Yet Another Microsoft IE Cross Site Scripting Bug

From http://www.networkworld.com/news/2011/012811-microsoft-warns-of-new-windows.html

See the security advisory issued by Microsoft on the Windows’ MHTML (MIME HTML) protocol handler vis a vis running malicious scripts within Internet Explorer. The article says:

“An attacker could pretend to be the user, and act if as he was you on that specific site,” said Storms. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.”
Microsoft elaborated on the threat. “Such a script might collect user information, for example e-mail, spoof content displayed in the browser or otherwise interfere with the user’s experience,” said Angela Gunn, a Microsoft security spokeswoman, in a post to the Microsoft Security Response Center (MSRC) blog.

Apparently Microsoft does not have a patch, but has provided a “Fixit” tool to automate the process of editing the Windows registry and let users continue to run MHTML files that include scripting after approving them in a UAC warning) box. To get the  Fixit tool goto Microsoft’s support site.


Technology News this week

From ExtremeTech.com news there are several interesting items with write ups this week.

Photo of NASA NanoSail-D

NASA photo of NanoSail-D in space

NASA has apparently placed a solar sail device in orbit (see here and here). As most of you know, a solar sail is a thin sail which catches solar particles the way a conventional sail collects wind. Extreme Tech says this may be our best bet for interstellar space travel. Personally, I’m hoping for a warp drive. Aaaannnnnnd. Nanosail-D is apparently a pretty smart device as it has its own active Twittter channel, at http://twitter.com/#!/nanosaild. Huh. A shiny metal sail that tweets.

Innovation company, 3M, which pays their employees to spend 1/5th of their time inventing new things (useful or not) has found another apparent success. See here and here. Yes, from the company which turned a failed attempt at a super adhesive into explosively popular Post-It notes, another market changing innovation has come: by using silver instead of idium / tin oxide, 3M has developed a way to mostly eliminate the bezel framing flat screens. The 3M silver technology is 10 times faster than ITO and the required support circuitry requires an order of magnitude less space. Soon, you will be able to touch your touch screen all the way to the edge, quickly.

Extreme Tech reports that German design firm Orkin has developed a flexible laptop computer that can be rolled up – at least at pre-defined points. See here. Soooooo, I guess you roll it up and put it in your back pocket until you need it. That might be an iPad killer with the right apps. There are a bunch of videos in the Extreme Tech article.

Finally, a team at The University of Zurich’s Institute of Neuroinformatics has developed a robot that can balance a pencil on its point. Right, not it side, its sharp point. This is considered an advance in robo-technology because machines that interact with humans must be able to process and react quickly. The ability to make a machine that can use two visual sensors to “see” where the pencil is and adjust a table under the pencil quickly enough to keep it standing on its point, is a breakthrough.


Next Smart Phone not a Smart Phone

Note: this article is the writers personal opinion. It is based upon almost 40 years of experience in small computers and communications, but it is still an opinion. It is presented AS IS. All use is at your own risk.


According to an article in Network World over half (65%) of persons choosing a new phone will not choose a smart phone, but a less featured ordinary “dumb” phone. Images showing November 2010 survey results can be seen here and here. Apparently, owners of any Android variety are more likely to upgrade to a full smartphone than other types, with most people choosing to buy a phone that lacks even basic Internet or texting.

The survey found that 49% of current Android owners traded up from a not-smartphone while 13% switched from a BlackBerry device. 11% of Android owners are on their second Android device, compared to repeat buyers of iPhone at 26% and BlackBerry at 32%. It is rather astounding that 11% of a random sample would even be on a second Android… Android is essentially only two-years old.

The most common business reason given for refusing to buy a smart phone were that the high cost of ownership and requisite service contracts was not justifiable: very few felt the devices were too complicated for them to utilize. A Dutch friend of mine once told me that in Holland phones are $5 each and include all capabilities: no roaming charges, not extra fees: they buy several and keep them in a basket for out of town guests to use. By comparison the cost to Americans of nearly $100 per month with a multitude of restrictions, abusive early cancellation penalties, and piles of extra add-on fees, is rather repugnant.

For business this should be awake up call: clearly consumers are tired of expensive and deceptive contracts that add more charges after the fact. Of course telephone companies have pulled this for years, but with the mobile market it has been far more abusive than before. The net result of American mobile plan pricing is apparently to discard 65% of the market by charging drastically more than the market will bear. Watch for a severe adjustment as enabling factors are already in place: China and other foreign powers are rapidly buying up foreign markets.

