Asshats…

Dear NetGear engineers,

First, off I’d like to thank you for closing this hole that was disclosed a short while ago. Secondly, I did notice a pretty darn good improvement in speed and reliability in throughput after I upgraded to the newest firmware for your product.

However, I am completely insulted at the fact that you did not actually close the security hole as illustrated in this new find. Do you really think that your consumers are this dumb not to check your newest firmware offering for new holes? I for one would love to know why this account exists in the first place?

Looks like I’m sticking with Linksys from now on…

NetGear WG602 vulnerability

During my usual daily checks of various security web sites, I happened to stumble upon this:

Netgear WG602 Accesspoint vulnerability

I have this specific access point here in our apartment, so I decided to give the exploit (well a backdoor really) a whirl and wouldn’t you know it, I’m vulnerable… Grrrrr. I tried to connect to it from an outside IP address (not within my LAN) and fortunately it’s not available from the outside. However, it still bothers me that this was never disclosed originally and ANYONE who is using this specific access point (especially in a public or corporate setting) better just use something else for now. I would imagine once this back door makes itself more well known to the public, NetGear will immediately issue a fixed firmware.

For the techy types out there, I highly recommend you subscribe to the SecurityFocus Vulnerability RSS feed and check it out on a daily basis. Granted, many of these vulnerabilities are for pieces of software or hardware that I do not use, sometimes they literally hit too close to home for comfort.

Attack of the hidden bugs

Speaking of bugs that come out of hiding to annoy me, Amanda and a few other friends have made me aware of a funky bug with this layout in IE6 (possibly version 5 as well). It seems that some of the entries sort of meld into each other causing a sort of blank spot between lines of text as evidenced here and here. Unfortunately, I can not reproduce it on my machine even though I am running the same thing as most of my friends (XP Pro / IE6 SP1). The page shows up perfectly on my versions (latest builds) of Mozilla, FireFox and IE so I have no clue how to fix the problem. Can anyone out there replicate the error as shows in the image above?

You know, nothing makes me more happier than people who submit screen shots of problems they have to me. Really! I mean it! There’s this one girl at work who sends me screen shots of all of any problems she encounters while she is working and I can’t begin to tell you how extra helpful it is getting them with solving problems. 9 times out of 10 just describing the problem just doesn’t cut it, but when you back it up with graphical evidence, it gets so much easier to solve. Unfortunately, this one may not be so easy to solve… 🙁

UPDATE: Well, I still can’t seem to figure it out, but at least after fiddling around with IE I can replicate this issue. If I go into the Internet Options, then the Advanced tab and then click “Smooth Scrolling” this bug occurs. However I have this turned off by default as I hate what it does when I scroll with my mouse. If those that are having this problem can verify whether or not “Smooth Scrolling” is on when they experience this bug, try turning it off. This of course is just for debugging purposes and you can turn it on if you wish after you test it. I’d just like to know if this is the cause of the problem. If so, I can hunt around our corporate Microsoft tech support site for this bug and see if there’s a workaround. 🙂 Thanks again for those of you who are helping me pinpoint this issue.

Pissing in your gas tank

So I’m checking out the RSS feed for SecurityFocus’s BugTraq (excellent resource BTW for the newest vulnerabilities out there) where a curious entry is listed. It seems, if you load the page this gentleman created in Internet Explorer, it crashes. Naturally, I loaded it up in Mozilla since it seems to be immune to a great many problems that exist within IE, and the page shows nothing. I then take a look at the source code and I see this:
<table>
<td>
<form class="quick">
<td>
</form>
</table>
<link rel="stylesheet" href="link.css">

Ok… I take it you’ll agree with me that this is some pretty shitty code. I bet not even FrontPage can fuck up HTML like that. If you want to actually make your browser crash, click this link. Now, looking at the css file this called for shows us this:

.quick { float: left; }

Well, that’s valid enough.

Here’s my question though. Is this really a bug or just the case of someone who should not be doing any sorts of html code in the first place. I really don’t think this would qualify as a bug in IE in the least bit because if you clean up the code a bit to this:

<html>
<head>
<link rel="stylesheet" href="link.css">
</head>
<body>
<table>
<td>
<form class="quick">
</form>
</td>
</table>
</body>
</html>

Internet Explorer does not crash, (look here) but it still doesn’t show squat on the page. To me it looks like the parser in IE just eats shit and dies when it looks at the very poorly formed code above.

To me that’s akin to refilling your gas tank with sugar and piss and then blaming the car company for the car requiring tons of money to fix it, right?