Categories
Open Source Web Development

WYSIWYG

After seeing Matt’s post that TinyMCE has been integrated into WordPress, I think I’m doing the same to a few things I’m currently developing. I was considering a WYSIWYG tool previously for these projects, but decided against it mainly because of the poor code they often produce. TinyMCE is rather good, but didn’t support Safari. Now that appears to be changing (they are testing and working with Apple). So I really have no reason not to use it right?

It’s a great thing for those who don’t know much (or good) html. Keeps the crud out. Now I need to either find, or write a really good html sanitizing function for php so I can make sure it’s pure safe html. Right now I just delete any tags.

Categories
Mozilla

Browser-based attacks up

An interesting article, that shows why using a better browser is an important way to keep your computer secure. Perhaps we need to tell these people to stop using IE and start using Firefox. Nudge, nudge, [elbow in the ribs].

First downloads were the big risk. Then email became the big target. Now it’s the browser. What next?

Categories
Mozilla

Someone should have used Firefox and Norton AntiVirus

A heck of a lot cheaper than this. Norton AntiVirus 2005 ($22.99 at time of writing), and Firefox (Free, forever) are not nearly as expensive as that phone bill.

It’s not hard to avoid that situation. It really isn’t. An 8 year old can do it.

Categories
Mozilla Security

IDN Security Hole

An interesting observation regarding yesterday’s security bug. I did this using 1.0+.

Here’s what it looks like when the exploit is presented:
Exploit: example

Now look at the title bar when you “view source”:
Exploit: view Source

Is this a temporary way to validate the authenticity of the website?
I have no clue. I’m just reporting my observations.

Categories
Funny Mozilla Security

Mozilla Security Hole: Household Emergent Behavior Vulnerability

I sent the following to the security list at 4:02 PM EST. I rate it a “critical” security vulnerability due to the harm it can inflict. This vulnerability is found in all Mozilla products to date (including nightlies).

Overview
Apparently Firefox has been making sexual advances towards Roomba’s (as seen on slashdot 02/05/2005), causing them to lock themselves in rooms in order to avoid being molested by the otherwise innocent looking Mozilla Products. Similar problems have been reported with other electronic devices: Toasters, VCR’s, Cell Phones, Alarm Clocks, Rosie the maid from the Jetsons, Johnny 5, R2D2, and Al Gore. I suspect people with pacemakers may be at risk, but I have yet to find any direct evidence or testimony.

Analysis
The vulnerability seems to be in nsISEXUALadvance, though libPr0n may also be problematic. There are actually 3 distinct problems with nsISEXUALadvance:

  • Doesn’t check to see if object.sexualDesire is of the same platform type
  • Doesn’t check to see if object.sexualDesire is >= age Of Consent
  • Doesn’t check to see if object.sexualAdvanceCount <= 1

I have yet to find if libPr0n has any influence on this bug. There is some research that suggests it many influence this behavior, though some ideological bias may be influencing that conclusion.

Products Effected
This vulnerability effects all Mozilla products tested.

Recommendation
I’d suggest this block Firefox 1.1, as well as Mozilla 1.8b until it’s resolved.

Provided and/or discovered by:
Robert Accettura Feb 5, 2005

Etc.:
This fufills a statement that I gave Asa over IRC that I could beat some of the other goofy stuff that comes in to security@mozilla.org.

Categories
Internet

A plan for worms?

According to Slashdot, a new variant of the Sanity worm is out, except this one patches to prevent it. Even good hacking isn’t a good thing. It’s still illegal and shouldn’t be done.

But government agencies should really start looking into such a thing. It’s obviously possible. There’s enough exploits in most software that a similar task could be accomplished. US-CERT among others should be researching the possibility of such tactics. A well designed worm can actually counter the effects of a very harmful one.

Even firemen have learned that fire is not only their enemy, but their friend. Fire is often used to put out fires… when strategically placed they can be a very effective tool against forest fires.

Categories
Politics

TSA locks up terrorist #1

Via Aebrahim’s blog, John Barlow’s story of the TSA “protecting America”. I’d say it’s a must read, though pretty depressing.

A real brilliant example of how America is becoming “safer”. Sadly, it’s pretty safe to say the government to date has spent thousands (plural) of dollars “protecting” us from John.

Good luck to him. Good luck to all Americans who attempt to live normal lives. I’m still waiting for some nun or priest to be arrested for carrying a crucifix, which could technically be used as a weapon (often sharp point towards the bottom). When that happens, it’s time to move to Iraq, since we’ve has spent some time restoring liberty there.

Categories
Mozilla

Microsoft Changes their Mind: Continues patches for non-XP IE

Contradicting a few days ago, according to The Channel Insider, Microsoft will be releasing some IE patches for non-XP systems.

…But company officials privately told a select group of developers earlier this year of plans to port some of the IE-specific fixes to the version of IE 6 for Windows 2000 (Service Pack 5 update).

It also told some partners that it was “considering strongly” the idea of making the IE-specific SP2 fixes available for Windows NT, Windows 98, Windows 98 Second Edition and Windows Millennium Edition.

[Source: The Channel Insider | Emphasis mine]
Categories
Security Software

AOL to issue SecurID to customers

SecurIDAfter pestering AOL employees with the damn things for years, now they want to charge customers for the same pain in the butt.

I hate these stupid things. Keep them on your keychain, and you know it’s going to break, and your going to have login problems. Don’t keep it on your keychain, and you know you’ll forget, and be unable to login. No matter what, you loose.

I won’t say they are ineffective, since they do work. But they are the biggest pain in the butt.

Categories
Internet Security

Spyware disabling itself in Spybot S&D

Well, I found this rather alarming. Apparantly some Spyware is learning to disable itself from Spybot S&D. Unfortunately, I went through the list real quick and unchecked all so it searches for everything… but didn’t make note of which made the list (just got home from work, tired, hungry, and not thinking). Blasted, would have been nice to post here and see if just had a corrupt preference file (I just upgraded to 1.3), or if this really is Insurgent Spyware fighting back.

Anyway, I’ll be keeping an eye on this with all systems I have it installed on. With any luck, if it’s really the next generation in Spyware fighting, it will happen again, otherwise, most likely a false alarm.

So more later if I think this is real. Please don’t set off a public alarm, just take a look yourself and see if you find this. Lets not get our panties in a knot. Thanks.