November 2004 Blog Posts
Benjamin Edelman took a standard, unpatched install of XP and pointed it at one single website known to contain spyware. He wrote up and even produced a 8 minute video of the results. In his testing, at least the following programs were installed through the security hole exploit: 180solutions, BlazeFind, BookedSpace, CashBack by BargainBuddy, ClickSpring, CoolWebSearch, DyFuca, Hoost, IBIS Toolbar, ISTbar, Power Scan, SideFind, TIB Browser, WebRebates (a TopMoxie distributor), WinAD, and WindUpdates. That's the same WindUpdates that are faking system dialogs in order to get users running SP2 to install their spyware. This would be amusing if it wasn't...
I had a comment from Steve Robertson dropped on my WPA cracked entry. He's running a very interesting service, a public radius server. I've though about running an open wireless network before, I have the infrastructure (well the bunch of cables, switches and firewalls, calling the cable mess infrastructure is being kind) to isolate a public access point from the rest of my network and to throttle the bandwidth and control easily abused protocols like SMTP. I've even thought about limiting outgoing traffic to HTTP(S) and the common IM programs but the concern has always been abuse. You don't know...
Well it would be, if the server had stood up to the load. Get in line.
Oz gets Halo2 at midnight their time, as does the US. The UK has to wait till Thursday. No doubt blogs will be full of discussions on the plot which will completely spoil it for those of us waiting.
Just back from seeing The Polyphonic Spree, at the Astoria in London, resplendent in Technicolor™ robes. Damn they were energetic. Before the encore they wandered through the audience. The audience was hanging on for Soldier Girl, heck it wasn't really a concert it was a mass sing along. Highly recommended.
Wi-Fi network news reports the folks who wrote tinyPEAP, a firmware replacement for two Linksys router models that has on-board RADIUS authentication using 802.1X plus PEAP, released a WPA cracking tool. So now what, do we all have to start running radius servers at home? No, it only cracks weak passwords, those choosen from dictionary words. WiFi encryption really bugs me. We're told to use WPA instead of WEP, but there are problems with that, we have to find drivers that support it (and Toshiba UK are never up to date with driver downloads, you end up having to trawl...
Looks like Euan Garden has moved his blog sideways onto the MSDN blog host. He's speaking at Thames Valley Park this week. It's a free event, run by the UK SQL Server user group. Euan's a great speaker, he is passionately involved in the topics he speaks on and it shows, so if you're interested in Yukon and near Reading on the 10th November register and go see him. He doesn't even mind the odd email (he confirmed I should log the ado.net filter bug) and responds damn quick for someone who has his head down in each Yukon build....
Following on from DataSet date filtering is not culture sensitive I did some asking of people I know at Microsoft. They suggested I log a bug report. That's a lot easier now, as bug logging for all the .net framework 2 betas are open to the public at lab.msdn.microsoft.com. So I present to you Bug Details: ADO.Net view filtering is not culture sensitive. Go vote on its importance.
Why aren't banks implementing SPF? The number of fake emails I get pretending to be Citibank is obscene (especially as they're mainly a US bank). There are attempts on UK banks, Barclays being the main one I see.
There's no real excuse not to implement it, you're not going to loose incoming mails and you are going to protect your users.
As an aside the hotmail setup is strange, why check incoming mails for a matching SPF record if you're not going to provide an SPF entry yourself? That's halfhearted at best. What they're doing is saving their bandwidth so they don't...
The proliferation of various blog portals (for want of a better phrase) is getting silly, I only have four listed on the home page but there are easily 20 more. The effort to go around claiming your blog on every one is just too much. Are they rapidly become the equivalent of the old "web site x's pick of the day"? Does it mean that much to stake your claim on Jimbob's blog-search-o-rama. At least with technorati you get a small benefit in tracking links back to you, but it's very dependant on getting pings. blogstreet seems to be...
Especially Steve Roberts. I knew a couple of friends subscribe to my feed, but it's nice to be shocked to see someone else comment then find they are stalking me via RSS. So come on, speak up, who else is there, or is it just Steve, StephBu, MarkB and the wife?
So I knew I could upgrade my phone this month I just needed to know when. One call to Orange customer support to check the date and cost and I managed to get an upgrade free, one nice new C500 arrives. I was quoted 3 days for delivery but it arrived today, in less than 24 hours. I had
problems with my original Microsoft smartphone but frankly once you have easy synchronisation with Outlook it's addictive, I didn't want to give it up. So time to try again, despite Scoble's raving about it.
So lets see after the e200 problems is...