Nasty new IE vulnerability

Most people reading are probably aware of the common trick whereby spammers and other assorted ne'er-do-wells publish URLs with usernames that look like hostnames to fool people in to trusting a malicious site - for example, http://www.microsoft.com&session%123123123@simon.incutio.com. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.

Today's new Internet Explorer vulnerability makes the problem a hundred times worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch for a while either; the guy who discovered the bug released it to BugTraq on the same day he notified the vendor.


[Simon Willison's Weblog]

Javascript Trick

Did you know that you can execute javascript statements against a web page, just like using the Immediate window in Visual Basic 6? I just learnt this today.

Browse to a web page that has a disabled textbox and type this (replace the form and textbox names) in the address bar and hit enter.

javascript:void(document.Form1.txtBox1.disabled = false)

Presto you have an enabled textbox! Think of all the fun you can have on web sites that only have client side validation?

WinFX: An All-Managed API

Ian Griffiths has an excellent article on WinFX (the managed API for Longhorn). It also gives you a clear insight into the future of .NET and why we all will be ultimately developing using .NET. If you don’t know what WinFX is then read this. [Read more]

It’s Official — Office is an Operating System

When you can write nearly perfect versions of PacMan and Space Invaders in your favorite productivity application, you know it's crossed the boundary. Of course, treating cells like pixels and implementing the game by changing the background colors probably wasn't what the Excel developers had in mind, but frankly, that's not much different than what the guys writing the original games had to deal with. Wow.
[Marquee de Sells: Chris's insight outlet]

Mystic Microsoft

This was a fascinating ebook, it was so good that I read the whole book in a weekend.

Spiritual Transformation in the Halls of High Technology - Kraig Brockschmidt, former employee of Microsoft wrote this draft copy for his (new) book. Not sure if its been published yet or not but its very interesting. Its not about MS's products or about arguments over Linux/OpenSource etc. Its about the spiritual transformation which the author went through during his 8 years of work at MS. [via Ramesh]


[WebLogs @ ASP.NET]

ActiveWords SE

 This is another must have utility for keyboard freaks like me. Now you can download it for free until January 10 2004.

In Lockergnome Windows Fanatic and IT Professional Newsletters, we notified readers of a free license for ActiveWords SE. It's for the regular version not ActiveWords Plus. Gnomies, of course, are welcome to try the 60 day trial of ActiveWords Plus and get a 20% discount. (Meryl)
[Lockergnome's Technology News]

Tech Rich Guy Give It Back

Shel Israel talks about the rich guys who are giving their fortunes back to improve the world. Notable is the Bill and Melinda Gates who have donated half their wealth in this year alone.

I too really want to do this although I might not be rich enough to give away money but am certainly looking forward to volunteering my time to help out in good causes. The only problem is that I can’t seem to find enough free time on my hands.