| |
| Current Topic: Technology |
|
Microsoft Opens IE Bug Database!!! |
|
|
|---|
| Topic: Technology |
10:45 am EST, Mar 28, 2006 |
You know that scene in Die Hard when Alan Rickman and crew finally gets the vault open? Remember how Fur Elise starts playing and the robbers see stacks and stacks of bearer bonds? This is totally like that. Microsoft Opens IE Bug Database
Users will be able to report bugs found in the Web browser. To post or view bugs, users must sign up for a Passport account on the Microsoft Connect Web site. "Many customers have asked us about having a better way to enter IE bugs. It is asked, "Why don't you have Bugzilla like Firefox or other groups do?" said the Microsoft blog post. Microsoft is only accepting bug posts for Internet Explorer 7 and future versions.
This is interesting. IE 7 is a 1.0 product in a 7.0 wrapper. There are going to be lots of bugs MS's QA department just didn't get to. More importantly, there will be more bugs than they can fix. There will be a backlog that is ripe for 0day. This will make for interesting things in the Layer 7 world. Microsoft Opens IE Bug Database!!! |
|
Search for authors on the web... WTF is the hold up? |
|
|
|---|
| Topic: Technology |
12:40 am EST, Mar 20, 2006 |
Ever read something you liked on the Internet? A random op-ed piece, blog post, comment. How do you search for other things that author wrote? ... If you half way through saying "well, type their name in quotes in to Google..." just stop and think about that. Why do I have to sift through the noise of things that mention someone to find what they actually write. Maybe someone writes on numerous sites (Memestreams, the supernicety, MySpace). Maybe they use different names (Billy Hoffman or Acidus, Mike Lynn or Abaddon). Why can't I tell Google "Find me everything that Billy Hoffman wrote?" Why hasn't anybody fixed this? Dubin Core, RSS schemas, HTML <META> are all there. Why wasn't anyone compiled this? Check with me in a few more weeks... |
|
Algorithm for pluralizing English words |
|
|
|---|
| Topic: Technology |
9:21 pm EST, Mar 19, 2006 |
Are you working on a project where you need to pluralize a word? While I've done the research for you Easy site - Just covers nouns, lots of examples, easy to read Academic paper - covers verbs too, but a tougher read. Luckily, they wrote a Perl module in CPAN |
|
Scary DNS attack really quite stupid. |
|
|
|---|
| Topic: Technology |
4:50 pm EST, Mar 16, 2006 |
First detected late last year, the new attacks direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope. In one of the early cases examined, the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents. Name servers are specialized computers that help direct Internet traffic to its destinations. The attacker then sent falsified requests to the compromised directory computer, which unleashed overwhelming floods of amplified data aimed wherever the attacker wanted.
Saw this on Slashdot which makes 2 "serious security issues" reported there in the last 2 days that aren't a big deal. In case you didn't get the memo, you can use DNS poisoning to launch DDoS attacks. The silly part is if you can do DNS poisoning you have man-in-the-middled everyone (cert sigs excluded). You already won so whats the point? Scary DNS attack really quite stupid. |
|
RFID + SQL Injection = Media Hype |
|
|
|---|
| Topic: Technology |
3:35 pm EST, Mar 15, 2006 |
In their research paper Mr Tanenbaum and his colleagues Melanie Rieback and Bruno Crispo detail how to use RFID tags to spread viruses and subvert corporate databases. "Everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software and certainly not in a malicious way. Unfortunately, they are wrong," wrote the trio in their research paper. The researchers showed how to get round the limited computational abilities of the smart tags to use them as an attack vector and corrupt databases holding information about what a company has in storage. To test out the theory the group created a virus for a smart tag that used only 127 characters, uploaded it and watched it in action.
This is not as cool as it sounds. In English, Tanenbaum is saying this: -RFID tags simply contain a serial number
-This serial number, when read, normally ends up in some kind of SQL statement. For nontechs, this just means the number is looked up in a big database
-I can create an RFID tag that has a malformed number and some SQL code.
