Procrastination, delivered!

All about waiting for the apple to fall. Add yours – reach.singhsong@gmail.com

Archive for the ‘Internet’ Category

Microsoft WMF Vulnerability – Patch Conundrum

Posted by hs on January 5, 2006

There has been a slew of patches for the WMF Vulnerability. In addition to the unofficial patch by Ilfak Guilfanov, a as-yet-unfinished Microsoft patch was released online inadvertently.

The vulnerability is very critical in the sense that the user does not need to do anything, except view the image. This can be viewed either in a email or via a browser. Microsoft refused to depart from its monthly patch-release schedule to release an express patch. This gives a cosy 10-day window for the vulnerability to wreck its way worldwide.

Meanwhile Ilfak rose to the occasion and posted an unofficial patch on this website. His site was down earlier due to humongous load (‘half the planet is downloading WMFFIX_HEXBLOG14.exe’), but is back now. The patch has also been mirrored by a number of sites including, GRC.com, Sunbelt Software, Antisource. F-Secure and Internet Storm Center (SANS) recommended that customers use Ilfak’s patches while Microsoft puts its patch together.
Resources

Update: Microsoft has released a patch – it is being automatically applied to machines (Win XP SP2 atleast) with Automatic Updates enabled.

Keywords: WMF, Vulnerability, Microsoft, Ilfak Guilfanov, Patch, WMFFIX_HEXBLOG, WMFFIX_HEXBLOG14, GRC.com, Window, Patch Schedule, F-Secure, Internet Storm Center, SANS, FAQ, Securiteam, Advisory

Advertisements

Posted in Bug/Vulnerability, Computing, Internet | 1 Comment »

AOL-Google Deal Closer

Posted by hs on December 19, 2005

(Updating a previous post)

NYTimes is reporting in AOL’s Choice of Google Leaves Microsoft as the Outsider that Time Warner would formally announce tomorrow Google buying 5% stake in AOL.

There’s an interesting parallel that NYT draws out between circa 1997 Netscape-IE battles and Google-MSN battles of today, with the slight twist: Microsoft is on the other side. Although MS was believed to have almost clinched the deal about 3 months back, this is what seems to have turned the tables: Microsoft’s refusal to take AOL’s Internet-access business, and its decision not to contribute its e-mail, messenger and, most important, its new Live.com portal to the venture.

AOL and Microsoft also passed on a chance to create a third big portal to compete against Yahoo & Google.

Google, on the other hand, provides AOL with, what is, arguably the best Internet search technology currently. It would also help AOL in sending traffic to AOL’s free, advertising-supported Web sites and give AOL the ability to offer its existing advertisers search ads for the first time and will allow AOL’s sales force to sell display advertising on Google’s extensive network.
Yahoo might have to look for other ventures for its search service business – MSN might switch away from Yahoo once its own technology matures, and that might be as early as next year.

Update: NYTimes Business report – AOL and Google Formalize Partnership to Include Shared Selling of Ads
Keywords: Google, AOL, Deal, Stake, MSN, Yahoo, Netscape, IE, Search, Advertising

Posted in Economics, Internet, Tech/Biz | Leave a Comment »

Gmail Easter Egg

Posted by hs on December 18, 2005

Here’s an undocumented Gmail feature

Gmail (Google Mail) ignores the period (.) in the @gmail.com addresses. So, all the following addresses are perfectly legal and would deliver to the same mailbox:

  • reach.singhsong
  • reachsinghsong
  • r.e.a.c.h.singhsong
  • reach.singh.song

However, the username still remains the one you had signed up with.

Keywords: Gmail, Google Mail, Easter Egg, Period, Dot, Ignore, Mail address, Email

Posted in Internet | Leave a Comment »

Gmail Holiday Bonanza

Posted by hs on December 18, 2005

Gmail has come up with a bunch of cool features recently. Significant ones:

  • RSS Feeds (Tip: If you want to add your own RSS feed, put the feed URI in the Search box, and once Gmail shows you the feed with Title, etc., you can add it)
  • Vacation Autoresponder: with some nifty customizable features (for example: Do not send an autoresponse more than once in 4 days)
  • Contact Groups: Useful for arranging managing the humongous addressbooks.

Read about more features here.
Makes for a real good bunch of holiday goodies 🙂

Keywords: Gmail, Features, Google Mail, RSS Feeds, Vacation Autoresponder, Autoresponse, Out of Office, Contact Groups, Holiday, Goodies, New Features, Virus Scanning, Read, Office document, HTML, PDF

Posted in Internet | Leave a Comment »

Google to buy stake in AOL?

