| |
|
Adobe flaw #$%&s everyone |
|
|
Topic: Technology |
1:10 pm EST, Jan 5, 2007 |
There is a flaw in Abode’s Acrobat reader plugin which allows JavaScript to execute. This flaws means ever website that contains a PDF file has a de facto Cross Site Scripting (XSS) vulnerability. Clicking on a link like http://bank.com/report.pdf#EVILCode will cause JavaScript to execute in the context of bank.com. Regardless of how security bank.com’s website is, attackers can get their own JavaScript to interact with the website, exposing everyone on bank.com to all the traditional dangers of XSS. It is important to note that there is nothing wrong or malicious about the PDF file itself. An attack doesn’t need to upload a malicious file for this to work. The issue is Adobe executes an JavaScript that is contained in the fragment (#) of a hyperlink. This flaw essentially backdoors every website on the Internet that hosts a PDF. Any website with a PDF can be the target of a hyperlink with a malicious fragment added to it. This flaw is so extremely dangerous because an attacker simply creates a malicious hyperlink to any legitimate PDF on any website and can attack that website. It gets worse, because there is little a website can do to stop the attack. If a victim clicks on a link like http://bank.com/report.pdf#EVILCode, the #EVILCode fragment is not actually sent to bank.com. Thus bank.com cannot detect if a PDF is being requested to launch an attack, or is being requested for legitimate purposes Short of removing all PDF’s from their site, a company cannot protect itself or it’s users from this technique. This flaw can also be exploited using an HTML iFrame. This means a victim doesn’t have to physically click on a bad link; simply viewing a website could cause a PDF to load and exploit the user. XSS can be used for various types of attacks, such as phishing, password stealing, self-propagating worms, keystroke logging, and attacking internal corporate networks. This vulnerability is interesting because it occurs in a browser plugin, making all browser’s that use the plugin vulnerable. It is also interesting because it doesn’t require an attacker to create or upload a malicious file. This attack piggybacks on top of perfectly safe PDFs. Updated Effected Browser: (all on Windows) IE6 + Acrobat Reader 7 + XP SP1 IE6 + Acrobat Reader 4 + XP SP2 (possibly) IE 6 on non-XP platforms Firefox 2.0.0.1 Firefox 1.5.0.8 Opera 8.5.4 build 770 Opera 9.10.8679 Adobe flaw #$%&s everyone |
|
MoveOn.org Civic Action: Save NPR and PBS (again) |
|
|
Topic: Miscellaneous |
1:33 pm EDT, Oct 4, 2006 |
House Republicans just voted to slash funding for NPR and PBS this year--and eliminate funding altogether in two years. We stopped them last year. We can stop them again. Sign our petition to Congress opposing these massive cuts to public broadcasting.
The Republicans are trying to kill Big Bird and Oscar the Grouch. They must be STOPPED!!! -janelane, one-ah-ah-ahh, two-ah-ah-ahh,.. MoveOn.org Civic Action: Save NPR and PBS (again) |
|
50 Dark Movies in One Painting |
|
|
Topic: Movies |
9:48 am EDT, Oct 2, 2006 |
See if you can find all 50 "dark" movie references hidden in this one painting. 50 Dark Movies in One Painting |
|
Think Progress [tag Path to 911] |
|
|
Topic: Society |
1:21 pm EDT, Sep 7, 2006 |
ABC is marketing its docudrama, The Path to 9/11, as “based on the 9/11 Commission Report.” It is defending the films multiple inaccuracies by claiming some scenes were “drawn from a variety of sources.”
Now we finally have an answer to the question: What does it take to air a 2hr docudrama commercial free on broadcast television now a days. The answer is lies, lies, lies. _Path to 9/11_ is a "docudrama" whose major thesis is that 9/11 happened because President Clinton didn't prevent it. It is airing on ABC. This is a link to the thinkprogress tag about everything related to the film. I can only cite some of the highlights: * Scholastic is giving out materials to teachers clearly made w/ partisian politics in mind. * At NO POINT did Fmr National Security Advisor Sandy Berger discourage going after Osama bin Ladin. This is so very paritsan it's sick. The best part is that it will air commercial free. When's the last time you heard a broadcast network do that? (esp. concidering all the free press it's been getting on this fantasy) Think Progress [tag Path to 911] |
|
Sun buys Hewlett and Packard | The Register |
|
|
Topic: Technology |
12:41 pm EDT, Aug 21, 2006 |
Sun Microsystems on Thursday announced that it purchased Hewlett and Packard for a little over $6,000. In a crafty public relations stunt, Sun has acquired a wooden sculpture of Bill Hewlett and Dave Packard and decided to send the object on the road to find HP's "sense of humor." A local artist had offered the Hewlett and Packard sculpture, which is part of a larger collection, to HP corporate, but the company passed. So, Sun stepped in with $6,000 and bought the Silicon Valley legends. The Hewlett and Packard figure is part of the Silicon Valley Hitchhiker series that we've been covering for the past couple of weeks. Local artist Julie Newdoll teamed with Jim Pallas, Mike Mosher and Mario Wolczko to create and promote five sculptures of Silicon Valley icons - Fred Terman, Bob Noyce, Hewlett and Packard, William Shockley and Lee de Forest. The figures have been "hitchhiking" around the country with GPS units strapped to their backs so people can follow their journeys online.
