Forgot your password?
typodupeerror

Submission Summary: 0 pending, 3 declined, 0 accepted (3 total, 0.00% accepted)

Google

+ - GMail vulnerability leaks images sent by others-> 1

Submitted by rumith
rumith (983060) writes "Almost a year ago (December 2008), I reported a bug to Google concerning incorrect preview generation for TIFF images in GMail. The problem is that at least for some TIFF files (one such file is linked in the blog; you can use it to test my report) GMail generates a new preview every time this file is sent, and this preview doesn't correspond to the contents of the file I sent in any way. Rather, I see previews of photos (sometimes pretty embarrassing) apparently made by other users. Downloading the attached image works okay though. Get the word to Google to have the vulnerability fixed ASAP!

Disclaimer: Yes, I am the author of the blog linked. No, I have no idea why this file causes such behavior."

Link to Original Source
Privacy

+ - What is online privacy about, after all?

Submitted by
rumith
rumith writes "Hello. What kind of data, exactly, should one try to keep private, and for what reasons (this also includes avoiding being monitored by Google and the like)? As far as one can assume, most of our personal data is perfectly known to at least one party, and an inquisitive mind wouldn't find it too difficult to connect all the pieces together, especially if tasked with such a mission by our new [insert your favorite here] overlords."
Microsoft

+ - Microsoft calls an IIS 5.0 vulnerability a feature->

Submitted by rumith
rumith (983060) writes "The Inquirer tells us that Microsoft has posted details on a vulnerability (or rather, a feature) in IIS 5.0 that allows an anonymous user to bypass authentication and access documents he shouldn't be able to. The good part: they've already taken down the specifics of the exploit. The bad part: they claim that this behavior is by design, and the only way to fix it is to upgrade to IIS 6.0, which is shipped only with Windows Server 2003, the cheapest edition of which costs only $399. Isn't this called "money extortion"?"
Link to Original Source

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...