Posted by hs on December 16, 2005

Coming as it does shortly after Steve Case made the case for splitting Time Warner (AOL – A Time-less Saga?), BBC is carrying a news item on purported sale of 5% stake in AOL to Google at approximately $1 billion.

This is especially valuable for Google since its the current search provider for AOL.com, and gets 2-4% of its annual net revenues. Google might also be interested in leveraging AIM (AOL Instant Messenger). AOL is valuable also because its one of the few independent big portals left. Google can’t afford to lose it to MSN or Yahoo (which already have their own portals – MSN.com and Yahoo.com).

On the flip side, Google might have already recouped some of the deal cost as reflected in the share price jump (7% to $435.20).

However, Carl Icahn doesn’t seem to be pleased:

It is my belief that, if the proper partner were allowed to have control of AOL, shareholder value would be much more greatly enhanced than through a half-hearted joint venture that might only serve the purpose of entrenching management.

Keywords: AOL, Google, Stake, 5%, Share price, Carl Icahn, AOL.com, MSN, Yahoo, Search engine, Portal, Steve Case, BBC, Sale

Posted in Economics, Internet, Tech/Biz | 1 Comment »

Google Desktop tweaked

Posted by hs on December 7, 2005

Google Desktop has now been tweaked as a workaround against the IE CSSXCSS vulnerability.

Keywords: Google Desktop, Bug, Vulnerability, IE, CSS, CSSXCSS, Cross Site Scripting 

Posted in Bug/Vulnerability, Internet | Leave a Comment »

Achieving Electronic Privacy

Posted by hs on December 6, 2005

Organizations are requiring ever-increasing amounts of information on individuals, linking it all up using a single identifier (SSN in US, NI in UK, and similar identifiers elsewhere). Although having more information helps in better decision making, it impinges on individual liberty. And having all information linked up also makes it a high-value target.

David Chaum presents an approach based on digital credentials in his article Achieving Electronic Privacy that appeared in August 1992 issue of Scientific American. The method involves using digital credentials that can be verified by the recieving organization without actually revealing the identity of the user. This helps users protect their individual liberties, while lowering costs for the organizations by providing them with authenticed information.

Use of Blind Signatures as proposed by Chaum and his colleagues provides for security & reliability in transactions while rendering them untraceable unless the user actually wants them to get traced.

Widespread use of this method can reduce a lot of data sharing hassles and resulting complications associated with them. Since the organizations can authenticate the identity of users without actually having to store any data, the chances of identity theft might also decrease.

Keywords: Electronic Privacy, Scientific American, Information, Individual Liberty, SSN, NI, David Chaum, Blind Signatures, PKI, Identity Theft

Posted in Internet, Tech/Biz | Leave a Comment »

Adblock Flickr Workaround

Posted by hs on December 4, 2005

Recently while posting new pics on Flickr, I noticed that the Organizr was not working properly in Firefox. I double-checked the page in another browser (Netscape 7.2), and it seemed to be working all right. I had more than a hunch that AdBlock might be behind this, as some of the Flash objects in other sites were also not working properly.

Some searching on Flickr Forums led me to this thread. Disabling Obj-Tabs in AdBlock preferences helps. It might break something else, but I am not complaining, at least for now.

Here’s another (a bit unrelated) example of how AdBlock can be used creatively to alleviate problems created by other sites.

Keywords: AdBlock, Flickr, Organizr, Bug, Firefox, Obj-Tabs

Posted in Bug/Vulnerability, Internet | Leave a Comment »

Google Desktop Vulnerability; IE CSS Import Gotcha

Posted by hs on December 3, 2005

Matan Gillon has posted a exploit on vulnerability in Google Desktop v2 while using Internet Explorer. By taking advantage of the CSSXCSS (Cascading Style Sheets Cross Side Scripting) vulnerability in Internet Explorer, a hacker might be able to read data from pages fetched from other sites. If this sounds technical, picture this: you browse to a seeminly normal website (containing say pictures, articles, etc.). Typically one would not think that this website can read the details of the other page you have opened, say your bank account, or the shopping cart with credit card details. The IE vulnerability allows specially crafted pages to do just that.

Read the original article (Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information) for details. Possible precautionary steps (until this vulnerability is patched) are to disable JavaScript in IE or switch to a better browser (Firefox, Opera, etc.).

The proof of concept exploit is available here.

