"Way I see it, there's no such thing as overreaction"

Tepid indeed, It’s seems like Microsoft is still in triage mode and surprisingly not ready yet for public response to clickjacking, for which US-CERT issued a warning on Sep 26th.

I went to a talk recently on security hacks on the web and, naturally, this subject came up. It seemed to me (and bear in mind I'm not a web designer so I won't be surprised if people disagree with me) that the vulnerabilities to click jacking were in the code. If the person writing the website used cross-site scripting or allowed the page to parse javascript from a user, then there were going to be major problems, no matter the browser.

The Adobe article says it affects, "all major browsers, including Microsoft Internet Explorer and Apple Safari."

Yes, this is a problem, but if the holes are in the code, you shouldn't blame the browser. This article seems to be implying that it's Microsoft's job to fix an issue that affects everyone, including their competitors.

The 'vulnerability' is detailed here and AFAICT it does not involve XSS at all.

http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016284.html

If this sort of thing keeps you awake then you can protect yourself by making sure you log out of important websites after you are done. Just changing your zoom level would also probably stop this attack.

It involves basically loading gmail inside an iframe, then scaling the site and the frame so that the 'delete all mail' button is the only thing visible. The then somehow manage to change the link without javascript then convince you to click it. You have to be logged in at the same time. It cannot be used to hack your account, only cause mischief by convincing you to click buttons you did not want to.

If you want something to worry about in the meantime, there is always that IP stack DoS attack.

You expected anything other than the standard press release from the PR department? There is a reason employees in those departments are considered interchangable with robots. The entire phone staff could be replaced with a press button system that just plays back press releases movie-phone guy style.

The last thing MS needs is another lawsuit because someone SAID something that might increase their legal exposure.

As such, regardless of the facts are you are likely to get is the lawyer approved boiler plate until new, more specific lawyer approved boiler plate arrives.

Considering that people treat suing Microsoft like winning the lottery and do it with the frequency of a scratch and win addict, can you really blame them?

Frankly, I'm surprised that YOU were surprised.

The security record of Windows is the absolute worse, so why be surprised? Microsoft is the reason that there are more than one million forms of malware out there written to attack windows systems. Microsoft never understood the internet. Microsoft never setup their Windows operating system to be setup by default in a safe manor. Microsoft further wrote software and bundled it into windows that was unsafe, Internet Exploder with ActiveX come to mind first as unsafe, followed by Outlook Express and Windows Media Player.

The fact that Windows service packs are so huge when released, are due to two reasons:

1. All the security patches released to help protect it from exploits because it was setup by default wrong in the first place.
2. Poorly written code that should never have been released in the first place

What the hell's a Microsoft?

INTRODUCTION

These plans are regarding an enterprise aiming to enhance the food security of India by leveraging the fertile land in the plains of North Bihar – the most fertile land in the world. The ‘Consortium of Women Entrepreneurs of India� (CWEI) has expressed its interest in these plans under their umbrella; but then this project/enterprise will be exclusively launched by them; and the CWEI would get all the CREDIT. I want that the CREDIT should go where it is due – to Gurudev (HH Sri Sri Ravi Shankar) – because it was only after I did the Basic Course of the ‘Art of Living’ in my posting in Jabalpur (in Apr 2002) that my thoughts were seriously taken in this direction. And so, these plans are proposed to be executed with the help and involvement of a group of entrepreneurs devoted to Gurudev.

I am Arun Kumar Jha, a 37 yr old serving officer of the Indian Army. I can retire from my service with Pension earliest by 30 June 2012, and the enterprise could start earliest by 13 May 2013 (Gurudev willing). Entrepreneurs (in India and across the world) devoted to Gurudev and interested in getting involved in this project/enterprise are requested to contact me at bpfp@rediffmail.com before 13 May 2010.

The following script has been prepared on the assumption that minimum FIVE entrepreneurs devoted to Gurudev interested in this project/enterprise would be interested in this project, and that it will not have to be pursued through the CWEI.

DETAILS OF THE PLANS

• The enterprise would carry out the Marketing of Processed Food Products (prepared in North Bihar) over Internet from its HQ located in Chandigarh or Bangalore or in some other city in India.
• In the final stage, the enterprise would provide packaging and marketing facilities to Registered and Licensed Food Processing Units (FPUs) of the locals in the 24 districts of North Bihar.
• That is, the enterprise would: -

