devitry.com

Tech in the country. Programming & Technology inovations.

Wednesday, February 27, 2002

More insecurity at The New York Times. Glad I already unsubscribed. As mentioned here earlier, NYTimes.com does not protect the user's data it has. It doesn't even protect it's employees and sources data. As I have said before: front end insecurity (i.e. XSS vulnerablities) can foretell more insecurities throughout the organization. If a company doesn't keep up-to-date on security measures currently available, it can't be trusted with your data.

Wednesday, February 20, 2002

Microsoft is tracking what DVD's you watch!! Each time you play a DVD in your windows machine with WMP 8.0+, it will phone home to Microsoft. This is not reported in their Privacy policy.. Is the next step to disable you from playing DVD's they don't want you to watch? Has MS already taken over the world?

Tuesday, February 19, 2002

Our RunABot project is starting to get some more coverage. BBSpot.com, ChelleCam, AliceBot.org, LinkFilter and even Dragon-warrior.com are all in the know. Lot's of new cool stuff have been added recently including: Figlets, Hangman, Fortunes, Translations and even a calculator!

Wednesday, February 13, 2002

Microsoft Passport / IM Virus Sweeps Net. I suggest you go offline if you are running MS Instant messenger. This virus travels through the hole in IE and accesses your Passport email address, sends the virus link to all your buddies and sends your email off to who knows where!

Tuesday, February 12, 2002

Futurama got canceled? - Oh no!!! That's one of the few shows I watch! I'll have no reason to watch fox anymore. Write your fox person if you want it to stay on the air.

Friday, February 08, 2002

Execution of exe via HTML in IE 5.5 and 6.0 has been found. This is quite a security hole if true. While quite a complex seeming attack involving js and loading of temporary files, attack code could be small 500byte file.

Thursday, February 07, 2002

CSS problems in pop servers, which then make the whole domain insecure. One can force a web browser to send commands to a POP (mail) server. The POP server of course was never meant to be CSS safe. Time to put a fix in the browser? I've been telling MS for months. Update: Let's call Cross Site Scripting XSS from now on.

Developers wanted! It seems that the economy is starting to turn around and companies are melting their hiring freezes. The one I work for is currently looking to hire two dozen folks. If you can program java, work in NJ and be able to handle a regular workday, let me know!

Monday, February 04, 2002

Microsoft .NET has CSS holes!! This couldn't be worse if you actually want to keep your data secure. Like I said before. DON'T TRUST MICROSOFT WITH YOUR DATA!!! If you do, you are an idiot. Really. Oh, yeah, and microsoft.com has holes as well, and I told them about MONTHS ago. Maybe they will spend this month closing this hole, but you can believe they won't get all of them.

Saturday, February 02, 2002

NewsBytes: Top News Sites Close Script Hacking Hole discusses the "subversion of information attacks" that are possible with Cross Site Scripting. Covering the holes in nytimes, msnbc and washingtonpost.com.