Get Firefox

Keywords: CSSXCSS, CSS, Google Desktop, Internet Explorer, IE, JavaScript, Cross Site Scripting, Vulnerability, Cross-site scripting, GDS, Exploit, Proof of concept, Firefox, Opera

Posted in Bug/Vulnerability, Internet | 1 Comment »

Web 2.0: Changing the OS Paradigm

Posted by hs on December 1, 2005

The desktop Operating System (OS) scene has largely been cornered by Microsoft products in recent times. Apple has always maintained a dedicated niche market (mainly designers) and Linux (and other *nix) systems have been seen a preserve of geeks and nerds.

Operating systems have come a long way from the days of DOS (and loaders/linkers of the yore). In the DOS era, OS provided little functionality by itself. Compare that with the Operating Systems of today, where tons of functionality is integrated within the OS itself. Both approaches have their pros and cons.
Another revolution that has been taking place almost simultaneously is the emergence of Web browser as an application platform. True, there were thin clients and some browser-based applications earlier also, but most of them acted as web interfaces to applications running on servers rather than using the computational capabilities of the host.

Various technologies have contributed to the emergence of web apps, including greater availability of bandwidth. However, nothing has had more profound impact than something called AJAX (Asynchronous Javascript + XML). The term is relatively new, having being coined by Jesse James Garrett in his article Ajax: A New Approach to Web Applications (18 February, 2005).

The first popular applications using AJAX were launched by Google – Google Suggest & Google Maps. Although there have been some claims (and counter-claims) as to Microsoft having invented AJAX technologies, the term was first coined by Adaptive Path.

AJAX represents a fundamental shift in the way Internet works and forms the basis for what is called Web 2.0. Already there are lots of web apps springing up that might one day usurp the dominant place that desktop products hold in everyday computing today. An Internet-based word processor might have been dismissed as a flight of fancy a year ago, but today there already are working products doing precisely what was considered not possible. Writely is a web word processor, and so is gOFFICE. gOFFICE currently provides Word processing features and is expected to launch Spreadsheets & Presentations soon. One of the coolest features of gOFFICE is the ability to save the documents online and get them delivered in multiple formats, including PDF. Writely too allows users to save the documents offline in Word, HTML or OpenDocument formats. And since both (and other similar packages) are in a heavy development stage, one can expect many more features to be added in near future.
What does rise of web-based apps means for traditional applications, for example Microsoft Office in this case? Surprisingly enough, Microsoft has been pretty quick to latch onto the web apps bandwagon. It has already announced plans to offer various offerings under its Live platform – including Office Live and Windows Live Mail beta (that just went online).

Although it might be rather premature to say it at this stage, I do not see any major threat to desktop-based apps in the near future. There are situations where web apps fit better, and adoption rate would be pretty high in those areas. But there is a totally seperate market which has not been served till now (cheap, mobile access) which would be eager to adopt the web apps, hence minimizing any cannibalization between the two markets.

The question then is: how does Web 2.0 impact the OS paradigm as we know it? OS would continue to develop, but they would share their role as the platform for running applications to web browsers. At some point in near future, the web browser would turn into a formidable competition for OS itself. A class of applications that require extensive user interface or have formidable data requirements would continue to reside on local machines, but other applications, like email would move onto the web apps model. Even mainstream mail service providers like Yahoo! Mail are now testing highly interactive web app versions of their mail services, and this trend is only going to grow stronger.

Even tasks like audio & video which were not thought of as web-oriented apps are increasingly being delivered over the Internet, helped by increased bandwidths and better compression formats. Experiments like Google Video hold a lot of promise.

Operating Systems might again start moving towards minimalness – provide a comprehensive interface between the hardware and applications, and little else. The apps of the future would do better to harness the underlying hardware than rely on OS for that purpose. Thus, an ideal OS might be the one that is transparent to the user, and one which provides just about enough power to applications without doing little else. A extreme (and probably ridiculous enough) paradigm: an OS that makes running apps as effortless as human breathing – vital, but largely going unnoticed.
And, needless to say, Web Browser would be the most significant component of the future operating systems. No wonder there’s a battle raging out there between Internet Explorer and its (mainly open-source) rivals (Firefox, Safari).

PS: What would such an OS be called? BreathOS!

Keywords: OS, Paradigm, Browser, Application platform, Transparent OS, Evolution, AJAX, Web 2.0, Google Suggest, Google Maps, Adaptive Path

Posted in Computing, Internet | 3 Comments »