invisibill.net

Plane! (27KB)

Another great time waster. Simply use your arrow keys to move your ship around so you don’t get hit. When you do get hit, you will be shown how long you lasted. Your time in seconds is at the end of the first small line of text. Note that is an executable, so save it to your hard drive and play it anytime you want. Friends have gotten as high as 33.448 if you want a goal. =)

And the latest web browser vulnerability. This one is a major problem on IE, a slight problem on Gecko browsers, and reportedly not an issue on Opera. It’s a new trick that makes an old trick harder to detect.

The “@ URL” trick has been around for a while. You can log into a website with http://username:password@www.something.com/. The trick involves creating a URL for your site that had a username consisting of what appeared to be a good domain name. For example, http://www.microsoft.com@www.invisibill.net/. This will take you to http://www.invisibill.net/ as user www.microsoft.com. Generally people would use character encoding (see NATATA Anti-Spam in my software section) to create a really long URL. Users would only see or understand the first part, www.microsoft.com. Opera has a neat method that warns a user when they click on a URL like this, and Bugzilla already has talk of adding a similar feature to the Mozilla browsers.

This is where the new vulnerability comes in. %01 is one of these encoded characters. It’s a special character that causes the browser to think it’s the end of what should be displayed. Like the above example, http://www.microsoft.com%01@www.invisibill.net/ will send you to http://www.invisibill.net/ as user www.microsoft.com%01. However, the %01 cuts off the browser display. Rather than relying on the fact that most people won’t notice or at least won’t understand everything after the first part of the URL, scammers can now completely hide the rest of the URL. In Mozilla, only the status bar is affected by this; the mouseover URL will be cut off. In IE, the status bar and the Address bar will both be cut off. If you click the Test button below in IE, you will see this page in your browser window, but the Address bar will still show http://www.microsoft.com.

Note that my domain’s URL forwarding puts the actual site into a frame with an unchanging URL showing. Use http://s87708598.onlinehome.us/ to access it without the URL forwarding stuff.

With this trick, and clever mouseovers and link names, even pros could be fooled, due to all the redirects that now result in a much longer URL than you originally used. This trick could make it much easier for scammers running copies of popular websites (in order to get you to submit information like passwords or credit card numbers) to fool people into believing it’s the legitmate site. Be extremely careful until this is fixed, and hand-type URLs just to be sure if you have to. Rather than following a link in an email to verify your information with some site, open your browser and type in the URL. It’s the best way to be 100% sure you aren’t being tricked into going somewhere else.

When I started my computer up this morning, KPF warned that my trial period was almost done. Trial period? It’s supposed to be free for home users…

Apparently that’s changed in the new version.

” After installation, KPF works as the full edition for 30 days, after which it becomes the limited free edition. … Limited free edition does not provide the content filtering capabilities such as blocking pop-up windows, ads, VB scripts, cookies, etc. and other extra features. Please see the comparison table for more details.”

http://www.kerio.com/kpf_comparison_version.html

It’s mostly just the content filter and a few other little things that stop working after the first thirty days. You can easily compare the free version against the full paid version, as well as version 2.1.x. Take a look at that and figure out which one suits you best. Also note that you get a 12 month subscription for updates and upgrades when you register, not the old-fashioned type a license for the current major version. You might end up with v4.0.0.0.1 after that year, or you might end up with v6.5.

More on DNSer. I switched to a Netgear MR314 for 802.11b access, and this router wasn’t listed either. Here’s the info needed for the MR314, if you have one too.

;----------------------------------------------------------------------------;
;This is a template for Netgear MR314 Router, Firmware  V3.29(CF.0)b1 | 6/19/2002
;Contributed by Bill Talcott
;If your router's LAN IP isn't 192.168.0.1 you should change it accordingly:

[Source]
Interval=55
URL=http://192.168.0.1/mtenSysStatus.html
URL1=http://192.168.0.1/mtenSysStatus.html
User=admin
Pass=secret
Prefix=IP Address :                                                   <B>
Count=1
Log=1
;File=mr314temp.html
;----------------------------------------------------------------------------;

That should pretty much do it. You need to specify the first URL to establish a session, and the second one to actually get the status page.