Saturday, October 30, 2004 - Posts
Today I was searching around the net for some tools that could help me on a really boring task... backup all my settings on Firefox and Thunderbird for a future migration (the official Firefox release 1.0 launch day is near and one of the lack on Mozilla product installations is that it's not so easy to maintain the settings during upgrades).
What's the result of this search? A great tool that works exactly as I want: MozBackup, an utility for creating backups of Mozilla, Mozilla Firefox, Mozilla Thunderbird and Netscape profiles. It allows you to backup mail, favorites, contacts, etc. and works really good. 
The main lack I've seen on my little test is that at the moment is impossible to backup all your Firefox and Thunderbird extensions, but all the settings are saved correctly. Unfortunately only a Windows version of the tool is available at the moment...
If you're a Firefox or Thunderbird user, this is a tool to have absolutely!
A new Internet Explorer flaw is out... according to Netcraft, a new spoofing flaw in IE allows an improperly coded web link to send users to a different URL than the one displayed in the status bar.
If you try to create an URL with an HTML like this:
you obtain this result:
As you can see (if you don't have XP SP2 installed), your browser displays "microsoft.com" on the status bar, but you're redirect to my personal website... an easy way to redirect where you want, accessible to all that know a little bit of HTML.
The flaw affects versions of IE up to 6.0.2800.1106 and users running Windows XP SP2 (IE version 6.0.2900) and the open source Firefox and Mozilla browsers are not affected.
I hope on a patch because there are a lot of machines that have not installed XP SP2...
UPDATE: also Firefox has a flaw like this... 
If you try to create an URL with this format:
you obtain this link:
If you try to open the link on the current TAB on Firefox, it works correctly and you are redirect to Microsoft.com, but if you try to open the link on a new TAB, you are redirect to my personal website.
I hope that the new Firefox version attended for the 9th of November will be patched.
Bad news from Gmail users... a new big security flaw has just been discovered.
This exploit can allow hackers to have full access to a user's email account simply by knowing the user name, with no need to know the password. simply by using a special hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed. More details can be found here.
And now? I hope on a patch by Google soon...