-When this value gets to the database, the SQL in the RFID tag will be executed. This is known as SQL Injection SQL Injection is certainly dangerous, but this vector limits what you can do. You really have a single direction communications tunnel. You tell the database to do something. The database has no easy way to get information back to you. Yes, there are rather complex ways to get a database to execute external commands which might be able to connect out to the Internet and return information to you. This would be extremely vendor specific, require a lot of code on the RFID to hold the attack, and isn't a very worm-friendly attack vector. Because of this one way communication limit, this vector cannot easily be used steal information out of a database. It also means you can't use traditional SQL Injection methods to determine database structure. You would already need to know the application you are attacking. Basically you are reduced to either editing or deleting information from the database. Nasty forms of SQL Injection exist and there are much better vectors than RFID tags to do it with. RFID + SQL Injection = Media Hype |
|
Mono supports some of ASP.NET 2.0 |
|
|
|---|
| Topic: Technology |
11:50 am EST, Mar 13, 2006 |
ASP.NET 2.0 Work has started in some of the features of 2.x in Mono. To run these applications you must use xsp2 (which loads the 2.x assemblies instead of the 1.x assemblies). Current features: * Client callbacks.
* New Configuration engine (partial)
* New controls:
o ButtonField
o CheckBoxField
o DetailsView
o FormView
o GridView (client and server side sorting)
o HyperlinkField
o ImageField
o Menus
o MultiView
o TemplateField
o Trees
o View
* Masterpages
* Two-way bindings
* ObjectDataSource
I was very pleased to see Mono supported from of the 2.0 framework. Has anyone here do any work using Apache and mod_mono? How well does it scale? Any major projects using this setup? Mono supports some of ASP.NET 2.0 |
|
Stanford's CS345 - The Web Crawling/organizing/Searching bible |
|
|
|---|
| Topic: Technology |
5:04 pm EST, Mar 9, 2006 |
This is incredible! Crawling issues Scalable crawling of unlimited sized Internet, algorithm for "freshness" and determining duplicates in dynamic pages PageRank a nice supplement to my other meme for the academic paper about Google. The best part: it's my job to read this stuff! Stanford's CS345 - The Web Crawling/organizing/Searching bible |
|
|
|---|
| Topic: Technology |
6:00 pm EST, Mar 8, 2006 |
Microsoft is not passionate about Tablets. MS's marketing department is passionate about Tablets. They had a memory leak which causes XP Tablet edition to need a daily reboot which they refuse to patch for over a year! MS has created a .NET framework for compact devices that they themselves don't even use. So what's with this complete disconnect between MS's words and MS's actions when it comes to Tablets? In case you couldn't tell MS is not Apple. They sell software. Don't be fooled by the XBox. Game consoles are the ulitmate example of selling hardware simply to sell more software. MS is and always will be a software company. For this reason it is not in Microsoft's interest to personally bootstrap the raise of the Tablet PC. Unlike the XBox, it doesn't position their technology into a new space. Why? Well what does everyone say Tablets will replace? Not laptops but that weird gray area of PDA/Cell Phone/gadgetry. Microsoft is already mature in this area; they are selling plenty of licenses for PDA style devices and cell phones. Changing all of those licenses into Tablet licenses doesn't make them any more money. Since it doesn't create a new space for them MS would needto increase sales volumne to actually make money off a "Tablet revoltion." Since they aren't creating a new space, this means more people would need to buy tablets than cell phones when replacing older devices. Can you put a Tablet in your pocket? JaneLane can keep her Razr in her jeans, which I might add are tight sexy jeans with tiny non-functioning girl pockets! Have you seen pockets on girl's jeans? Crazy! It easy to say that Tablets, for the foreseeable future, are going to remain in an extreme niche market. So if the economics of Tablets don't make sense, they why does MS seem to care about them much? Two reasons really: 1) MS is making sure that the devices which cause any market share gain for Tablets at the expense of PDAs or cell phones are running some Windows OS. The percentages of the licensing pie may change, but the overall pie stays the same. 2) Tablets are just a marketing campaign. MS throws enough resources at them to look cool and hip and trendy. The truth about tablets |
|
I know I'm on to something good... |
|
|
|---|
| Topic: Technology |
12:16 am EST, Feb 24, 2006 |
..when I talk with Decius and he simply replies: "Billy, whatever you are planning here, it should never get released. EVER." You need to know how to destory the Internet to make it better. |
|
|
|---|
| Topic: Technology |
9:43 am EST, Jan 27, 2006 |
tired as hell. 2 Conferences in 2 weeks with 2 different topics. I'll post more later becuase it was a cool event. |
|
