Incidentally, the reason why I’ve only just installed the patch, several days after it was made available is because last week I cleaned up the disk space used on our SUS server and one of the things I (mistakenly) did was to select what I thought was all the urlscan log files, but actually included urlscan.ini. This didn’t stop urlscan working – it just blocked practically every request as GET was not on the list of allowed verbs (as this list didn’t exist). It was only when I realised that the patch hadn’t been installed yet that I realised this was the culprit.
Installed the latest patch for IE which breaks the http://username:password@sitename protocol. The interesting thing is that they break it in more than just the browser. Now if you run the above url from the start/run menu or from the quick launch address bar, the system strips off the username:password@ of the url and takes you direct to the main site. This way it breaks Firebird/Firefox which would work with the username:password option and was not vulnerable to the spoofing flaw. I guess they had to do it this way because of all the intergration with the OS that IE does not do (end sarcasm) Apart from that its not that big a deal anyway. It doesn’t break wget though (which is a relief as that would break a lot of my scripts)
Its not a good start when you select the custom install and one of the components is greyed out AND not ticked. Then when I launch it I get “Error launching browser window: no XBL binding for browser”. This is apparently caused by having TabbedBrowser Extensions loaded. By disabling this in Phoenix (my old install) it then loads up ok. This is also cured by following the readme and disabling all extensions and/or creating a new profile (yuck)
I fired up my Firebird browser this morning and the homepage was talking about Firefox 0.8. Looks like it’s gone from Phoenix to firebird to firebox. Wish they would make up their mind. I wouldn’t have thought this would help matters as its going to make some users confused and also dilutes the brandname if it keeps getting changed.
There are three security vulnerabilites in RealOne player so if you have this installed you may want to use the autoupdate to get the patches. Not sure how this works with the free bbc version – i’ll check this out soon…..
Update BBC player installed and the update program finds at least 3 updates to install – one to upgrade from version 2 to version 10, one for the security update and another for Realpix. I only bothered to download the second one.
Yahoo have now introduced a spam filter to their newsgroups. The daft thing is that not only is it having loads of false positives, it actually still sends you the email, but includes the spam email as an attachment. The only way this really helps is that it stops you accidentally opening spam messages containing web bugs to verify your email address. It also puts [spam] at the front of the subject (and an x-header line) so that you could put a filter on it. However with no way to whitelist or blacklist senders or any obvious means of training the spam engine its going to be more hassle than its worth.
I was trying to extract a file from a 141MB tar.gz file (from my webspace backup) and got this dialog box showing me the process. I’ve also submitted this to This is broken
Apparently you can get a spyware/ad free version of Realplayer from the BBC as they are not allowed to do advertisements – I’m going to uninstall my real player and try it.
I’d come across the Stinger utility from Network Associates Inc. but didn’t know what it was. Apparently its a utility that will assist you in removing the latest virus’ from your computer – all in one .exe file. Although no substitute for av software it would make a good tool to have on a usb disk/floppy/cd to take to peoples machines when they ring up as they’ve been infected.
The long awaited patch for ie is now available that will break the standard http://user:pass@domain functionality but will prevent a lot of the phishing attacks that have gone on. To check whether you are still vulnerable or not, visit my initial page on the phishing problem. This update is actually one of three vulnerabilities that has been patched in the cumaltive update.
There are more details in the February 2004 security bulletin