I saw a rather interesting dirty trick today on a phishing site today. The Favicon for the site was the exact same padlock image that is normally shown for a secure website. While the site couldn't turn the address bar green, it is certainly praying on the habit people are developing with IE7 and Firefox to look for security info in the address bar.

Closing Windows and Confirmation Boxes
Ever notice how a script that attempts to close a window will at times generate a confirmation and other times not?

Here's why: IE for windows and NN 4.x browsers do not allow a non-JavaScript-generated window with more than one page in its history to be closed without asking the user for permission via a confirmation box. In other words, scripts cannot close a main window unconditionally.

The MSIE Work Around
To determine whether or not a window is a main window, Internet Explorer checks to see if the window has an opener. Since windows that have openers can be closed unconditionally, the solution is to make Explorer think a main window has an opener. That is accomplished by giving a phantom opener a value, in this case, an empty string:

Something I didn't even know to go looking for before I read the IE7 release notes.

Unconditionally closing the browser with IE

Functionality Removed and Changed

Functionality Removed and Changed in Internet Explorer 7

Looking at whats been removed from IE7 is a good way to find problems in IE6. I'm looking at you XBM...

Release Notes for Internet Explorer 7

Booo-BOOOO-BEEEP

We're sorry, the person you are trying to reach, Billy Hoffman, is on a 2 week honeymoon with his new bride. There is no forwarding number. Please try your call again later.

Thank you for using Bellsouth

--timball

billy's bachelor party

There are no places near SPI that are open at 4:30am and sell Redbull. And that makes me a sad panda. I'm also at work a 4:30am, which makes me a tired, burned out, holy-shit-I-need-some-caffeine panda as well...

... and I'm incapable of fixing XSS vulnerabilities that were reported to me 8 months ago!

... oh wait. That's an old picture, here you go:

It's offical: Quasimodo runs for president!

With the release of kernel 2.6.17, there’s new functioanlity to add a device (dpartition) to a RAID 5 array and make this new device part of the actual array rather than a spare.

My HOME directory is mounted on a 3×70gb SCSI RAID5 array. so I tried adding a further drive.

Although with the release of mdadm > 2.4 the only real critical part of the process is safer (it backs up some live data that is being copied), I didn;t fancy risking growing a mounted array. So I did plenty of backups, then switched to single user run level.

Basically the step includes adding a disc to the array as a spare, then growing the array onto this device.

mdadm --add /dev/md1 /dev/sdf1
mdadm --grow /dev/md1 --raid-devices=4

This then took about 3 hours to reshape the array. The filesystem the needs to be expanded to fill up the new space.

fsck.ext3 /dev/md1
resize2fs /dev/md1

I then remounted the drive and wahey. Lots extra space….! Cool or what

Growing a RAID5 array

At work today:

Steve: Billy, I've got a question about SQL Injection false positives
Me: [not looking up] HTTP 302, Nidhi Shah [points to Nidhi]
Steve: ... ... Did you just reply with an HTTP redirect?
Me: ... Maybe
Steve: Do you know how dorky that is?
Me: ... Maybe
Steve: [starts to leave] ... [stops] ... You know you got the syntax wrong right?
Me: Who's being dorky now Steve!