file is left unclaimed
Bringing in your own copy of the original Norton Utilities v1.0 to fix a brand new machine - $200
Chewing on the end of the graphic tablet stylus - $25
Putting feet up next to workstation after ten mile jog through NYC streets - $50
Spending 30 minutes trying to figure out what your problem is, and another 5 explaining how to verify and fix it, only to hear you say... "So that's what the little box that popped up on my screen was telling me to do!" - $400
Listening to your network troubles, suggesting that you check to see if you are plugged into the network jack, hearing yes, trying five other things, asking you to identify your plug type, listening to you drag furniture, and hearing a sheepish, "Oops. Nevermind." - $35 (including discount for polite apology)
Dealing with tech support requests for obviously pirated software - $25
Dealing with "How can I get another copy of [obviously pirated software]? Mine just died." requests - $45
Having to use the "We're really not the best people to talk to about that; why don't you try calling the number on the box in which you bought it?" line - $55
Actually needing to explain copyright law to you after you failed to get the hint in the previous response - $95
Having to point out anything that's on the wall in a typeface larger than 18 points - $15
If I wrote the sign - $45
If it's in a 144 point font and taped to the side of the monitor facing the door - $75
Reporting slow connection by passenger pigeon packets to MPEG archive in Outer Slobavia as a Mosaic/Netscape/Gopher/FTP client problem - $25.00
Reporting it more than once - $50.00
Reporting it more than once and implying slothfullness on tech support's inability to solve problem - $200.00
Beeper Prices:
Beeping me when I'm out with the significant other - $50
Beeping me when I'm out of town and I took pains to insure that help files were left all over and that diagnostics had been run on all machines before I left - $100
Beeping me more than once to tell me that the printer's offline and the fix is to press the On Line button - $200
Beeping me more than once while I'm asleep - $50 per beep
Beeping me and not identifying yourself within the first 5 seconds - $25
Beeping me and then changing your story / denying you placed the call / hoped I would forget who caused the problem - $500
Special Rates:
Dealing with user body odor - $75.00/hour
Dealing with user not familiar with the primary language spoken at site - $50.00/hour
Dealing with user who is (self-proclaimed) smarter than you are, but still calls every other day for help - $100.00/hour
Dealing with computer hobbyists - $125.00/hour
Questioning the other prices -- $50
So yesterday I come in to work and I have no access to the network. It allows me to login in with my account but when the domain admin tries to login it says “Incorrect Password”. That was very odd!
Of course no one knows the local admin password, so I'm stuck!
As a none admin around here I don't have permissions to install or even look at my network settings (even though I'ma developer, it was deemed that I did not need that permission, in spite of the fact that I do COM programming, that rant is for another time)
3 hours later, after I reformatting and installing Win XP Pro, same problem.
I convince the boss to call a networking guy to come in and look at it.
2 hours later he walks up to my desk with a yellow cat5 cable. It's got a sticky note wrapped around it that says “DO NOT USE, BROKE!“ He's grinning!
He tells me that the cord was used to route my port to the router from the switch. (Evidently we go through 3 routers before we get out of the building.) This cord was located in the telephone closet on the other side of the building.
Man do I hate Mondays!
MB
In my very humble opinion keeping things simple is wiser.
I'm at work and we are debating using a third party active x controll to display info to our users. Now I have nothing against the grid controll we wish to work with, except that it seems to constantly give us problems. (They are loaded with a recordset which is created client side using a variety of protocals (ADO-XML, RDS or XMLHttp).
For the most parts these grids look just like HTML tables, so I'm thinking to myself, why not just use server side code and HTML to display the info.
Of course then we don't have a distinction between our visual layer and the business layer (or so my Co-Worker tells me), Plus they say all the functionality is allready built into the grid (number formatting, date formatting, etc...) Where as we'd have to build it in the HTML tables.
I like to keep things very simple and HTML and Server Side Recordsets sound simple to me. But I'm young in this game so I can be wrong (as I often am *grin*)
MB