Friday, May 27, 2005

Mailto Envelope Script

This is my first GreaseMonkey script: The Mailto Envelope script.

Its sole purpose is to make mailto links more obvious because mailto links look just like regular html links. What the script does is it scans all the links on a webpage, looking for the mailto links. When it finds mailto links, it unlink it and add hyperlinked envelope to it.

Features(v0.1):
  • Use image of envelope instead of unicode
  • Add title of the envelope showing its exact mailto address
  • Leave graphic links like email buttons alone
  • Only focus on HTML pages (http:// and https://) and local files (file://)
ADDED(v0.2):
  • Mailtos unlinker are now toggeable. Just edit "var unlink = 1" to "var unlink = 0" to turn off the unlinker.
Screenshots:
Without script
With script

(screenshots were taken while testing on http://www.ianr.unl.edu/internet/mailto.html)

Tested on wide range of various web pages including forums and discussion boards.

To install: Right-click the Mailto Evnelope link and click on "install user script...". Firefox with GreaseMonkey required.

The reason why I worked so much on this supposdly simple script is because it is my philosophy as a programmer to pay attention to every detail of my works, no matter how small.

Please post any bugs or comments you have about this script here or send email to me.

Tuesday, May 24, 2005

Holding Files For Random

http://news.zdnet.com/2100-1009_22-5718678.html

From the article:
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.


Thank god I am not using Internet Explorer. This is one more reason to drop IE and get Mozilla Firefox, Opera, or others. (I recommend Mozilla Firefox)

Friday, May 20, 2005

IE vs. Firefox and the world

Over at cnet.com, they reviewed six browsers: Internet Explorer 6, Mozilla Firefox 1.0.4, Opera 8, Netscape 8, Safari RSS, and Deepnet Explorer.

Guess who got the top score? Thats right... Firefox with 8.0 points. Internet Explorer and Opera 8 got the last place with 7.0 points.

Thursday, May 19, 2005

Netscape's Two Headed Browser

The title said it all. Netscape has created two-headed browser (or is it two-headed monster?). Firefox and IE all rolled into one.

Seems to be pretty good idea, combinding the best of both world into one. But does it work? PCWorld has some doubts because Netscape 8 are lacking some of Firefox's important features like pop-ups control.

Even with the ability to reload misbehaving Web pages in either the Firefox or IE engine with a single click, the new Netscape browser feels like a case of subtraction by addition. The features added to Netscape 8 may make it look more like a conventional browser, but it loses Firefox's simplicity (and some of that browser's most useful features) in the process.

-Dennis O'Reilly, PC World

Sunday, May 15, 2005

Pictures Of The Internet Evolution

From the DIMES Project, there are two pretty pictures of the Internet. Take a look.

Picture 1 (very nice!)

Picture 2 (my favorite of the two)

For quick read on DIMES and their research, I suggest read the news article (PDF) about it.

Thursday, May 12, 2005

Mozilla Firefox 1.0.4

Mozilla Firefox 1.0.4 FINAL is out now.

http://www.mozilla.org/products/firefox/

Release Notes:

http://www.mozilla.org/products/firefox/releases/1.0.4.html

It fixed the javascript/iframe exploits (from last post) plus some extra fixes related to DHTML regression.

It worked for me, and I strongly recommend to download it and install it.

Sunday, May 08, 2005

Update to the FF 1.0.3 Exploit

Regarding my last post, there has been an update:

http://www.mozillazine.org/talkback.html?article=6582

Apparently this exploit is a lot worse than I thought. It can disguise itself as either addons.mozilla.org or update.mozilla.org.

Turned out that the bug was orginally discovered by Paul of Greyhats Security Group and Michael "mikx" Krax. It was reported last May 2th, and somehow the info of that bug was leaked which resulted in multiple bug reports on this exploit.

The site (addons.mozilla.org and update.mozilla.org) changed their urls to donotadd.mozilla.org and warned users do not add the url to the whitelist. That way, the exploit can't be used.

According to MozillaZine, Firefox 1.0.4 is in the work to address this exploit and will be released shortly.

Firefox 1.0.3's New Exploit

Mozilla Firefox's Remote Arbitrary Code Execution Exploit has been publicized. Basically, what it does is allowing websites to create and execute a malicious batch/exe file. The bug has already been reported a while ago in bugzilla, but only can be viewed by Firefox developers for security reason.

But don't panic. The exploit only can be done if you "whitelisted" the site. Because of that, some people believe it is not an exploit because if you whitelisted the site, you are giving it a permission to put any program on your computer like it is designed to do. It is an interesting view because this exploit is somewhat similar to ActiveX which install and run small (both good and bad) programs on your computer. This is what make ActiveX so popular and yet so hated by the online community.

If you are very paranoid about this exploit/bug/feature/whatever, there are two workarounds:

  • disable "tools/options/web-Features/>Enable Javascript"... but it will disable good javascripts too.

  • disable "tools/options/web-Features/>Allow web sites to install software"... but you have to install firefox extensions the hard way (save as, then drag the xpi to firefox).

This exploit/bug/feature/whatever has many nasty potentials, but thank god it only can work in limited circumstances. I have faith in the developers to do something about it as quicky as possible. Good luck developers.

Friday, May 06, 2005

Email Conversation on Firefox

One day, I was surprised to see I got an email in my hotmail account which I almost never used. I got this...