All that would be required to completely own the American mobile market is for a Nokia, a Wal-Mart or another large Chinese corporation to decide to offer a no hassles plan everywhere in the US with a flat $20 fee. The existing top heavy mobile corporations that are charging substantially above market price are not likely to adjust fast enough to survive: their thinking seems to be that they can control the market, which is a fantasy that can exist only until competition recognizes this low hanging fruit waiting to be eaten and simply takes over.

There is no such thing as a free lunch: there is only temporarily above market pricing followed by a market adjustment. Such a take over could be achieved in one or two months, suddenly resource starving the existing American players with an extreme interruption in their cash flow that would force them to either accept their rival as their Hegemon by stock exchange or merging, or at least forcing them to sell off their towers and fiber and drastically resize human assets sufficiently to meet payroll in the third month. With something like a $32b trade imbalance right now China does have the cash required. At that point market terms could be set by the survivor, most likely a 50% correction (prior $60/month average – minimum $20/month)/2 resulting in a flat market price near $39.95/month.


The Real Reason Open Source is Growing: Paranoid Politicians

Note: this article is the writers personal opinion. It is based upon almost 40 years of experience in small computers and communications, but it is still an opinion. It is presented AS IS. All use is at your own risk.


As a consumer advocate and somewhat self-interested business owner, my evaluation of any circumstance or potential change involves the instinctive question as to how it will affect me, or more candidly, how it will hurt me and what I can do to protect myself. Everyone does that. What really waves a red flag is when someone is less than transparent with us: employment interviews, contracts, or whatever.

In a United States where Constitutional Law is a variable which can be changed upon a whim for government convenience, where citizens are forced to stand spread eagle in front of a machine that electronically removes all their clothing so that their naked bodies (lots of links to this, and here, and here, and here,  and a story of how one man successfully protected his constitutional rights here, and it actually has created a new market for privacy protection, see here) are studied in detail  in a back room with promises that the powerful image processing computers they use cannot possibly save the image file for use later (see here and here and here and here), such as for evidence, or to send 50,000 of those images back to the factory for “technical” reasons, even if they whipped out their cell phone and took a pic of the computer screen, and then those citizens are sexually assaulted and their genitals actually fondled by minimum wage ‘security’ personnel who can’t get a job anywhere else, under the unsupportable excuse of airport ‘security’ (so far as we know to this date not one terrorist has ever been caught by this system, although many citizens with medical problems have had their urine dumped all over them, etc.), it is not too difficult to see how someone could find a clause in that 1,000 page “Homeland Security Act” that allows everything on anyone’s computer to be provided to some ‘security’ agency for the same excuse that they sexually assault the young women who wear dresses in airports: ‘just in case there might be something in there’ of interest. The only thing this systematic dehumanization of American Citizens does is restrict travel.


The US Constitution refers to both as Unreasonable Search. It is highly illegal from the most fundamental level. So far as we know to this date not one terrorist has ever been caught by this system: the only thing this systematic, criminal, dehumanization of American Citizens does is restrict travel.


Don’t get me wrong on this:  I have seen pictures taken by a modification of the typical Airport Porn Machine, er full body scanner, which is mounted in an unmarked “ZBV” (Z Backscatter Van) cruising the streets in southwestern towns and used to scan vehicles to find illegals. Look here and here and here. Most of the pics have been quickly censored by the perpetrators, since they are in a position to do that to cover their tracks. I am told several thousand of those vans are out there, working, right now. I have not made one complaint about it. I really don’t care if they scan people ad infinitum in airports, or city streets, or anywhere — BUT DON’T RUB IT IN OUR FACE. Have a little professionalism about how you law enforcement types break the law. Demonstrate enough respect for our Constitution that you don’t violate our most fundamental Rights of Citizenship by treating American Citizens as if they are middle ages European serfs. Scan me anytime you feel like it BUT DON’T TELL ME ABOUT IT.

If ‘security’ agencies can get away with forcing young women to stand spread eagle in public and submit to genital groping for no reason other than they are wearing a dress and ‘there might be something under there’ in front of dozens of witnesses then shouldn’t it be far easier to excuse cyber spying that no one can prove is happening? Note that it is not good enough if the young woman takes off her dress in public and stands there humiliated wearing nothing but her panties so there can be no possible doubt that she is not concealing anything: a young man in California did this already and a group of German protesters did this also: the ‘security’ person must stroke up and down the citizen’s inner thighs and then feel around their genitals.

