There’s a software house called Sourcenext selling StarOffice in Japan. One of their talents seems to be creating strange and, it has to be said, rather memerable adverts. If the memory of this advert doesn’t bring you out in minor fits of mirth when someone mentions StarOffice, I don’t know what will.

To further tempt you, here’s a translation of the advert:

“Sourcenext products are just 1980 Yen?! Oh, my Goodness….!” She faints suddenly. A guy rushs to her and says, “She is having a baby!” Everyone looks at her anxiously. The guy says, “Now, the baby was born!” And for no special reason, she had a colt. It tries to rise unsteadily to its feet. “Oh! It stands up!” Everybody is moved.

It would appear that I’ve accidentally uploaded an old stylesheet over the top of my new design. Hopefully I have the new design stylesheet backed up somewhere within the sprawling maze I like to call my highly-organised filesystem…

I do quite like the new design, so it would be a shame to loose it =(

The last post was something of a rant, however, it was serious. I do believe that Internet Explorer, as a web browser, is inherently unsafe to use on a day-to-day basis. There are two main recent bugs that have led me to this belief:

1. A recent exploit whereby a certain character could be inserted into a URL to hide the portion of the URL after that character in both the browser’s status bar and address bar. For example http://mysafesite.com/enterMyDetails@dodgysite.com could hide the @dodgysite.com and thus make it appear that you were entering your information on a legitimate site. This has been used a lot in so-called phishing, where the attacker tries to get you to enter your bank details in full on their site. Before anyone tells me, I do know there was a similar, but less severe, version of this on Mozilla browsers. However, the address bar — which is where most people look to determine the site they are on — always displayed the full address; it was only the status bar the displayed an incorrect address.
2. The combined IIS/Arstecnica , Microsoft themselves , the BBC and finally CERT.

Both of these bugs allow an attacker to steal sensitive details from you without you knowingly visiting a site that looks suspicious from a user’s point of view.

This article at Wired News pointed me towards a page that fully describes the Download.Ject exploit discussed in the last two posts. The page in question is written by the usually conservative CERT organisation. In a change from their normal general “use a firewall, virus scanner and keep software patched” type advice, this vulnerability gives them cause for more alarm too prompting this recommendation:

Use a different web browser

There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).

I resurected some code I did a while ago for comments on dx13. I’ve received a few responses via email to the 1, 2 and 3), and I thought it would be interesting to allow comments on them.

I’m willing to bet there won’t be any comments because most of the people who would comment will have emails, but still, it will be available for the next time a controvertial post comes up!