Hi GamingFox,
I came across your thread by chance whilst surfing for some advice on Firefox v/s IE.6 and I see you have the Firefox on your machine. I hope you don't mind me asking, but is it worth the hassle installing the latest Firefox? I guess Microsoft probably made it an annoying task to remove IE.6 and i don't particularly want to be burdened with two brousers on my system, or attempt an dodgy IE.6 amputation and risk system failure. Do you have any simple advice for me


After thinking awhile on how to reply to these good questions regarding Firefox. I know I am a HUGE Firefox fanboy, so I know that my opinion is very likely biased. So I replied in unbiased views as much as possible.

Installing the latest Firefox is, in my opinion, is not a hassle at all, because Firefox is designed to help IE users to switch quickly with less problems as possible. The download is only 4.7 MB which is pretty small compared to other browsers. The installion is very quick and clean. It will ask you if you want import all of your IE's stuffs like favorites, cookies, stored passwords, etc. to Firefox.

I strongly recommended to use Firefox as your default browser but keep the IE (I will explain why). The Internet has many benefits that everyone want to enjoy... instant communcations, endless amount of information (and disinformations), and entrainment (games and stuffs). Thats what the Internet browsers are for. They connect us and help us "browse" the world wide web, the heart of the Internet.

However, Internet is a very dangerous world, filled with viruses, spywares, adwares, scams, phishing, and many more. The list is endless. Internet Explorer (version 6) is the most common Internet browser in the world, but also, it is the most dangerous. Most viruses, spywares, scams, etc. are designed to take advantages of IE's flaws. I have seen many of my friends going through pain of attacks and removal of many spywares, including myself once. I switched to Firefox, and I conviced my firends to switch too, and ever since, my firends and I never got spywares or viruses from browsing the Internet. There are many more reasons why Firefox is more safer than IE, but it take too long to list them here.

In my opinion, IE's hassle is far greater than any hassle Firefox will ever give you. However, I strongly advised to NOT remove IE because Microsoft has built IE right into the Windows OS which make it virtually impossible to remove without destablizing the entire OS. Plus, there are some websites that are hard-coded for IE only, and some required Active-X (a component built in IE, and is the main cause of spyware and viruses infection) like banking, online virus scanners, Windows Update site, and a few more. But you can install a Firefox extension (IEView) which offer one-click view in IE from Firefox.

I believe that having both browser on same system is no burden at all. Both play together very nicely. I even run both of them at the same time without any problem at all. I have 4 different internet browsers on my computer and they never cause each other trouble or put any stress on the system. (Firefox is my default internet browser by the way). Plus, Firefox doesn't require a lot of memory (either on Hard Drive or on RAM). The official system requirments listed is 52 MB Hard Drive, but my Firefox use around 25 MB on my Hard Drive (not counting the cache).

My advice is, try Firefox out. It won't bites (despite an animal name). If you don't like it, you can uninstall it. The uninstallion is also quick and clean as its installion. Its free and won't cost you a thing. The time and effort it take are very little.

But remember, Firefox is not perfect. There is no such thing as perfect softwares. Firefox has some bugs, but will be resolved soon or later. Firefox 1.0 just came out less than a year ago, so it bound to have some bugs. However it got very good start, and I believe it will make a great finish.

For more infomation about Internet Explorer and Mozilla Firefox. Wikipedia has some good (and long) articles on them:

http://en.wikipedia.org/wiki/Internet_Explorer
http://en.wikipedia.org/wiki/Firefox

If you have any more questions or need any help getting started. I will always be happy to answer them. Good luck.


Now, before you guys get on my back about what I said about Firefox using little memory on RAM. I am perfectly aware that Firefox eat a lot of RAM if not being careful. But I consider that as a bug which will be hopefully resolved in the future.

A day later, I got a reply back. He tried it out. :D

Cheers for the advice. I ran Firefox and am most impressed both by the speed of page loading and user friendliness of the program. I wasn't too sure if it would interfere with IE6 and effectively it didn't. Transfer of all my favorites went smoothly and the general appearance of the web pages and browser is a lot better than that of IE6.

I have had some intrusions with IE6 like:

AproposMedia Browser Modifier
CoolWebSearch Browser Modifier
IST.SideFind Adware
YourSiteBar Spyware
TargetSaver Trojan Downloader
Unclassified.Spyware.45 Spyware
Unclassified.Spyware.57 Spyware
WhenU.SaveNow Adware

..... the effect was not really noticeable, no real speed loss, and Adware SE personal didn't even notice the threats on my system. I was only after downloading Beta1 from Microsoft that it picked them out. I've had a couple of viruses too but Norton sorted them out spontaneously.

The thing that worries me a bit though is, my Internet connection is constantly running and when I check the program manager to see what is running and how data transfer is going, I find an incredible amount of data coming into my laptop and it does concern me a bit. My firewall is a Microsoft too and it has done very well so far, but those ever growing data numbers do look dodgy !


Thanx for the advice, I didn't particularly like the thought of trying to removing essential Microsoft software that doesn't want to be removed, It doesn't seem too bright and I don't trust the XP response either.

The version of Firefox I downloaded was 1.0.3 and so the multiple websites advertised, it is the latest version with patches for recently discovered holes, something to do with Javascript, but it was beyond my understanding.

I just make sure my virus definitions are updated everyday, the anti-spyware once a week and keep a keen eye on my registry and program files for abnormalities, I also stay aware about pop ups that shouldn't be there. Other than that fingers crossed the laptop stays vigorous and healthy.

Got to go now, thanx so much for the advice


He seems to like Firefox better than IE. He even commented about his past experience being attacked through IE.

I know this sound like just another Firefox success story, but this is a true story. Thought I share it to the rest of the world.