Simon Willison’s Weblog

Items in Feb, 2004

Filters: Year: 2004 × Month: Feb ×

Goodle Good News (via) From everyone’s favourite search engine (maybe). # 28th February 2004, 1:57 am


I’m going to try not to turn this in to a blog about Windows security exploits but this one is genuinely interesting in that it actively tries to steal financial information and important passwords. Bizex spreads itself by spamming messages over ICQ advising the recipient to visit a specific URL. When they visit it, Internet Explorer exploits are used to download and execute the main payload which then infects their ICQ program and uses it to message their contacts. The worm also scans their hard drive for information relating to a number of well known financial services which it then uploads to a server via FTP, and it apparently snoops on their browser for any passwords travelling over HTTPS connections as well.

[... 216 words]

Mod_python’s PSP: Python Server Pages. Grisha spills the beans for ONLamp. # 27th February 2004, 8:45 pm

Crap marketing sites is McDonald’s excruciating “I’m lovin’ it” site targeted at Asian Pacific Islander Americans. With gems like whether we’re sipping green tea or enjoying a Big Mac sandwich, we’re helping make the magic mix called America become even richer you can’t go wrong. Meanwhile, the infamous beef industry sponsored cool-2b-real has rebranded itself as “zip 4 tweens”—for “tween” kids—not quite teens but definitely not children! Where’s the raging platypus when you need him?

[... 82 words]

Textpattern: Download. Texpattern 1.12 gamma is go. # 26th February 2004, 3:06 am

Finding open locks on Postgresql. May come in useful in the future. # 26th February 2004, 2:33 am

Software that we really need. b3ta Photoshop challenge. Some of these are priceless. # 26th February 2004, 2:14 am

Classic computer science texts (via) A collection of historic computer science papers. # 26th February 2004, 12:42 am

Gothamist Interviews: Paul Ford. “the only way to ignore advertising is to die” # 25th February 2004, 11:47 pm

Novel security measures

An article on SecurityFocus led me to this site about Port Knocking. Port Knocking is an interesting security technique in which a box sits online with no ports open to connections and awaits a specific sequence of connection attempts. A user wishing to connect to the box must first attempt to initiate connections to ports in a specific, secret order. Once they do, the box starts up the required service (such as an SSH daemon) on a designated port and allows the user to connect properly.

[... 145 words]

Side-stepping IE. A round-up of techniques for dealing with IE’s poor CSS support. # 25th February 2004, 8:58 pm

Freedom to Tinker: Great Books. Which five science and technology books should every student read? # 25th February 2004, 8:57 pm

Yahoo! vs. Google. Visually compare the top 100 results for a specific term. # 25th February 2004, 8:56 pm

Migrating from PHP 4 to PHP 5 (via) It’s getting closer... # 25th February 2004, 8:46 pm

Google Search: spong monkeys. I’m second. Rock! # 25th February 2004, 3:32 pm

Tear Your iPod mini Open To Get The 4GB Hard Drive? 4GB of Digital Camera storage for less than half the normal price. # 25th February 2004, 3:23 pm

Trepanation. Drilling a hole in your head. Not for the squeamish. # 25th February 2004, 3:22 pm

Goliath. WebDAV client for OS X with SSL support. # 24th February 2004, 9:57 pm

Why is this site grey today? Kottke on musical sampling without prior consent. # 24th February 2004, 6:31 pm

Grey Tuesday

I’m supporting Grey Tuesday.

[... 5 words]

“I’m Brian and so’s my wife”

I’m subscribed to a whole bunch of mailing lists, mostly as a lurker as I have a hard enough time just keeping up with some of them. One of those lists is Bugtraq, which is pretty much required reading for anyone with sysadmin responsibilities for a server connected to the public internet. Bugtraq is the central hub of the “public disclosure” security community and is actually surprisingly low traffic with only twenty or so messages a day. It’s fascinating to watch the latest exploits for all manner of popular software packages tick by on an hourly basis.

[... 285 words]

ATM scam alert (via) Photos of the “skimmers” used to steal ATM card and pin details. # 23rd February 2004, 7:47 pm

Feed Me. RSS feed link usability still sucks. # 23rd February 2004, 7:10 pm

Codeville (via) Not content with revolutionising file distribution, Bram “BitTorrent” Cohen has his sights set on CVS. # 21st February 2004, 1:24 am

Recommendations for a cheap US dial-up provider?

I’m in the market for a cheap US dial-up internet provider. I’m connected via broadband most of the time but I really need to get a backup modem account. In the UK, dialup accounts are available for free with the cost of the phone call as the only charge applied. I haven’t heard of any similar deals in the states, so I’m looking for recommendations. I won’t be using it very often so the cheaper the better.

[... 77 words]

Flowers for Al and Don (via) Send flowers to gay couples waiting in line to get married in SF. # 20th February 2004, 11:54 pm

Big and Bad (via) Why SUV safety is a myth. # 20th February 2004, 7:17 pm

WackyCam. Play with your iSight. # 20th February 2004, 7:17 pm