Writing on Angular platform engineering, software architecture, team leadership, and the Linux desktop. Six reading paths cover Angular, leadership, systems, frontend quality, AI & data tools, and architecture — plus ordered series on the Series index. Browse topics by tag or scroll the chronological archive.
Don’t press F1
Here’s a new vector: exploiting a Windows vulnerability through an Internet Explorer help menu Visual Basic script: “get ‘em to hit F1 and you own ‘em.” Microsoft is warning of a VBScript vulnerability in Internet Explorer (on Win2K, XP and Server03) that could be used to run malicious code. A malicious operator could create a web site that displays a specially crafted dialog box and prompts a victim to press the F1 key (help menu.) The exploit could then execute malicious code on a victim machine. (Windows versions that are not vulnerable are: Vista, Win7, Server08 R2 and Server08.) ...