This is heinous. There is no excuse for this. And the extreme outrage in this whole lie is that the demographic most likely to actually BE trying to conceal something are exempt from the whole procedure because ‘it is against their religion’. It is against most American Citizen’s religions also, but that doesn’t seem to matter as American Citizens are not likely to perpetrate acts of violence in revenge.


How bad is merely copying information from some business’s PCs compared to such systematic and highly illegal public dehumanization of American Citizens without so much as a mildly plausible excuse? Why would there be any qualms at all about illegally spying on American businesses if it is considered perfectly acceptable for government to line up Free Citizens and treat them like 6th century European serfs? There probably are not.


For two decades, at least a few of us denizens of planet Earth have pondered the implications of allowing Microsoft inside our corporate firewall: Microsoft is proprietary software, therefore we normally cannot know (at least without packet sniffers and a lot of hard work) what Microsoft software *really* is doing because we cannot inspect the actual code. Who knows what it will do because of defects in design or coding, or from unintended malware or virus programs, or most importantly of all, from under the table deals with data mining corporations and government agencies intent on voyeurism with the money to buy off Microsoft and get their own little secret code segments added to Windows for the collection and transmittal of my private, highly confidential, information. Information whose unauthorized disclosure could get my company fried under Sarbanes Oxley or HIPPA or 42CFR.

There has always been some following to conspiracy theories — there are doubtlessly still people who are absolutely certain that the earth is really flat and all the space flights merely elaborate government hoaxes. But the conspiracy theorists gain some credibility when Microsoft Windows code segments leak out with little data blocks marked “NSA Block #1” and “NSA Block #2”, and certain folders, such as C:\Users\username\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5 which don’t exist if I try to find them while using Microsoft Windows but very much do exist and contain a complete history of my web browsing if I examine that same disk with a non-Microsoft OS, such as Linux. There are nine (9) such folders on my Windows 7 install: one in each user account and another in the Windows and System32 folders.

The damning part of this isn’t that a history of all content browsed is collected but rather that such extreme effort has been expended to conceal the fact from the business owner. One does begin to wonder if the conspiracy theorist nuts do have a valid concern at least part of the time. Everything you see on your computer and everything you type on your computer goes through your computer. It might be encrypted on the Internet, it might be scrambled and encrypted on your disk, but at some point in time it was readable. And if you could read it using your computer, then your computer *could* secret it away in nice, plain, readable form, so it *could* be forwarded to some interested third party without your knowledge or consent.

One of the more important forces driving adoption of Linux as “the” operating system a company will use on most of its computers is not just acquisition cost, or legal cost to maintain license records, or cost of special anti-malware software, but a reasonable fear that a huge, ultra rich corporation, might possibly care more about their own profit than the business’ privacy. In one of my businesses, the penalty is $240,000 per unauthorized disclosure of protected customer health information, so it matters.


Now consider how a foreign government which is a rival or antagonist to the United States government must think. The United States has no moral hindrance to dehumanizing their own citizens in a way that would result in immediate execution of the perpetrator in most countries, and probably spies on businesses electronically. Would the Americans spy on their rivals and enemies as well? Oh yeah.


According to an article in the Wall Street journal, Saturday-Sunday, January 8-9, 2011 (Review, page C3):

In the past, foreign governments have rushed to install the latest version of Microsoft Office or Google’s Chrome browser because it was hard to imagine that Washington would tinker with technology to advance its strategic interests. But just a few weeks before Mr. Putin publicly endorsed open-source software, FBI Director Robert Mueller toured Silicon Valley’s leading companies to ask their CEO’s to build back doors into their software, making it easier for American law enforcement and intelligence gathering agencies to eavesdrop on online conversations. The very possibility of such talks is likely to force foreign governments to reconsider their dependence on American technology.

Half a decade ago I remember France jettisoned 50,000 Windows computers and replaced them with Mandrake Linux. China has of late been often in the news due to their isolationist / control policy concerning Internet use, to the point there are sometimes references to “The Great Fire Wall of China”. The WSJ article also observed:

… more governments are likely to start designating Internet services as a strategic industry, with foreign firms precluded from competing in politically sensitive niches.

