The Register has an article on another vulnerability in Internet Explorer and Windows which allows the attacker complete access to the hard drive.
If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.
The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies – even empty hashes of passwords.
This is not the first time these vulnerabilities have surfaced (and it won’t be the last), but Microsoft cannot completely fix the issues because they use core functions of Windows.
The hole is difficult to close because the attack exploits an array of features IE users have come to rely on to make web application work seamlessly. Simply removing the features could neuter functions such as online file sharing and active scripting, underscoring the age-old tradeoff between a system’s functionality and its security.
I’ve been helping a friend at work get Linux on her laptop. I installed Ubuntu Jaunty Jackalope 9.04 as this is quite good for new users (and we have a mirror at work). She connects to the Internet like many people these days, using a USB 3G modem. Her provider is Dodo, which actually uses the Optus network.
Anyway, I was pleasantly surprised when I plugged in the device and Network Manager popped up a wizard prompting for a new connection. Yep, the device just works on Linux.
Unfortunately there is no “Dodo” profile the Network Manager, but knowing it runs on Optus network I chose “Optus 3G”. I booted into Windows to get the APN, as it will be different to Optus. After changing that I just needed to click on the Network Manager applet and tell it to connect. But it didn’t work. It tried to log on, everything goes green and then BAM. Nothing.
There was obviously something else that was needed. I checked the settings and saw that the Optus profile had DNS servers hard coded. I grabbed the DNS servers that dodo uses and put them in instead. This time everything worked and I could log on. Internet, she was a working.
So, for anyone already with Dodo or thinking about it, here are the settings I used.
APN: dodolns1 (that's a letter "L")
DNS: 188.8.131.52, 184.108.40.206
You will need to register your account with Dodo first and activate it. After that, your Internet should work just fine by using these settings.
It seems that it’s often quite slow when compared to Windows, which I’m putting this down to the Linux driver. Speeds seem to range between 600b/sec and 50kb/sec, which is a little disappointing. It could just be signal or something else, I’m not sure. Still, it’s great that it works out of the box under Linux. Now if only I could get Mike’s friend’s Telstra stick to do the same! HAL rules here I come..
First we needed a phone line to dial the Internet, but we couldn’t use the phone. Then we got ADSL which let us log on and use the phone, now we have VOIP so we don’t even need the phone!
Problem is, it has always been too expensive. Every now and then I do the maths compared to a regular Telstra line and Internet connection and it would always come in higher (by around $10 per month).
But now Internode (my favourite ISP) has dropped the price of their Naked ADSL2+ plans, so that now it is actually worthwhile dropping that line rental tax.
$49 a month gets you 5GB download at ADSL2+ speeds (or $59 for 10GB) plus VOIP with all the fancy features like dial-in and $10 worth of included calls.
Can I get an Amen!?
I repeat, for a measly $49 a month you can have awesome Internet and cheap calls with VOIP. Hello?
Unfortunately, my phone line is connected to a sub-exchange and I cannot get ADSL2. Dammit. So for now I must continue forking over $74 a month to have ADSL1 and VOIP (including the Telstra line rental).
So please, for me, go and switch to Internode’s Naked Extreme ADSL2+ with their Nodephone2-Special service. Get on the VOIP bandwagon and ditch Telstra for good, you’ll be glad you did!
P.S. If you can’t get Naked where you are, then honestly, go get a freakin’ room.
P.P.S. Seriously though, if you can’t get Naked where you are, then I recommend going with regular Internode ADSL and Nodephone. It’s still worth it and the quality is brilliant.