Microsoft Fixes URI Handler Flaw

The Windows URI handler is finally getting a fix today. Microsoft is changing the function ShellExecute() so it sanitizes any links it processes. The flaw has been blamed for many vulnerabilities in other programs, vulnerabilities Microsoft originally said were not its problem. The software company has since reversed its position. The patch’s release date has not been revealed, but the next set of patches is due November 13. Not all URI handling vulnerabilities will be fixed, though. Depending on how Microsoft implements changes, the changes will go only so far, but bugs in other applications that are exploited after Windows’…

Read more

Microsoft Claims Its Intellectual Property is Used In Linux

Microsoft CEO Steve Ballmer says users of Red Hat Linux should pay Microsoft for patented intellectual property supposedly contained in the open-source OS. The company has made no specific claims as to what portions of the Linux distro violate what patents. I feel the same way as Jim Zemlin, executive director of the Linux Foundation: Microsoft will only create more ill will in the Linux community, and in their own users’, until they specifically state what patents are being infringed, and provide proof. The fact that Ballmer simply says Microsoft patents are infringed will likely only further irritate customers who…

Read more

IE7 Bug Reopens Debate Over Protocol Handlers

A bug in IE7 affecting how the browser handles URIs that launch external programs, patched today, has rekindled discussions about the responsibilities of protocol handlers. While some say the browser developers should be held responsible, others say it is a Windows problem. From what I have read about the issue, dozens of programs are potentially vulnerable. The vulnerability is reportedly in the way Windows handles the launching of programs, not in Internet Explorer or Firefox (both of which were affected by the earlier QuickTime protocol bug). I would say that the responsibility of fixing the problem falls on Microsoft in…

Read more

Microsoft and Privacy

Microsoft reportedly released results of a three-month phishing study conducted through an add-on to their Windows Live toolbar, the Phishing Detective. The software compared passwords used on various websites and reported URLs to Microsoft if the passwords for two sites matched. Admittedly, it is an interesting approach, and legitimate matches are easily weeded out, but it raises issues about how much Microsoft knows about you. Microsoft could theoretically profile all its toolbar users and keep track of what sites they have accounts at by what sites generate hits to the password-comparing program. Other companies like Google also collect the URLs…

Read more

Let’s Define the Term "Hacker"

Popular culture has done a number on the word “hacker” these days. It used to refer to a person who built something cool, computer-wise, back before the laptop was invented. In recent years, though, it has taken on the same meaning as “cracker”, not in the victual sense, but in the safe-robbing one. These days, a “hacker” is someone who breaks into computer networks, usually with some nefarious agenda. “Hacking” computer hardware and software for increased productivity or performance is now called… I don’t know, actually. Maybe “tweaking”. This evil connotation even led a Microsoft blog to be renamed recently.…

Read more

IE7 Available to All Windows Users

Microsoft has removed the Windows Genuine Advantage validation requirement to download Internet Explorer 7. The change came yesterday (Thursday), when the software giant changed its mind about IE7 from its being a “reward for being legal” to being “in users’ best interest.” Windows Update will be offering the upgrade as a high-priority update, or it can be downloaded immediately from Microsoft’s website. I agree with analyst statements that this is probably a play for market share. Popularity of Mozilla Firefox has been increasing since IE7’s release, and much of the market gains of the new browser have been at the…

Read more

Cisco Clean Access Agent? What the Heck is That?!

Welcome to the wonderful world of paranoia. In its infinite wisdom, Augsburg College, a place I will be going often this year, has begun to require (not suggest, not recommend, require) a program called “Cisco Clean Access Agent.” Fortunately, it only applies to Windows computers (well, that makes it better…), but you can’t access the network without it. Actually, you can, but it’s only a limited network that allows ports 80 (HTTP) and 443 (HTTPS) exclusively. No chat, no gaming, no POP, no nothing. Only surfing. Period. What’s wrong here? The thing is, I don’t want to have another startup…

Read more

I’m Officially [email protected] (and @Work)

Lured by a recent article in PC World news, I have installed the [email protected] program from Stanford University and begun simulating folding proteins. So far, I’ve completed about 1% of my first work unit, so nothing much has been accomplished yet, but I’ve given the program permission to use about 80% of available processor power, and it estimates completion in a little over five days (!). That means, unfortunately, more like ten or fourteen days, since this computer is off more than half the time, but progress is progress. Being part of a One Petaflop (yes, I said “Peta”) computing…

Read more

Internet Explorer 7 Doesn’t Layer Properly

In the process of developing a new website I have, I discovered a major flaw in Internet Explorer 7 (IE7) that shows itself when a floated element has background-color: transparent set in the CSS properties. It appears that if the element is floated inside another element with an opaque background, that background becomes transparent also in the area under the transparent element, effectively showing the page background. I have tested this with tiled image backgrounds, however it may show up in colored backgrounds as well. I spent about two hours tonight alternately searching for solutions on Google and discussing the…

Read more

Why Installers Want You to Reboot

I found a great article over at a newly-discovered blog (thank you, Mr. Bass*), and thought I’d share the link. Though written in 2003, the article is still true, and it provides a very detailed look into the reasoning and logic behind requesting a user to reboot after an installation. Now, most of us should know by now that Windows locks in-use files, but did you know that there is a mechanism to tell Windows to overwrite a specific file on the next system reboot? Some of you might, but don’t yell at me for telling you something you know.…

Read more