citizenklaw - Slashdot User

Submission + - IE7 lets passwords slip 'by design'

Submitted by

tweakers.net reader

on Tuesday May 22, 2007 @09:16AM

tweakers.net reader writes: "Visitors can have their passwords for many community sites stolen if they use Internet Explorer 7 or lower. Almost all sites that let their users host images or other binary data are vulnerable. Microsoft has been informed, but tells this bug is 'by design' (translated from Dutch). The problem lies in the way that Internet Explorer(IE) handles binary data. Instead of following the standard (RFC2616), IE determines the content-type in a wrong way. A perfectly valid image like this one or this one is interpreted as HTML in IE. Thereby, JavaScript is executed and passwords for community sites can be stolen (because of this XSS vulnerability). Microsoft will not fix this problem before Internet Explorer 8. On my machine, passwords seem to be safe from this bug with Opera 9.21 and Firefox 2.0.0.3."

Submission + - How Government Data Will Survive a Nuclear Attack

Submitted by

Gary

on Tuesday May 22, 2007 @09:12AM

Gary writes: "Infobuner is a data center situated in a corn field in the middle of Iowa. It is not just any data center, it is probably the securest data center you're ever likely to find. Built in a decommissioned Air Force bunker it can withstand a 2.5 Megaton nuclear blast and is EMP shielded too."

Submission + - The five best game console controllers of all time

Submitted by on Tuesday May 22, 2007 @09:00AM

An anonymous reader writes: CNET.co.uk is running an article on what it thinks are the 5 best game controllers of all time. Amazingly, this article doesn't feature the Wii remote and instead rates the Xbox 360's controller as better. It does, however, have the Atari 2600's joystick that was a classic controller.

Submission + - Florida: One Step Forward, Two Steps Back

Submitted by

SuperJew

on Tuesday May 22, 2007 @08:27AM

SuperJew writes: "Well, it looks like Florida has done it again. The state that brought you the hanging chad has gone BACK to paper ballots. In 2002, many FL counties went to the touch screen systems, but now have decided to switch back.

[Governor] Crist, who made the elections overhaul an early priority, basked in bipartisan praise on Monday for ending the paper-trail fight. The federal government will cover the roughly $28 million cost to switch to optical-scan devices. Touch-screen machines will still be used during Florida's new Jan. 29 presidential preference primary, but paper ballots must be in place by the fall 2008 elections, with one exception. Touch screens still can be available for use by disabled voters until 2012. "

Submission + - OpenOffice announces first ever worm

Submitted by

Corrado

on Tuesday May 22, 2007 @08:21AM

Corrado writes: "According to Jean's Blog the SB/BadBunny-A worm is attacking OpenOffice Draw documents. It affects Windows, Mac OSX, and Linux systems and uses different methods on each. Can this be good for OO.org?"

Submission + - Xss-exploit Microsoft labelled as ' by design '

Submitted by

Anonymous Coward

on Tuesday May 22, 2007 @08:19AM

Anonymous Coward writes: "Beginning this month tweakers.net developer Tino Zijdel by was indicated a visitor on bug in Internet Explorer 7 which it makes possible a cross site scripting-exploit to carry out. The leak situates himself in the mimetype detection of the browser. http://babelfish.altavista.com/babelfish/trurl_pag econtent?lp=nl_en&url=http%3A%2F%2Ftweakers.net%2F nieuws%2F47643%2FXSS-exploit-door-Microsoft-betite ld-als-by-design.html (dutch url: http://tweakers.net/nieuws/47643/XSS-exploit-door- Microsoft-betiteld-als-by-design.html )"

Slashdot Top Deals