In response to Shelly’s suggestion (thanks Shelly!), I made a small change to the Photo Gallery.

In the top right corner, I added a link back to this homepage. This link appears on the gallery main page, the album pages and the picture pages, so you can return easily from anywhere inside the gallery.

I should create a section titled HA! for this one….

Check out this article on an IE vulnerability regarding “phishing”. For those of you that might not know, phishing is a spammer technique where you recieve an email which purports to be from a legitimate source you might be doing business with (ie Ebay, Paypal, Your bank!). The email looks very professional but while the link says www.paypal.com (or similar), once you click it, you are actually taken to a *fake* site set up by the spammer, where presumably you would sign in with your *real* credentials, giving them to the spammer in the process. Normally, even though the link looks legit, the address bar of your browser still shows that you are not actually on the website you intended to access. The bad news is that this new vulnerability hides it even there. The end result is the spammer has full access to the account in question. Check your inbox, you probably have a good example in there right now.

I love how an open-source website releases a patch before MS can even *comment* on its progress toward releasing one (last paragraph). It illustrates the whole open source vs closed source security debate very nicely.

Mozilla, my open source browser of choice, is partially vulnerable, but not anywhere close to the level IE is. The address bar is unaffected, but the status bar is. No biggie really, as the address bar is what you should be watching anyway.

UPDATE: Admittedly, the article wasn’t too far off the mark in their criticism that the patch authors do not have access to IE’s source code and could potentially cause more problems. Especially in light of the fact that that’s exactly what happened. Apparently, a second patch has been issued to fix a buffer overflow exploit caused by the first patch.

However, this doesn’t change the fact that there are more fundamental issues with Microsoft’s security practices.
This about sums it up:

Microsoft has still not released a fix for the IE problem or given any indication as to when one might be available. In October, the Redmond, Wash., software maker adopted a policy of releasing only one patch each month, but it has already announced that it will be skipping its December release; IE is expected to remain vulnerable until at least mid-January.

I’ve said it before and I’ll say it again: Would you like to significantly improve the security posture of your desktop?

Then don’t use MS Internet Explorer for web browsing or Outlook Express for email.
Alternatives? Mozilla for both. (A full install will also give you Mozilla Mail.)

So far, I really like it. It has less tables, giving a cleaner look, in my opinion.

I do need to change the logo in the upper left corner to something more attractive. I only changed the text to “brand” it to my site.

Let me know what you think by commenting below or emailing me at dave@rodrig.com.