currently 11:04pm Friday 5th September, 2008 (NYC, New York)
|
February 2005 archives
The following are all the entries published for the month of February 2005. icequeen passes core exam
Saturday 26 February, 2005 at 9:53AM (Nereus) :: permalink :: comments (1) So much for having time to blog more. Seems I've had one thing after another to chase up, and all of the sudden it's the weekend and my classes for the spring semester start on Monday. As you can see from the title, Ice passed her six hour core exam, which is a significant milestone in her academic career. It's a very tough exam and you are only given two opportunities to take it, and if you fail the second time you cannot try again. Congrats Ice, I knew you'd pass it. I'm proud of my clever Weasling. *strut* In other news.. hmm, well anything else just pales in comparison doesn't it. There's been a number of stories I wanted to write about at the time, but they have become somewhat redundant now. calculus final exam over
Tuesday 15 February, 2005 at 12:06PM (Nereus) :: permalink :: comments (4) Woot! I just finished the finals for calculus, thank fark. I think I did well on the final, but I won't know for a couple of weeks. If I get 100% then I should just manage an overall grade of A- (depending how everyone else did), otherwise I'll get a B+ (providing I get at least 85-90% on the final). A grade of B+ would be disappointing in a way since it would be my first grade under A- ..but at the same time an achievement since I haven't studied or used mathematics for 15-20 years (except trig last semester), and at the same time managed to cram three and a half months of class into six weeks with a much-feared course that assumes a pre-existing good working knowledge of algebra and trigonometry. Hopefully the six hours of homework a day paid off, and of course having a really good Professor makes a world of difference, so thanks Prof Bob Putz, you've got great skills in making a molehill out of a mountain. Much credit is also due IceQueen; I doubt I would've kept my head above water in this class without her tutoring along the way, so thanks babe. These last six weeks of study are why I haven't posted much recently. I have a bunch of things to sort out now that finals are done with, so hopefully I'll start posting regularly again soon (if anyone gives a toss) ..although in less than two weeks I start another semester with three of the classes I'm taking being honors level, so I'm gonna be busy.. heh. severe browser exploit warning
Monday 7 February, 2005 at 12:09PM (Nereus) :: permalink :: comments (18) Want to own ANY domain? Want a trusted SSL cert for it? Now you can. Website shmoocon.org (basically a website for last weekends first annual hacker convention held in Washington DC) just released details of this very nasty browser exploit. Summed up in one sentence, International Domain Name [IDN] support in modern browsers allows attackers to easily spoof domain name URLs and SSL certificates. In December 2001, a paper was released describing 'homograph' attacks which theoretically allowed an attacker/phisher to spoof the domain/URLs of businesses, however no browsers had implemented Unicode/UTF8 domain name resolution at the time this paper was written, so it wasn't really an issue. Now we are in 2005, pretty much every recent gecko/khtml based browser implements IDN. The exception, ironically, is Microsoft's Internet Explorer, which in recent times has been synonymous with the term 'exploit'. The reason IE appears to be uneffected is because it has not yet fully implemented support for unicode in links; for once being non-standard may actually have helped MSIE. Vulnerable browsers include (but are not limited to) most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54 and Omniweb 5. Verisign and Apple have not responded to this exploit as yet, Opera believe they have correctly implemented IDN and will not be making any changes (oh really?), and Mozilla are working on finding a good long-term solution but have provided a clear workaround for disabling IDN in the interim, which appears to be effective. To see this in effect, go to the site http://www.shmoo.com/idn/. Clicking on either of the two links in that webpage using anything but IE should result in a spoofed paypal.com webpage. What happens is that the links are really directed at the URL of "http://www.p & # 1 0 7 2 ; ypal.com/", which the browsers code handlers render as www.xn--pypal-4ve.com, and the code there with the 1072 in it is read as the letter 'a' (when all the spaces are removed) using character coding, which is how the exploit works. Scary. Phishing attacks are the largest growing class of attacks on the internet today, and you can bet that phishing attacks of doom (and similar) will be commonplace very soon using this method. There are a few methods to detect that you are under a spoof attack. One easy method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert to see if it's using a punycode wrapped version of the domain (starting with the string 'xn-'). Basically the only 'safe' way to follow a link is to view the target and just type it into the address bar manually. An apparent workaround for FireFox has been posted by BoingBoing.net:
Check your browser manufacturer's home page frequently over the coming weeks for updates and patches which are bound to appear, and be very cautious in the meantime in following links, particularly where any of your personal details or passwords are required. Thanks to John who informed me of this exploit. ..update 3:20pm same day.. The FireFox workaround isn't exactly successful. It works after doing that workaround while the browser is still open, but if you close the browser altogether and then reopen it, the browser reverts to the default setting of 'true' for that network.enableIDN setting, even though it still says 'false' on the about:config page. I'm waiting for some kind of release from Mozilla regarding this issue. ..update 9:20pm same day.. A successful workaround has been discovered so that the IDN support stays off from session to session, and involves a simple edit to the compreg.dat file. Please refer this comment for details of the fix. Cheers. weasling's birthday
Thursday 3 February, 2005 at 10:32PM (Nereus) :: permalink :: comments (3) It's IceQueens birthday today! Happy birthday Weasling! Ice has her core exam tomorrow which is major; she's been studying almost 24/7 for ages, even taking the last three weeks off work to study for it. You only get two attempts at it and it's really tough, but she'll do well I'm sure. Clever little Weasling. Birthdays have been a bit of a non-event around here for study reasons, so perhaps we'll go out and celebrate when we've both finished with our exams (my finals for the winter semester are the week after next). endangered maui's dolphins
Wednesday 2 February, 2005 at 8:01PM (Nereus) :: permalink :: comments (0)
Maui's dolphins are very easy to identify. Their most distinctive features are their:
Basically look for distinctive black markings: a black face, flippers, dorsal fin and tail and a crescent-shaped black mark that runs between the top of each eye, up over the blowhole. Thanks. |
  current weblog entries weblog archives syndication (atom/rss) weather forecasts related utilities online games psychic mind reader the bad day cure internet security webmaster resources password generator gisborne surf, nz goat island bay session las vegas 2005 bbc world headlines cnn world headlines michelle malkin usgs earthquakes daily rotten news national geographic time world headlines time photoessays urban scrawl site info urban scrawl site map contact the author linkage list  random quote: Eagles may soar, but weasels don't get sucked into jet engines. -John Benfield     |
|
| |
This is a notice for all New Zealand surfers on the west coast of the North Island. The Maui's Dolphin lives only in New Zealand waters along the west coast of the North Island, and is thought to be down to a total population of just 100 mammals. The World Wildlife Fund is asking surfers at beaches like Piha and Muriwai to watch for the species and report any sightings, particularly near harbours where limited protection is provided against fishing threats such as set netting. If you spot any of these dolphins, please report the sighting asap on the toll-free number 0800 4 MAUIS, or you can submit the sighting online at the 