Text 5639, 195 rader
Skriven 2005-07-03 10:17:16 av Rich (1:379/45)
Kommentar till text 5633 av Geo (1:379/45)
Ärende: Re: An Army of Soulless 1's and 0's
===========================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0010_01C57FB8.631110E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
No because you either can not understand or want to pretend you =
don't.
Rich
"Geo" <georger@nls.net> wrote in message news:42c7f81d@w3.nls.net...
I don't have realplayer or quicktime. Wanna try again?
Geo.
"Rich" <@> wrote in message news:42c75faf$1@w3.nls.net...
This is the nonsense you come up with? You mentioned eeye which =
I noticed just announced that real player has a heap overflow which they =
gladly describe to the detriment of everyone that uses real player. And = this
is the kind of nonsense you use as an example of how adding a = favorite side
steps confirmation. You had an application running on = your machine and
making the change. Web pages can't do this without = confirmation.
Applications can do what you can.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42c75843@w3.nls.net...
By using the features Microsoft has provided, namely scripting and =
controls that are marked safe for scripting.
The technique has been around for a while and is described here =
http://www.microsoft.com/technet/security/bulletin/fq99-032.mspx
those particular ones are patched and I don't know what controls =
they are currently using but it's still happening to fully patched = systems,
I've found my favorites modified several times this year but = I've never
managed to figure out what site did it, the change was = completely stealth.
Geo.
"Rich" <@> wrote in message news:42c731e0@w3.nls.net...
How?
Rich
"Geo" <georger@nls.net> wrote in message =
news:42c7054e$2@w3.nls.net...
The confirmation can be bypassed by the website.
Geo.
"Rich" <@> wrote in message news:42c6d5a7$1@w3.nls.net...
There is a confirmation when a web page tries to add a =
favorite or change your home page. Why would you lie about stuff like = this?
Rich
------=_NextPart_000_0010_01C57FB8.631110E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff background=3D"">
<DIV><FONT face=3DArial size=3D2> No because you either can =
not=20
understand or want to pretend you don't.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42c7f81d@w3.nls.net">news:42c7f81d@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>I don't have realplayer or quicktime. =
Wanna try=20
again?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42c75faf$1@w3.nls.net">news:42c75faf$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> This is the nonsense =
you come up=20
with? You mentioned eeye which I noticed just announced that =
real=20
player has a heap overflow which they gladly describe to the =
detriment of=20
everyone that uses real player. And this is the kind of =
nonsense you=20
use as an example of how adding a favorite side steps =
confirmation. =20
You had an application running on your machine and making the =
change. =20
Web pages can't do this without confirmation. Applications can =
do what=20
you can.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42c75843@w3.nls.net">news:42c75843@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>By using the features Microsoft =
has provided,=20
namely scripting and controls that are marked safe for=20
scripting.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The technique has been around for =
a while and=20
is described here <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/fq99-032.mspx"=
>http://www.microsoft.com/technet/security/bulletin/fq99-032.mspx</A></FO=
NT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>those particular ones are patched =
and I don't=20
know what controls they are currently using but it's still =
happening to=20
fully patched systems, I've found my favorites modified several =
times this=20
year but I've never managed to figure out what site did it, the =
change was=20
completely stealth.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42c731e0@w3.nls.net">news:42c731e0@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> =
How?</FONT></DIV><FONT=20
face=3DArial size=3D2>
<DIV><BR>Rich</DIV>
<DIV></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote =
in message=20
<A=20
=
href=3D"news:42c7054e$2@w3.nls.net">news:42c7054e$2@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2>The confirmation can be =
bypassed by the=20
website.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42c6d5a7$1@w3.nls.net">news:42c6d5a7$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> There is a =
confirmation=20
when a web page tries to add a favorite or change your home=20
page. Why would you lie about stuff like =
this?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
=
size=3D2>Rich</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQ=
UOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0010_01C57FB8.631110E0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|