After reading the full-disclosure list for more ASP.NET vulnerability information, I came across a report of spyware installing on fully-patched XP SP2 IE instances.

The thread is here.  Basically, a site is forcing a CAB file down user’s throats without any sort notification.  If you want to try it out in VMWare or some other safe environment, jump to the URL

I can’t repeat it enough: Install Firefox today.

Read full post

Neat Image is a tool for automatically reducing digital camera noise.  I tried it out last night on a few photos - it manages to clear up a lot of random noise you see when zooming in on most digital pictures.  Best of all - it’s free for personal use!

I managed to get results that were pretty good, but not as striking as their examples.  I suppose the developers of the tool would understand how to get the most out of it.  You’ll notice a subtle difference in the shots that you’ve processed with the tool. 

It’s a bit of extra work for each shot, but I think it pays off to clean up the pictures you really like.

As far as I know, cleaning up pictures this way won’t affect how they look when printed professionally.  I believe that proper processing blurs the image enough that you won’t see small per-pixel artifacts.

Read full post

Has anyone noticed that Microsoft is willing to admit to that “a bug in ASP.NET canonicalization exists”, but refuses to divulge any more information?  Considering that the information is easily available and being distributed by bloggers between themselves, you should have all of the information at your fingertips to protect yourself.

Basically, the bug involves subverting Windows or Forms authentication by modifying your URL slightly.  By replacing traditional URL slashes with backslashes, you can fool ASP.NET into serving files that should be protected.

Note that you’ll need to use Firefox to check out some parts of this bug, since IE automatically replaces DOS-style slashes with URL-style slashes in the address bar.

The original message is here on NTBugTraq.  Don’t let Microsoft keep the important security information away from you!

Note: there are alternate ways to exploit this bug by using the URL-encoded version of a slash to subvert the URL scanner.  The one described above is the easiest attack to implement.  I’ll post more information here as I discover it.

Read full post

GrokLaw is just reporting that Microsoft’s FAT Patent has been rejected.  This is good news!  Check out the story on GrokLaw, or read the good bits here:

At PUBPAT’s Request, Patent Office Rejects Microsoft’s FAT Patent: All Claims of Reynolds ‘517 Patent Ruled Invalid

NEW YORK – In the reexamination proceeding initiated earlier this year by the Public Patent Foundation (“PUBPAT”), the United States Patent and Trademark Office has rejected all of the claims of Microsoft’s patent on the FAT file system, which Microsoft describes as “the ubiquitous format used for interchange of media between computers, and, since the advent of inexpensive, removable flash memory, also between digital devices.”

One down, 500 million to go.

Read full post

I repackaged nprof 0.9 to include the missing msvcr70.dll that didn’t make it in the first time. With any luck, this should fix the issues with loading DotNetLib that people were having.

Read full post