* Posts by NibsNiven

4 posts • joined 4 Jul 2019

Microsoft liberates ancient MS-DOS source from the museum and sticks it in GitHub

NibsNiven

Re: To some MSDOS was an major leap forward.

I thought MS Basic was ported to the Altair from DEC PDP-8 source code and adapted from there.

NibsNiven

Re: To some MSDOS was an major leap forward.

You assume pocket money = allowance. Years before I was 16, I earned pocket money by doing chores, odd jobs for neighbors, and delivering papers. I spent it on books, model kits, and music.

Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops

NibsNiven

Oh dear, they STILL haven't figured out how dangerous this is!

"They can detect those vulnerabilities by comparing DNS records and HTTP responses, just as we did."

Actually, not so simple. An HTTP response might well come from a hijacked subdomain. They have to ensure that the HTML itself is Microsoft created. Judging by their sloppiness so far, I'm guessing they would have a hard time determining theirs from not theirs.

$30/month email upstart Superhuman brought low with a blast of privacy Kryptonite

NibsNiven

Article should tell the whole truth

I don't know why the article's author failed to disclose the most important parts of this story:

1) The 1 pixel image is used to disclose to the sender not just the fact that the recipient received the email, but also when and where (via IP geolocation) the recipient is every time it's opened.

2) Users of Superhuman are not allowed to opt out of downloading images in emails so cannot avoid being tracked themselves by Superhuman.

Recipients who don't block image downloads end up having lists generated of when and where they were every time they open that email, yet they are not told this by the sender. Great for stalkers, nosy bosses and other creeps, not so great for the unwitting recipient.

The (mostly marketers) who use Superhuman are providing all kinds of useful information on themselves and their customers, all of which Superhuman can legally sell according to the user agreement. Although I haven't confirmed this personally, users have said that they must provide their Gmail password to Superhuman as part of a "live training session" they undergo as a condition of joining Superhuman's service. Creeped out yet? How about this: apparently there's a waiting list to join Superhuman's service!

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021