Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Sandi is on holidays!

September 28th 2007

My family and I are on holidays for a few weeks, so things will be quiet around here.  I am not planning to do any blogging until mid-October. That being said, keep an eye on my blog; there is an announcement already written and scheduled to go live in my absence [;)]

Read On 1 Comment

In IE7 you cannot use an application to programmatically enumerate IE7 instances in a desktop other than the default desktop

September 26th 2007

This issue occurs because of a change in behavior in Internet Explorer 7. In Internet Explorer 6, the ShellWindows object is associated with the following CLSID:{9BA05972-F6A8-11CF-A442-00A0C90A8F39} This object is a COM local server that exists for each desktop. When you use the CoCreate function to create a ShellWindows instance, the instance is bound to the […]

Read On No Comments

HOTFIX: Problems may occur when you try to use POST method or the GET method to pass Form data in a Web page in IE7 or in IE6

September 26th 2007

Symptom 1 The POST method or the GET method may encode certain characters as Unicode numeric character references. For example, these methods may encode あ as %26% 2312354%3B. This problem may occur in Web pages that contain Japanese characters. Additionally, the Web pages are marked with a charset of windows-31j in the HTTP headers. Symptom […]

Read On No Comments

Fight back: MS targets Storm malware

September 22nd 2007

Microsoft quietly added detection of the “Storm” family of malware to the September build of its Malicious Software Removal Tool.  The MSRT is released as part of the monthly security update cycle (although I do wish it was updated more often – it can be an extremely effective tool in the fight against malware, as […]

Read On No Comments

SECURITY FIX: Mozilla Foundation Security Advisory 2007-28

September 19th 2007

As noted here, a vulnerability involving Firefox and QuickTime was reported, and code advising how to take advantage of that vulnerability has been published. As noted by Mozilla, “Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript […]

Read On No Comments

Developing Safer ActiveX Controls Using the Sitelock TemplateDeveloping Safer ActiveX Controls Using the Sitelock Template

September 18th 2007

The IE team have blogged about the release of a new version of the SiteLock Template for ActiveX Controls.  I can’t stress strongly enough how important it is that developers place security first when developing controls.  Over the years there have been numerous instances where ActiveX controls have exposed a vulnerability that has been exploited […]

Read On No Comments

HOTFIX: You may be unable to use an FTP application to upload a file to a remote server on a computer that has Internet Explorer 7 installed

September 16th 2007

On a computer that has Windows Internet Explorer 7 installed, you may be unable to use an FTP application to upload a file to a remote server. This problem occurs if the application is based on WinINet FTP functions. This problem occurs because of an access violation that is caused by the InternetWriteFile WinINet API […]

Read On 3 Comments

One little apostrophe made all the difference

September 16th 2007

This link, when clicked on in Outlook, generated an error message in IE7 (The original URL is now changed, so don’t try it): http://www.castlecops.com/a6827-eChecks_and_Credit_Charges_–_I_Didn’t_Authorize_That.html The error was: Internet Explorer cannot read this webpage format  HTTP 406     What you can try:      Go back to the previous page.       More information This error (HTTP 406 […]

Read On No Comments

Have you been to Egypt?

September 15th 2007

We’re taking a real family holiday in a few weeks – the first one that we have taken as an entire family in a very long time – and it is very special – Singapore then Cairo, then Frankfurt, then Zurich, then Paris, then Versailles, then Mont St Michel, then Neuschwanstein Castle. Anyway, I’m hoping […]

Read On 1 Comment

Dead man wakes during autopsy

September 15th 2007

This is nothing short of unbelievable. “A VENEZUELAN man who had been declared dead woke up in the morgue in excruciating pain after medical examiners began their autopsy.”

Read On 1 Comment