On 02/15/2013 04:24 PM, navashok wrote: > > --- In FairfieldLife@yahoogroups.com, Bhairitu <noozguru@...> wrote: >> On 02/13/2013 04:08 AM, navashok wrote: >>> --- In FairfieldLife@yahoogroups.com, Bhairitu wrote: >>>> These are XSS exploits. I installed a Firefox Add-On called "XSS Me" >>>> which will analyze a page for potential XSS exploits. Most sites I >>>> visited produced nothing. Go to the FFL webpage and the thing goes >>>> crazy. The Add-On is a geek tool and probably not for non-techs. >>> Thanks for the tip, I also installed it now, but it didn't find any XSS >>> vulnerabilities on the Yahoo FFL website. The only complaints were that >>> certain special signs did not work. >>> >>> It's some years back that I looked into XSS, what it was. IIRC it is all >>> within the browser, it has really nothing to do with the OS. I guess if >>> somebody steals your session cookie, all you have to do is close your >>> browser, and delete the cookies for this site, correct? >>> >>> When I 'researched' it some years back, I managed to make a photo of my >>> friend appear on the official LAPD website, of course only in my browser if >>> follow the prepared link. (I didn't hack the page of course.) >>> >>> >> I experienced the "effect" of the XSS trick when I signed up for >> Google+. Prior my blog comments using Disqus (which I despise but it's >> made for lazy webmasters) used the Yahoo option. Once I signed up for >> Google+ (basically to comment on an Android developer survey) then >> Disqus wanted to use Google+ and that took some work to undo. We have >> this millennial generation of inexperienced "hot shot" programmers who >> think that "everyone must be connected to the Internet all the time." >> They also think we should spend all our time on social networking sites >> and nag you like a 5 year old if you're not. >> >> This stuff is not my specialty but after the problem with Google+ a >> security specialist I know who works for a telecom explained what was >> going on and that the trick had been around for awhile. I'm not >> surprised nothing really happened on the FFL page because Yahoo >> supposedly did fix the problem which they knew about for 6 months. I >> just didn't have time to look up what the hell XSS Me was really doing >> other than being a tool. Also I read somewhere that Ubuntu had created >> a block for it sometime in their version of Firefox (which I am running). >> > I'm running Ubuntu too, well an Ubuntu derivate, Linux Mint. I'm running > Linux now since I have a PC, I abandoned Windows totally, I don't even keep > it as a partition anymore. The last virus I saw was maybe 14 years ago on > Windows. Wait, maybe 3 years back when I went to Indian Internet caffees and > used an USB stick there, they are full of viruses. I don't know why people > still use crap like Windows, unless you need very specialized software. Today > Linux is so much more easy to install, and you never will know what a virus > is, and above all, it's free with lots of free software. MY last PC I bought > without OS, why should I pay for the OS I don't even want?
I have been running Linux Mint on pendrives for years. I've even considered moving from Ubuntu to it on this machine but for the moment will just do the update to 12. There's too many development apps to consider and at that probably a bit of updates to do once I move from 10 to 12. Windows seems so clumsy after using Linux all these years and now some of the companies seem to have bad programmers and their updates are poor. On my Windows 7 64-bit machine AMD's Catalyst update always seems to fail. Sheesh! My main problem on Ubuntu is I moved from an HP printer that ate ink or ran it on a timer (as some claim) to keep you buying cartridges. So I got a Kodak printer and like they said it doesn't seem to run on a timer and I get more pages out of cartridges. HP has Linux support but Kodak's scanner support wasn't so good and a bit of a trick to get working and then some update a while back broke it so I have to fix that. HP has Linux support because they sold and probably still sell Linux servers.