(a) Provide assistance to interested locals in North Bihar in the required Govt procedures concerning the licensing and registration of their FPUs.
(b) Provide financial assistance to interested locals in North Bihar for raising their FPUs on researched Legal terms after the necessary background checks.
(c) Suggest possible products to the FPUs, and their ideal methods of preparation.
(d) Package the products of the FPUs (attractively) in the various Food Parks of the enterprise (in the presence of the representatives of the FPUs).
(e) The Food Parks (BPFPs – Babu Pali Food Parks) would handle the Storage of the products of the FPUs, and their onward supply to destinations given by the HQ (over Internet).
(f) The enterprise would carry out the packaging and marketing (selling) of the products of the FPUs – of the locals in North Bihar – for decided profit percentages; all activity being computerised.
(g) The confidence of the locals in North Bihar towards entrepreneurship (that is starting their own enterprises) would be raised by conducting Nav Chetna Shivirs by the Bihar chapter of the AOL.
(h) The locals in North Bihar would be inspired towards agriculture related entrepreneurship and to produce items like Sattu, Daliya, Cornflakes, Chips and Sauces of all types, Soft Drinks including Fruit Juices and other products (like of ‘Makhana’; ‘Singhada’, etc).
(i) The BPFPs in North Bihar would be raised in identified, flood free areas revealed through Satellite photo analysis and study of the history of identified areas on the ground.

THE FUNDS

• The large amount of funds essential for the enterprise would be procured from Venture Capital (VC) after operating a profit-making FPU in Madhubani district of North Bihar over three yrs.
• After the Decision-Making Board has been evolved; I, Arun Kumar Jha (41 yrs), would operate the first FPU of the enterprise from my house in Madhubani city in North Bihar.
• Eventually; funds of around $ 10 Million to $ 50 Million (Rs 45 Crore to Rs 250 Crore or more) are anticipated for this enterprise.
• I, Arun Kumar Jha, have physically visited the offices of many VC firms in Mumbai and Pune and have gained considerable insight into their functioning and requirements. I am confident that any amount of required funds – for the proper plans can be procured from Venture Capitalists in these times. In fact, I can myself procure the required funds (of the manageable amount) after physically operating a profit-making FPU headquartered in my house in Madhubani city in North Bihar.

MY DETAILS

I am Arun Kumar Jha, 37 yrs; presently a serving officer in the Indian Army. In the yr 1969, my father, completed his MA, PhD in Sanskrit and went to work in the Kaivalyadhama Yoga Research Institute in Lonavla in Pune district of Maharashtra from our village Babu Pali in Madhubani district of North Bihar. I was born in Lonavla in Jul 1971, and studied in Don Bosco, Lonavla and in Fergusson College, Pune before going for my Military training. Presently I am in the rank of Major in the Intelligence Corps of the Indian Army.

I have survived a SEVERE Head Injury in Nov 1993 in which I was in Coma for 20 days because my skull was fractured in 23 places (in a Road Traffic Accident while undergoing a Military Course). I have presently lost most of the hair on my head and the scars (due to the Head Injury) are glaringly visible. Besides, I have undergone Lumbar Laminectomy L4 – L5 (removal of my L4 L5 vertebra) on 30 May 2007. All this notwithstanding, I feel fully physically FIT, and am confident that I am capable of executing these plans DESTINED to be routed through me.

On my family front; I am married with a healthy wife (36 yrs from Madhubani district) and two healthy children (male, female both below 10 yrs) and Mother (61 yrs) to support. Viewed dispassionately, (with Drshta–Bhaav) all these facts concerning me would convince anybody – as they have convinced me – that I am THE PERSON who should be doing what I am doing!

MY FUTURE PERSONAL PLANS

I can retire from service with Pension earliest by 30 June 2012. After I retire, I plan to locate my Mother, Wife and Children in Patna city in Bihar leading their lives on my Pension and on my SALARY as an EMPLOYEE of this enterprise. I would restrict myself to half the salary of an officer of the Indian Army with my service at the time of my retirement from service.

MY PREPARATIONS

I am in contact with the office of the President of India (Rashtrapati Bhavan) in connection with these plans and hope to get posted to Patna or to some other place in Bihar from Jan 2009 to 30 June 2012 in order to gain experience specific to these plans. I also hope to undergo the capsule course for ex-servicemen of India at Symbiosis College, Pune before I retire from service (that is before 30 June 2012).

EVOLVING THE DECISION MAKING BOARD

The aim of this enterprise would be to enhance the food security of India by leveraging the fertile land in the plains of North Bihar, the most fertile land on planet Earth. These plans have evolved through me, (‘Major’ Arun Kumar Jha) over the (more than) six yrs since I came in contact with Gurudev (in Apr 2002, in my posting in Jabalpur, MP). I KNOW that this project is DESTINED to be a SEVA PROJECT by a group of entrepreneurs devoted to Gurudev; with me as the Chief Systems Officer.

Minimum Five (Maximum Seven) entrepreneurs dedicated to Gurudev would possibly be required for the first FPU of the enterprise in Madhubani city in North Bihar; and the same might start earliest by 13 May 2013 if desired by Gurudev (and if the other conditions also support it).

Entrepreneurs across the world; dedicated to Gurudev and who would like to get involved in this seva project are requested to contact me at bpfp@rediffmail.com at the earliest (but before 13 May 2010).