logo
Header graphic 3 of 8

Categories

Archives

Other stuff

Other sites

I wish this site were powered by Django

February 28th, 2009

How to uninstall Microsoft’s .Net Framework Assisstant Spyware

Filed under: Cutting the crap,Security,Technology — jm @ 15:40

"Microsoft's .Net Framework Assistant" is installed in your Firefox Browser without your consent as part of Microsoft's .Net framework. It's installed via Windows Update, so its installation can't be easily blocked. It can't be uninstalled (they made it intentionally very hard) and looking at Microsoft's track record, there's absolutely no reason to trust that it's secure. Also, it transfers information about software on your computer to third party servers, again without your consent.

That I think, fits the definition of spyware.

Fortunately, there's a way to uninstall it from your machine as long as you have administrative privileges. I found a good recipe here. Basically you have to edit the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions

and delete the key named {20a82645-c095-46ed-80e3-08825760534b}. At which point, after a browser restart, the extension will be gone.

Unfortunately, Microsoft also takes the liberty to modify your preferences to add the .NET framwork's version to your browser's referrer. To fix this, type about:config into your browser's URL bar, then type "microsoft" into the search box, right-click on the key "general.useragent.extra.microsoftdotnet" and click "reset". That's it, you're done.

October 17th, 2008

Airport security is, for the most part, total stupidity

Filed under: Cutting the crap,Politics,Security — jm @ 23:25

When I went to Egypt a few weeks ago for two weeks of diving, beaches and general fun in the Lahami Bay Resort, me and my friend had to leave two bottles of rather expensive, but very tasty, Whiskey behind at the Munich airport. Idiots that we were, we believed that, as we were on our way to one of these "Arab terrorist countries", we could keep two obviously unopened bottles of liquid. Germany's secretary of the interior would certainly have been very proud of us if we had blown up something over there using a "magic port-barrel-aged alcohol vapor bomb".

We were wrong. I guess that duty-free shops in Germany are just as fine with the new stupid regulations as their American counter-parts are and thus these regulations are enforced regardless of the country you go to. As a western tourist you can have alcohol with you in Egypt, it's just very hard to buy some there, so we bought another two bottles of whiskey in the local duty-free store. The only difference between the new bottles and the old bottles was that the new bottles were placed in a plastic bag with huge red lettering that said "DO NOT OPEN". A MacGyver-esque terrorist that can build a bomb out of whiskey would have been clearly defeated by that security.

So this article on airport security by "The Atlantic" resonated a lot with me: "The Things He Carried". Especially, since it features Bruce Schneier, who helped the journalist print his own fake boarding passes.

July 02nd, 2008

Updates all around: Ruby, Django, Diablo

Filed under: Django,Games,Security,Technology — jm @ 11:27

I didn't touch my newsreader in a while and promptly I missed quite a bit of interesting things. Here are the most important:

Django

Large file uploads: Revision 7814 finally lands the patch from ticket 2070 and finally allows Django to handle arbitrarily-sized file-uploads.

Ruby's security vulnerabilities

Man, I'm late to that particular party, but some serious vulnerabilities have been found in the main Ruby interpreter. Unfortunately it seems that the official maintainers messed up as well and only 3rd-party patches are available right now, because there's no known stable release code in the codebase that a quick patch release could be based off.

I think the most important lesson that can be learned from this, as Simon Willison points out, is that you need to keep release tags around in your SCM system, but also that you should never blindly trust any part of a system. At least it makes me wonder what surprises lurk in the Java VM or CPython.

Diablo III

Has been announced. Userfriendly pretty much hits the nail on the head.

August 11th, 2006

More RoR fallout

Filed under: Security,Technology — jm @ 12:02

Rails 1.1.6, backports, and full disclosure. Seems like they only cought one part of the problem in 1.1.5, so they updated again.

Some of the people leaving comments seem to be pissed off at the no-disclosure thing that the RoR core team did yesterday. Also, the update seems to break compatibility with “3rd party engines” (unfortunately, I don’t know that means in Rails-speak), which reminds me of the memory-leak that the PHP developers had to fix with an incompatible change. I hope that this doesn’t have the same impact on Rails-developers as PHP 4.4 had on PHP-developers.

August 07th, 2006

Network infrastructure risks

Filed under: Security — jm @ 23:50

After the flaws in WLAN drivers were discovered that effectively make your PC an easy target, there's a new entry on Bruce Schneier's blog talking about the risks that printers pose to a network. What other parts of everyday infrastructure are a currently unmanaged risk?

But I have to say... I really like the "paper-clip idea".