Free Republic

Cup of coffee actually a carboy of toxic Kool-AidSysadmin blog Right on cue, Java has responded to my hatred in kind. Shortly after I awoke to discover my previous article denouncing the language had been published, a client called to inform me his computer had contracted some malware. Java has, if you'll forgive the anthropomorphization of a bytecode virtualization engine, decided to exact its revenge. Closer inspection of the infection revealed deep network penetration that the installed antivirus applications were completely unable to cope with. The chief financial officer of the company relies on cloudy applications that require Java-in-the-web-browser. Contrary...

ZeroAccess is a sophisticated kernel-mode rootkit that is quickly becoming one of the most widespread malware threats.In a new technical paper from SophosLabs, malware researcher James Wyke explores the ZeroAccess threat, examines how it works and looks at what the malware's ultimate goal is.ZeroAccess has a resilient peer-to-peer command and control infrastructure, runs on both 32-bit and 64-bit versions of Windows, and has been constantly updated with new functionality, allowing it to thrive on modern networks and operating systems.From the distribution mechanisms used to spread it, through the installation procedure, memory residence and payload, the technical paper offers a deep...

See the HTML tags below. People should be outraged that they are so blatantly using the implementation of this website for political purposes. The website was first requested and established by OMB before Obama was even inaugurated, even though it wasn't authorized and probably violated standard government domain rules. The White House also uses this premier WebTrends marketing and analytics service (See http://www.whitehouse.gov/includes/webtrends.js). Is it really appropriate to spend taxpayer money to track viewers of a government website through a private marketing analytics company? Doesn't this indicate the degree to which the Obama White House, as opposed to OMB or...

Excerpt - Google have announced plans to take on Microsoft and Firefox with their own open-source browser, codenamed Chrome, by releasing a specially drawn comic by Scott McCloud explaining the app. Based on the existing Webkit rendering engine, Chrome will integrate not only tab-based browsing but Google Gears and a newly integrated search and address system called Omnibox. ~ snip ~

FReepers have come through to help me before, and I'm hoping that you can do it again. I have a school webpage, and I'm trying to improve their default layouts a little bit. Basically, I have a script that I found in a tutorial to open up a popup window. I want to use the same popup window for a bunch of different vocabulary words, so that the student doesn't wind up with 15 windows open. Here's my problem. The first window pops up. After that, the new page will go into the same window, but it doesn't get the...

Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday. According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the last few weeks. "For whatever reason, the number has just skyrocketed since the last of September," said Hubbard. "There are 10,000 unique sites using this exact same method. The strange thing is, they're completely different types of sites." It's not uncommon to see hackers and scammers try...

Single line of JavaScript allows systems to simply ignore authentication check Hackers have found a way to circumvent a check in Windows that aimed to prevent users of pirated copies from accessing software updates. By pasting a special JavaScript command in the address bar of the browser, users can disable the Windows Genuine Advantage 1.0 check that Microsoft took live last week. The Microsoft technology uses an ActiveX tool to force the user to go through an authentication check before he is allowed to access certain download sections on the Microsoft.com website. The JavaScript command simply instructs the computer to...

A number of recent phishing sites blocked by the Netcraft Toolbar community have had a common technique of using JavaScript to create a narrow popup window, which is then placed on top of the Address bar. A fake URL is entered into the popup, using the same default font as the real address bar. The script continually checks the location of the browser window and moves the popup accordingly, ensuring that it is always placed on top of the Address bar, thus obscuring the real URL of the phishing site. The image above illustrates a live phishing site in action....

I have a fairly specific Question for any webhead computer geeks (this incldes myself). Can anyone tell me of a comprehensive list of attributes for the document.getAttributeById() function in javascript? Particularly, can anyone tell me how to dynamicly change a css class on a DOM element? I thought that this would work but oh noooo: document.getElementById('id').class = "newClass" or document.getElementById('id').style.class = "newClass" Why can't browsers be compatable with my code?

IIS 5 Web Server Compromisesadded June 24 US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems.Web server administrators running IIS 5 should verify that there is...

Any javascript gurus out there who might answer this? When I find a link to a Washingon Post article on Google News, and click on it directly from the Google page, it goes directly to the article, without stopping at the Washington Post Registration page. But if I copy out that exact same link, and try to go to it by pasting it into the Address field of my browser, or try to use it in a FR posting, then the link sends me to the WP Registration Page. Does anyone have a clue how Google does this? Since clicking...

Bug opens up Javascript browsers to hackers Microsoft unmoved By Paul Hales: Tuesday 30 July 2002, 11:03 A RECENTLY-DISCOVERED vulnerability opens up Javascript-enabled browsers to make network PCs available to an external attacker. But Microsoft has chosen to ignore it. The hole was discovered by Adam Megacz and the details posted here yesterday. "The exploit," says the posting, "allows an attacker to use any JavaScript-enabled web browser behind a firewall to retrive content from (HTTP GET) and interact with (HTTP POST) any HTTP server behind the firewall. If the client in use is Microsoft Internet Explorer 5.0+, Mozilla, or Netscape...