Two vulnerabilities in the popular Firefox browser have been rated “extremely critical” because exploit code is now available to take advantage of them. The cross-site scripting and remote system access flaws were discovered in Firefox version 1.0.3, but other versions may also be affected, said security company Secunia, which issued the ratings Sunday. One flaw involves “IFRAME” JavaScript URLs, which are not properly protected from being executed in the context of another URL in the history list. A second vulnerability exists in the IconURL parameter in InstallTrigger.install(). Information passed to this parameter is not properly verified before it’s used, allowing an attacker to gain user privileges. This flaw could allow an attacker to gain and escalate user privileges on a system. ...

Has anyone checked out Dave Mathew’s new album called Stand Up ? If so, any feedback, how is it?

If you recall my previous post , I wanted to get you a quick update since then - seems like Google has stopped this for the time. If you get to the site it tells you the following message: Thank you for your interest in Google Web Accelerator. We have currently reached our maximum capacity of users and are actively working to increase the number of users we can support. ...

Well, all I can say is enjoy…. http://madbean.com/anim/totallygridbag

I stumbled across an interesting blog - all written in Hindi - and boy is my Hindi rusty! But this is an excellent example of the usage (and limitations) of a UNICODE implementation. Not sure of the content of the blog itself as it will …. ahem …. take me a little while reading up and understanding. Flame mails awaited eagerly. ...

Well not sure what Google plans to do with this, but they just released something called a Web Accelerator that is designed to work with broadband connections and supports both IE and Firefox. What is it? Per Google it is an application that uses the power of Google’s global computer network to make web pages load faster. Google Web Accelerator is easy to use; all you have to do is download and install it, and from then on many web pages will automatically load faster than before. ...

Well, in addition to the antivirus issues with Windows x64 bit, if you upgrade in most cases you could void your computers warranty - this varies from manufacture to manufacture of course. If you know the advantages of 64 bit and are one of the early adopters (or in other words a geek), then you are OK as you probably don’t need the manufacturer’s support (except if they need to switch hardware when it gets fried). ...

Yes, I know, I have been harping about XP 64 bit and how you can upgrade to XP 64 bit for free , but you might want to rethink for in the short term (for about 6-12 months). Why you ask? Well in addition to the drivers (remember your 32 bit drivers will *not* work), the two biggest Antivirus solutions (Norton and McAfee) are not available and they don’t have any plans till 2006. The corporate versions of these could possibly start rolling out, but I am not sure if the home users will have the muscle to buy those. ...

Got this via Karan. Firstly, I am not suggesting you try this, and secondly it is probably a hoax; but I did come across this site which claims for a couple of grand or so (e.g. MCSD.NET $2,800), you can get certified in any of the MS and CISCO exams without sitting for any one exam. This sounds like one of those too good to be true stories and does not seem legit at all. Does seem quite hilarious… ...

Thanks to Sanjay who pointed this out. Now that the elections are looming here in UK, the JibJab guys are at it again creating a very hilarious GBJab - you have to check it out . You can also download the Windows version or the Mac version . Make sure your speakers are on! ...

In the Beta 2 version of the .NET Framework 2.0 product, there are various APIs that have been added in since V1.1, but are marked obsolete. All of these APIs will be removed from the product at V2.0 release. These are APIs which were added during the beta cycles of the V2.0 product lifetime, but as a result of design changes and/or product feedback, have subsequently been replaced, or will simply be removed. It is paramount for your ability to easily move forward to the final V2.0 release of the product that these obsolete APIs not be referenced. This list is the APIs which will be removed before the final release of V2.0. ...

Google has a new service called Ride Finder which you can search for taxis, limousines and shuttles and make better decisions by seeing the exact location of vehicles in your area. Just enter a zip code, the name of a city or even a specific address. You will get a map showing the companies and where their vehicles are located. ...

CIOInsight has an article discussing the rise of blogs on how they are being embraced by the corporate world and in other cases they are not including some best practices (most of which is common sense) on what you as an individual should or should not do. Also has a few examples from big corporations around the world and their IT Managers to CIO’s. Since you are reading this, obviously this is no new news to you…. :) ...

