December 10th, 2003
IE has a new security flaw which will be a major boon to spammers and frauds. This flaw allows spoofing of URLs via the http://user@domain nomenclature. For example, a fraudulent spammer could well direct victims to http://wwww.paypal.com&sessionid%123123123&@blog.codefront.net, but have it show up as http://www.paypal.com&sessionid%123456789 (of course, the fraudulent webpage has to be convincing enough to fool victims into believing they are actually at PayPal!). This works because by including a 0×01 character after the “@” character, IE hides the real location of the page!
To see it in action, fire up IE and check out this demonstration.
Source: Simon Willison
December 10th, 2003
Jack Bog and his wife are giving USD1 for each hit they receive today (Wednesday, December 10, 2003) from 12:01 a.m. to 11:59 p.m. PST (GMT-0800) to charity.
Want to feel charitable without any hard commitments? Visit his blog once or twice today Or 24 times. Quoting Jack:
If you go away and come back more than an hour later, however, that will count as two hits.
Well, seems like a good way to promote your site too - of course I do not doubt the altruistic motives behind Jack’s move.
December 9th, 2003
Seems David Lu does some interesting work, like this Phone Dial Web Browser for instance. Ouch! Rotary dial? IP address only? Meh!
This electronic etch-a-sketch simply named Etch is another (apparently) frivolous project.
On the other hand, 3D XML Viewer (requires Flash Player) is an amazing 3D, graph-based visual representation of XML documents. Reminds me of TheBrain. Now this is something useful.
December 9th, 2003
Just Say No to Microsoft
Not pretty, a little biased. But great alternatives are listed.
December 9th, 2003
Finally a Mozilla Firebird nightly (2003-12-07) with most severe regressions fixed (severity as determined by Jesse Ruderman).
Builds since 2003-11-21 do not work with Tabbrowser Extensions (the fault is with TBE, not Firebird), so I’d given up on nightlies since. But this major regression-free build had me coming back and searching for a fix to this incompatibility. And guess what? There is a fix, provided kindly by me4get at the Mozillazine forums. The related thread is entitled Updated TBE for Mozilla/5.0 (Gecko/20031121) and you can install the updated TBE by clicking here.
I’m using scragz’s optimized builds - fast and works great!
Source: The Burning Edge
New IE vulnerability - fake URLs
Comments and TrackBacks (0) | Category: Browsers 