Yet another wonderfully funny public relations fiasco with HP. It's implied, though not explicitly stated in the article, that HP had the opportunity to buy the sculptures and turned their nose at the project. They should have seen this one coming from a mile away. If it wasn't Sun, I'm sure IBM would have been the next in line to turn this whole thing into a big joke. HP == stupidity Sun buys Hewlett and Packard | The Register |
|
Topic: Miscellaneous |
8:50 am EDT, Aug 21, 2006 |
A glimpse of the remarkable father-son bond of Dick and Rick Hoyt, and their inspirational journey together in a triathlon and life itself. "Eighty-five times he's pushed his disabled son, Rick, 26.2 miles in marathons. Eight times he's not only pushed him 26.2 miles in a wheelchair but also towed him 2.4 miles in a dinghy while swimming and pedaled him 112 miles in a seat on the handlebars--all in the same day." Can |
|
Fallen Soldier Gets a Bronze Star but No Pagan Star |
|
|
Topic: Current Events |
9:20 am EDT, Jul 5, 2006 |
At the Veterans Memorial Cemetery in the small town of Fernley, Nev., there is a wall of brass plaques for local heroes. But one space is blank. There is no memorial for Sgt. Patrick D. Stewart. That's because Stewart was a Wiccan, and the U.S. Department of Veterans Affairs has refused to allow a symbol of the Wicca religion -- a five-pointed star within a circle, called a pentacle -- to be inscribed on U.S. military memorials or grave markers. Wicca is recognized federally as a religion. As the article mentions, last year the requirement for a religion to have a centrally located authority has been lifted. So why can't the pentacle be inscribed on the grave of a soldier who gave his life for his country, and even had "Wiccan" on his dogtags. But gods forbid we offend the Christians with a symbol that they don't like in the graveyard. Getting pretty sick of this. Fallen Soldier Gets a Bronze Star but No Pagan Star |
|
CNN.com - Senator seeks tax on pimps, prostitutes - Jun 27, 2006 |
|
|
Topic: Miscellaneous |
8:38 am EDT, Jun 28, 2006 |
I guess the next step is to require pimps to carry Workers' Compensation and Unemployment Insurance for all of their h0ez? What is this world coming to? IANATA, but I do believe that if you receive $100,000 in income from "personal services" but don't report that on your taxes, you're already breaking the law. It's called "tax evasion." To spell it out for this scenario sounds like more election year "let's unite our conservative voter base." Republican Sen. Charles Grassley of Iowa is hoping to stamp out the sex trade by taxing pimps and prostitutes, then jailing them when they don't pay. The Senate Finance Committee is expected to vote Wednesday morning on the pimp tax. The bill also calls for more jail time for sex workers. If passed, the provision will authorize at least $2 million toward the establishment of an office in the Internal Revenue Service Criminal Investigation unit to prosecute unlawful sex workers for violations of tax laws.
CNN.com - Senator seeks tax on pimps, prostitutes - Jun 27, 2006 |
|
Alan Moore's erotic 'Lost Girls' and Peter Pan Copyright Woes |
|
|
Topic: Society |
8:06 am EDT, Jun 28, 2006 |
BoingBoing has a good compilation of information and links regarding the not-quite-epic but pretty substantial struggle between Alan Moore's desire to use the character of Wendy from the Peter Pan stories (a still active copyright in the UK) in a sexual setting. That debate in itself is old hat, and has gone the rounds for decades whenever fan fiction becomes well written and popular enough to stand on its own. Alan Moore states: "It presents this material in a way which is every bit as sensual and beautiful and at times, startling, as the actual sexual act itself can be. I think that was probably why we did it. The sexual imagination, which is the biggest part of sexuality, is not well served in our culture, and I really don't understand why that should be. The only way that we can talk about or refer to sex -- we have two choices: we can either do it in grubby works of pornography that will be read by people who are desperately ashamed of what they are reading, or we can discuss sex in the clinical manner of sex manuals or The Joy of Sex. Neither of these things have got anything that I, or probably most other normal people actually associate with our sexuality."
Alan Moore's erotic 'Lost Girls' and Peter Pan Copyright Woes |
|
Sperm counts and teen pregnancy rates. By Liza Mundy |
|
|
Topic: Health and Wellness |
3:02 pm EDT, May 3, 2006 |
Today, May 3—in case you didn't know it—is "National Day To Prevent Teen Pregnancy." In the past decade, possibly no social program has been as dramatically effective as the effort to reduce teen pregnancy, and no results so uniformly celebrated. Between 1990 and 2000 the U.S. teen pregnancy rate plummeted by 28 percent, dropping from 117 to 84 pregnancies per 1,000 women aged 15-19. Births to teenagers are also down, as are teen abortion rates. It's an achievement so profound and so heartening that left and right are eager to take credit for it, and both can probably do so. Child-health advocates generally acknowledge that liberal sex education and conservative abstinence initiatives are both to thank for the fact that fewer teenagers are ending up in school bathroom stalls sobbing over the results of a home pregnancy test.
Sperm counts and teen pregnancy rates. By Liza Mundy |
|