I was playing around with Whidbey (finally), the Beta 2 drop and decided to check out if Entlib compiles. After converting the project (ping me if you need screen shots), there were a whole bunch of errors. Well, in reality not errors but warnings. Since, by default VS.NET 05 treats warnings as errors, the build fails miserably. Once I got around to setting ignore warnings, it did compile, but I have not gotten much further with it yet due to lack of time - more playing around with that this week. But almost all the failures were due to stuff being deprecated in .NET 2.0. I have both the logs - where things were failing and then the one where I ignore the warnings . ...

Thanks to Stef to point this my way - it is hilarious. Cross posted from Rory Blyth - make sure to check out his post for all the hilarious story. Sadly, this is dejavu for me…. :) As a developer, you’ve probably, at some unfortunate point in your life (possibly several points, actually), been handed an Excel file that has been crammed full of “data” by someone in marketing and told to “do something with it.” ...

Not sure if you were keeping an eye or not, but I got some space to play with ASP.NET - something that is exposed to the net and not only my machines at home - does bring up some interesting possibilities. If you want me to upload some code that you might have to run then let me know, we just need to coordinate as I cannot create subfolders (unfortunately) - yet anyways. :) ...

I came across this blog entry talking about the new transactional NTFS in action ; very interesting and very cool (yes this is in Longhorn - you can check out some screen shots). What is more interesting is that internally people at MS have started using it, but the question that comes to mind is, is that outside of Longhorn (are there any bits running on Windows 2003 Server or XP, etc)? ...

Now that Microsoft has officially released the 64bit of Windows , what is more interesting is you can upgrade your 32 bit OS to 64 bit for free (you need to order before July 31st) - yep its true - for free - nada, zilch, nothing. But, heh heh yes, there is no free lunch in life. To upgrade you give up the rights to your 32 bit OS and must own a 64 bit CPU (e.g. my media center has a AMD 64 Athalon). More importantly you might not have drivers for all the hardware - is this important? Yep, it is very important actually because the 64 bit version will *not* support 32-bit device drivers and will not run any 16-bit applications. ...

MSRA SRC is a tool for searching web with the Search Result Clustering (SRC) technique, that was developed at Web Search and Mining Group in MSR, Asia. On-the-fly it clusters a search engine’s search results into different groups, and provides meaningful and readable names for these groups. SRC changes the traditional representation of search results into a non-linear way, so as to facilitate the user’s browsing. ...

This has to fall in the wacky-ideas’ category. Dian has an interesting post (cross posted here) about Roger Green and David Cook seem like your run-of-the-mill high tech execs – well dressed, well spoken, bright guys. That is, until they tell you their business plan. Dian heard it at a party at the Gartner conference, then did a quick interview with them. And then you have to wonder, are these guys whacked? ...

Let me start of by saying that Firefox is some decent amount of code, and if you read this blog regularly you know I have use that as my primary browser as opposed to IE. In spite of all the comparisons and market share updates , I still have a few issues with it - and these are serious issues (in my context) and not minor gripes. ...

Well, when you combine two great ideas then the outcome is simply mind blowing. This has to fall in the category of “Why the heck did I not think of it!” and is totally awesome! Paul has combined the power of Google Maps and Craigslist into one application where if you are looking to rent or buy a house you can not only see it on the maps but also the satellite view! How sweet is this? Now I am just waiting for London to show up… dang, all the fun kicks off when I move from the US. ...

I have been thinking of a couple of books and would like to know if anyone actually have bought them and what their perspective on those are? Thanks to Murty for pointing out the CLR one…. Sockets, Shellcode, Porting, & Coding: Reverse Engineering Exploits And Tool Coding For Security Professionals Customizing the Microsoft .NET Framework Common Language Runtime Has anyone used these? If so, what was your take on them? ...

Not sure, when this was “launched”, but Google maps are now available for UK . Interested in knowing where I live, then click away ! Unfortunately, the Satellite view is not available right now, you can only look at it at the country level which does not help. ...

This is sweet timing, I just got my old HDD (2.5") on a USB up today and over the weekend Whidbey Beta 2 was released on MSDN to download , how sweet is that? Make sure to uninstall any previous versions you might have of VS.NET 2005, Yukon, Emulators, .NET CLR 2.0 (including CF.NET), etc. I will be checking it out over the next few days and letting you know what I find. ...