Let me tell you a little story `bout a man name Tim...
Today I logged on to http://mircosoft.com to find out if they had an updated
patch to fix the long file name security flaw in Outlook Express [1]. I
couldn't find any info on it at the site so I **didn't*download*anything**
from the site and left it and logged off.
Later, when I logged back on, Microsoft's homepage came up on my computer.
(Before visiting the MS site I had had http://speakeasy.org set as my home
page.) When I checked under the Options on Internet Explorer and found that
the home page still said it was set to the Speakeasy even though it kept
going to the MS homepage. I re-typed the URL several times and tested it
only to find that it came back to Microsoft every time.
After checking my files and history folders I think I've figured out what
has happened: The shortcut for the URL "speakeasy.org" has been changed to
point to "mircosoft.com/ie40.htm". In short, they've renamed the URL for my
default home page to their own URL!
I've gotten around the problem by specifying a subdirectory at the Speakeasy
as my home page and suspect a cookie I got while at the MS site is
responsible, but until I'm sure (or one of my more learned comper-geek
friends can confirm my suspicions) I advise anyone who DOESN'T want their
homepage URL renamed to Microsoft.com to stay off the bastards site!
(Although we all KNOW Microsoft would NEVER use a fruadulent marketing
practice like this on purpose--it must just be an "accidental" error in the
script, of course. ;-)
Please do your best to confirm or deny this finding of mine (at your own
risk!) and pass this on to anyone you feel might be interested.
Love and a renewed determination to "stick it to the Man"-
-Tim
[1] The US Energy Department's Computer Incident Advisory Capability (CIAC)
team issued a warning earlier this week about a security flaw in Outlook
Express, Outlook 98, and Netscape's Messenger Mail. It seems that if a very
long file name (over a hundred characters) is assigned to an attachment it
can overflow the mail readers buffer and any code contained in the name can
end up being run on the computer without ever even opening the e-mail
itself. This has the potential to allow hackers to write an e-mail virus
that could wipe your hard drive without you even needing to run the attached
application. So far Qualcomm's Eudora and Eudora Light seem to be safe,
however.