The article mentions that Turkey is already considering a ‘national search engine’ and a ‘national email system’ and that Russia, China, and Iran have similar ongoing discussions. Remember the fight between Google and China last year, and the situation between Iran and RIM when Iran demanded the ability to read all Blackberry emails. The article says India, Saudi Arabia, and the United Arab Emirates made similar demands on RIM last year.


And so the mechanism that is propelling open-source software into global dominance may not be technical superiority, or freedom, or even an elitist attitude: the driving force may simply be the lust for power and control, or paranoia about what someone else could do, or perhaps just reasonable caution.


And that necessitates another very important point for American Security — more important to our national security than making teenage girls submit to having their thighs caressed by a guard who says they ‘might have something under their dress’ as a condition of being allowed to fly home for the holidays: Microsoft is the largest employer of non-American H-1B visa programmers in the US — often from Asian countries who are our rivals. Can we Americans be absolutely positive that none of those 5,000 plus foreigners added their own countries’ little back doors, for their own purposes? I doubt that there is really any way that anyone can know with absolute safety. If you doubt this could happen, remember the Department of Homeland Security has already been compromised by a root kit hidden on Sony music CDs: one employee played one music CD in his computer, and the root kit spread through out the one place in America that is supposed to be the very most secure.

We had better spend our time and money fixing that problem first — a terrorist back door leaking our nation’s top security information via Microsoft Windows will hurt us far worse than a little school girl who just wants to get home from university.


Android Partners poised to invade iPad Earth

From an article in eWeek, http://www.eweek.com/c/a/Desktops-and-Notebooks/Motorola-Xoom-Tries-to-Raise-Bar-iPad-Set-142483/, it would seem vendors using the Android platform, including very significant player Motorola, are building upon their past successes competing with the iPhone to forge strong alternate products to the iPad. In part the article says:

Just as Google and its carrier partners countered the iPhone with the Nexus One and several other solid Android smartphones, the partners believe they have a solid answer in tablets powered by the forthcoming Android 3.0, or Honeycomb operating system.

The Motorola Xoom will launch running Android 3.0 next month, followed later this year by LG’s G-Slate, Asus’ Eee Pad Transformer and unnamed tablets from Samsung.

The Xoom sports a 10.1-inch screen powered by the Nvidia Tegra 2 dual-core processor, which means it should easily be faster than the iPad.

The Xoom also boasts front- and rear-facing cameras, the chief hole the iPad has yet to fill, though that should change with the iPad 2 launch this spring.

Multitasking is another big gap for the iPad, where only one application runs at a time. The Xoom also offers an HDMI output to connect the tablet to the TV to play video or games.

That would be good news for consumers: our spies tell us that the actual cost to manufacture the iPad is about $20. That means the market is ready for a severe adjustment and there may be some profit taking as initial players enter priced very high, near the iPad price and then prices drop as more vendors enter the arena until ultimately we have iPad alternates SRP around $189: that’s enough for a 60% margin on retail for the retail seller, a 100% margin on cost for the manufacturer, and another 100% margin on cost for the middleman / warehouse.

Business mobile vendor, RIM has their own iPad killer wannabe, the PlayBook, which looks like a iPad done in tasteful business Black. It multitasks well, will run a whole business day on a charge, and has enough calculating power to allow playing video intensive games such as Quake. It also has an HDMI port so you can plug into large video screens for viewing videos, two 5 megapixel cameras, one forward facing and one rearward facing for conferencing, has no qualms about running Flash, and will tether to the business person’s BlackBerry. The PlayBook is thinner than your little finger and weighs less than a pound, but it is about the same LxW dimensions as the iPad.The eWeek article, http://www.eweek.com/c/a/Mobile-and-Wireless/RIMs-PlayBook-Offers-Multitasking-and-BlackBerry-Tethering-819996, says:

RIM’s PlayBook represents the company’s hope for breaking into the rapidly burgeoning tablet market. The screen measures 7 inches, and power comes courtesy of a dual-core processor. RIM will market the PlayBook toward businesses increasingly interested in tablets as productivity tools. In keeping with that, the device includes PDF support among other features.

Motorola is no small outfit — they know how to promote mobile devices and they wouldn’t back a looser. RIM is solidly entrenched in the business market and they are not going to disappear anytime soon. This is going to go.

It will also motivate Apple to innovate some more, which is also good. Anytime  a company has a 3,000% profit margin on cost they have a reason to innovate and protect that profit, and alternate vendors have a reason to go after that market like starving wolves.