* Posts by Alun Jones 1

5 publicly visible posts • joined 4 Oct 2009

Microsoft finally gets around to supporting rar, gz and tar files in Windows

Alun Jones 1

Windows has had support for .tar / .tgz / .tar.gz files since 2018, as "tar" and "curl" are now included in Windows 10.

Outlook.com had classic security blunder in authentication engine

Alun Jones 1

Don't read the headline, read the article.

Seriously, did any of you read the actual article?

Or even more unusual, click through the links to the source material?

This was NOT an XSS attack. There is no XSS component described in the source material or the article itself. ONLY in the headline.

So, no, Microsoft didn't just pay $25K for someone to find an XSS attack.

To Tim 11: Your gf got hacked because she used a stupid password, or was keylogged, or uses the same password at Ashley Madison. The hackers are in her account. The only reason they haven't changed her password for her is that they want her to send non-spam emails so their spam can evade filters.

To P. Lee: Your use of a different client is a relatively good idea, but you would then have to avoid using the web client even once in a poisoned environment. We do rely overly much as an industry on "HTTPS will protect us / HTML and JavaScript are the engines of choice", and that's often the cause of our downfall. If the suggested fix to a security problem is to know where it lies and avoid it, the effort involved in doing so is more than actually fixing the underlying bug.

Evil Wi-Fi kills iPhones, iPods in range – 'No iOS Zone' SSL bug revealed

Alun Jones 1

Re: Force connection?

For "most", the paper says "92%" of users will click to continue through an SSL certificate error warning.

DHS bigwig 'adamantly opposed' to degree fetishism

Alun Jones 1

Re: 2+2+5


you went and fucked it all up with Steve Jobs.

he was a marketing hack nothing more

Google lobs coder's Microsoft badge into rubbish bin

Alun Jones 1

Quick correction on the NDAs.

An MVP-nominee can accept the MVP award and many of its benefits without signing an NDA.

That does mean that they don't get to attend the Global MVP Summit in Redmond, and they don't get invited to product group interactions (which are generally held in LiveMeeting or online chat), but they can still get the award, the MSDN licence, and the right to call themselves a Microsoft MVP for that year. Sorry, no source code licence without the NDA.

I find it hard to think of anything other than petty reasons why Google would insist that Jon not accept the award. I can see how they might want him to not sign the NDA, and I can even see how they might want him to not do so much volunteerism in the future, but requiring him to refuse the award for the previous year's already-completed volunteer work seems inexplicable. I'd love to hear Google's explanation, but none is forthcoming.