Comment Typo (Score 4, Informative) 224
Pogramming? :P PROGRAMMING.
Submission + - Not a Thinkpad 1
An anonymous reader writes: As a very happy Thinkpad T20 user (still working after 7 years) I always planned on replacing it with another Thinkpad T-series. However, Thinkpads are now produced by Lenovo, a Chinese company, and I can't quite bear to buy Chinese while the Burmese military are shooting at monks with the Chinese Government as their biggest backer. Maybe this is silly, as whatever I buy is likely to be made (at least in part) in China... but still, what are my options for something as well built as the Thinkpad T-series?
Submission + - Gmail 0Day Flaw Allows Attackers to Steal Messages (xmasterx.be)
XmasterX writes: "Accounts on Google Inc.'s Gmail can be easily hacked, allowing any past — and future e-mail messages — to be forwarded to the attacker's own in-box, a vulnerability researcher said Tuesday. Dubbed a "cross-site request forgery" (CSRF), the Gmail bug was disclosed Tuesday by Petko Petkov, a U.K.-based Web vulnerability penetration tester who has made a name for himself of late. In the past two weeks, Petkov has publicly posted information about critical, zero-day bugs in Apple Inc.'s QuickTime, Microsoft Corp.'s Windows Media Player and Adobe Systems Inc.'s Portable Document Format (PDF).
According to Petkov, who declined to release details about the vulnerability, attackers can use Gmail's filtering feature to exploit the bug. An attack, he said, would start with a victim visiting a malicious Web site while also still logged into his Gmail account. The malicious site would then perform what Petkov called a "multipart/form-date POST" — an HTML command that can be used to upload files — to one of the Gmail application programming interfaces, then inject a rogue filter into the user's filter list.
Full article here."
According to Petkov, who declined to release details about the vulnerability, attackers can use Gmail's filtering feature to exploit the bug. An attack, he said, would start with a victim visiting a malicious Web site while also still logged into his Gmail account. The malicious site would then perform what Petkov called a "multipart/form-date POST" — an HTML command that can be used to upload files — to one of the Gmail application programming interfaces, then inject a rogue filter into the user's filter list.
Full article here."
