Monthly Archives: April 2009

Open Redirect at

Spammers have found an open redirect in the website. These redirects are often used to mask their URL’s from RBL’s and services like Spamcop.


I have put Microsoft in as an example here anyone can put any URL in at he end to use this redirect. I have filed a support ticket with Ask about this.

A redirect that they were using at is still open a month later even after I sent them notice of it. (Lazy)

Mozilla Firefox 3.0.9 Released

Firefox has been updates to version 3.0.9, list of fixes follows:

  • MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs
  • MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame
  • MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites
  • MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
  • MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings
  • MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
  • MFSA 2009-16 jar: scheme ignores the content-disposition: header on the inner URI
  • MFSA 2009-15 URL spoofing with box drawing character
  • MFSA 2009-14 Crashes with evidence of memory corruption (rv:

Fixed in Firefox 3.0.9

Microsoft Security Bulletin Summary for April 2009

Here are this months updates:

  • Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
  • Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
  • Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
  • Cumulative Security Update for Internet Explorer (963027)
  • Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
  • Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
  • Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
  • Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Australian National Broadband Network, $43 Billion, FTTP

The Australian Federal Government has announced the results of it’s national broadband network.

Essentially they have rejected all tenders and are going to spend $43 Billion to create a new wholesale communications company over a period of 8 years, that will provide Fibre To The Premises (FTTP, also refered to as Fibre To The Home – FTTH).