Daily Archives: December 5, 2006

News from the other side

Posted on by

This just has to be the best opening paragraph in any column in 2006:

I nearly died last month, but it wasn’t serious. I woke at 1am on a Saturday morning with a pain in my chest; went to the bathroom; the pain increased; I fell over; got up; absurdly, went back to bed with the thought that this should go away; then realised what was happening.

John Lloyd, the formidable FT columnist, had a cardiac arrest. He was saved by the quick thinking of his Italian wife, and by the National Health Service. At one point, his heart actually stopped. Like the great journalist that he is, he saved up the experience and made a column out of it. (Columnists — and now, bloggers — resemble the old Chicago meat-packing industry, which used to boast that it “used every part of the hog except the grunt”.)

In the days that followed, in the midst of gratitude for a well of affection and support from friends and family, three main sets of thoughts passed through my jumbled brain. I regretted having no last thoughts worthy of remembering. I did think I was dying — but the thought came and went. I wanted my son to be there. I did feel my sins heavy on my head but, too late to become a Catholic, I could not shrive them — and a self-satisfied, lapsed-Presbyterian self-congratulation that I would not even if I could, passed through my mind.

Much of the time, though, was spent mentally wandering at random. I worried continually about an email I had not sent. I fretted about what had happened to the car, which my wife had driven almost into the A&E Unit (and which may have accounted for the questions on drunkenness). Nothing to approach Goethe’s “more light”. I might have died worrying about a parking ticket.

It’s a lovely column — but one that, alas, is hidden behind a paywall. I read it in the paper edition.

MyTrojan

Posted on by

Here’s something from Insecure.org to make Rupert Murdoch choke on his muesli.

Overview

========

Myspace.com provides a site navigation menu near the top of every page.

Users generally use this menu to navigate to the various areas of the website. The first link that the menu provides is called “Home” which navigates back to the user’s personalized Myspace page which is essentially the user’s “home base” when using the site. As such this particular link is used quite frequently and is used to return from other areas of the website, most importantly from other user’s profile pages.

A content-replacement attack coupled with a spoofed Myspace login page can be used to collect victim users’ authentication credentials. By replacing the navigation menu on the attacker’s Myspace profile page, an unsuspecting victim may be redirected to an external site of the attacker’s choice, such as a spoofed Myspace login page. Due to Myspace.com’s seemingly random tendency to expire user sessions or log users out, a user being presented with the Myspace login page is not out of the ordinary and does not raise much suspicion on the part of the victim.

Impact

======

Users are unexpectedly redirected to a website of the attacker’s choice.

Users may be tricked into revealing their authentication credentials.

Affected Systems

================

Myspace.com: http://www.myspace.com

Here’s GMSV’s account:

Some MySpace users are getting their first taste of an STD — a socially transmitted disease. Identity thieves are using a vulnerability in the popular social network’s navigation to spread a particularly virulent worm that steals log-in credentials and lures users to phishing sites. Attacks begin with a rigged QuickTime video. “Once a user’s MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways,” WebSense explains. “The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site. Any other users who visit this newly-infected profile may have their own profile infected as well.” MySpace hasn’t revealed the extent of the infection, but an informal scan of 150 user profiles by FaceTime Communications found that close to a third were infected. That same ratio probably doesn’t translate to MySpace’s 73 million registered users — if it did we’d have a Black Death-style Web pestilence on our hands. So in the end this mostly serves as a reminder that everyone needs to pay more attention to security. “We’re continuing to make the same mistakes by putting security last,” Billy Hoffman, lead engineer at Web security specialist SPI Dynamics, recently told News.com. “People are buying into this hype and throwing together ideas for Web applications, but they are not thinking about security, and they are not realizing how badly they are exposing their users.”

Yeah, but we super-smart folks use the Julian calendar, stoopid

Posted on by

From Jon Henley’s diary in today’s Guardian

Worrying news, now, from Mensa, which in the December issue of its eminently readable magazine advertises a social event for members at the Royal Air Force Club in Piccadilly on Friday December 30. Our calendar, we see, says December 30 is a Saturday. But perhaps they know something we don’t.

This is delicious. According to Wikipedia Mensa is “a society for bright people, the only qualification for membership being a high IQ”. A more sardonic way of putting it would be to say that it’s a club for people whose aptitude for certain kinds of meaningless puzzles leads them to believe that — to use the venerable Glaswegian phrase — “their shite is marmalade”.

Moonlight on the Cam

Posted on by

The BBC Radio 4 PM programme had an interesting idea. They asked anyone with a camera to take a picture of where they were at exactly 5pm today and post it to them. At that moment, I was crossing the river Cam at Grantchester (right opposite the house where Bertrand Russell lodged when he was writing Principia Mathematica with Whitehead), so I stopped and took this. Quality is poor — I only had a point-and-shoot camera on me. But still…

LATER… I went back to the image and tried a different crop, which seems to me to be much more satisfactory:

Beware Xmas Fare!

Posted on by

James Miller pointed me at this!

Organisers of a village Christmas party have been told they must carry out a risk assessment of their mince pies – or their festivities will be cancelled.

Council bosses say posters will have to be displayed at the party in Embsay, in the Yorkshire Dales, warning villagers the pies contain nuts and suet pastry.

The cocoa content and temperature of the hot chocolate must also be checked.

Resident Steve Dobson said the rules had made the small party as difficult to arrange as the Great Yorkshire Show.

Mr Dobson said he learned of the regulations after writing to Craven District Council to ask if he could use a car park outside Embsay village hall to hold the free party for the community…