Journaling on estrip is free and easy. get started today

Last Visit 2020-12-26 23:41:49 |Start Date 2003-07-07 03:39:31 |Comments 5,611 |Entries 6,425 |Images 14,693 |Sounds 119 |SWF 21 |Videos 322 |Mobl 2,935 |

Category: web

02/24/06 12:20 - 30ºF - ID#32494

IE 6 for windows Clipboard security 2

Turns out that microsoft has known about this since 2002 and has done nothing about it. Why not disable javascript pasting in the internet zone by default seeing as 90% of epople are not going to even know to do that. They have had a multitide of patches since 2002, so there is no reason this could not have been changed.

I decided to write to the Buffalo News about this as my newest version of the IE clipabord security exploit is so sinister that it can constantly monitor your clipboard data in IE for windows and send it to my database, no matter what app you are in as long as you leave IE open.

Although, there is a solution for this which I posted in the computer journal, almost no one has it installed as I have collected thousands of clipboard for my news epoem entitiled "Microsoft Security" which I am reading that I am reading at the e-poetry symposium next week.

Here was my letter, let's see where it goes.

Hey Steve,
I think you will find this extremely interesting. This week I accidentally discovered a major security flaw that affects IE for PC which allows me to read the visitors clipboard contents from a website with just a few lines of code. Just think what is in your clipboard, sensitive data such as passwords, account numbers, contact data, copied emails, copied instant messenging conversations, private documents, etc. Also, there is essentially no limit to the size of the clipboard, so the amount of data can be pages long including entire documents.

While people may have already known about this clipboard security exploit, as far as I know, no one has combined this flaw with current AJAX (Asynchronous Javascript and XML) technology. With this technology combo I can create a web site that continuously monitors the contents of a user's clipboard and forwards it to a database any time the content has changed without any indication to the user. It doesn't even matter what windows application they are using when copying new data, as long as the web page is open somewhere in the background. This is the global system clipboard, not something specific to the browser.

You can see it for yourself. Copy some innocuous data to your clipboard and then visit with IE for windows. You should see your clipbaord data echoed into the page. Then for the extraordinary part, leave the site open but switch apps. Anything you copy into your clipboard gets copied onto the page and sent to my database.

I think this particular security flaw is newsworthy because people can see the results right in their browsers. What is most incredible is that unlike flaws where you could say search for data on a users computer, using this method, it's almost like the users brings you their most sensitive data to you.

There is a solution to this that involves disabling paste scripting in your internet options but by default it is enableed which leaves 90% of people wide open.

You cannot believe the data I have collected with this, remember that each bit of data can be associated with an IP addr. If a particular organization was targeted your could definately compromise security in a serious way.

Feel free to email me if you have any questions.

Paul Visco

print addComment

Permalink: IE_6_for_windows_Clipboard_security_2.html
Words: 567
Location: Buffalo, NY
Last Modified: 07/28/11 01:25

Category: war

02/23/06 10:03 - 33ºF - ID#32493

I'm going to explain myself

So (e:joshua) [inlink]joshua,119[/inlink] before you have a heart attack that I am a serial soldier hater, I thought I would explain why I am partcularly outraged with (e:be).

My attack on (e:be)'s journal may have seemed like some random attack on some poor little solder boy who didn't know better and just wanted to defend his country. Well that is not the case. Maybe you don't rememeber be|brandon that used to be the dread locked, hippy granola, anti-war boy that worked at coop.

You may, however, remember him when he lived as a woman. You would know him because he wore the skankiest mini skirts and looked a lot like a prostitute. I disliked him back then because I felt as though he was making it harder on gay people by living like she did for what I perceived to be pure shock value. Then, after a while, I felt bad for her because I thought, oh man maybe he is really a woman trapped in a man's body and I tried to learn to not hate him. His newest metamorphosis just makes me sick.

I am outraged not by the choice of a human to defend their country but by the choice of that particular human to become a solider.

And just as (e:be) has the right to make the choice he did. I have the right to criticize him and call him out on his disturbing choice. In fact I think I have a particular responsibility to do so as I am the one providing him with the public vehicle to brag about his new killing power.

I don't want to feel repsonsibile for giving someone a voice who is choosing to kill people just to see what it feels like.

Here is his repsonse to my comment.

Damn, that's some harsh shit. I wouldn't call it ignorance, really. I know full well that I work for an organization that does "bad things." I went into it knowing that. How much did I know it though? I've been anti-war and government forever, but what did I really know of such things? I'm going through alearning experience here that may very well cost me my life. This I also am aware of. Really, as I believe
I've wrote, I'm fucking over myself -seeing how it feels to betray completely everything I thought I had that made me "me." It's not something that most sane people would do, but I'm into it for an aspect of the depths of human experience that would be otherwise impossible to, well, experience. This puppet theatre of world events is going to keep playing out no matter which side I'm on. The sacrifice I make now will allow me to be able to converse intelligently about things that
before I could only have opinions about.

This is reality. If it weren't me, it'd be someone else, and they could've just as easily been me. I have so little time on this planet, and I need to see from as many viewpoints, and learn as much as possible. So, here I am, spending some time finding out firsthand about part of society that people either love or hate. Myself, I don't love or hate. Life is too short.

And shit man, you may as well laugh, because that brain matter dance isn't likely to happen any time soon. I'm more of a minor wound type. However, should my head succumb to entropy before the rest of me, I would invite such revelry. Just try not to feel too sad, just appreciate the absurdity of corporeal existence.
Rock n' roll...

print add/read comments

Permalink: I_m_going_to_explain_myself.html
Words: 611
Location: Buffalo, NY

Category: life

02/23/06 12:34 - 33ºF - ID#32492

The Gym and Programming

I have been lifting like mad and my body aches everywhere. I seriously feel thicker everywhere which is kind of exciting although I am not ready for pictures yet. I just wish I had continued working out from back when I started back in november and didn't stop for the months in between.

I have to say I do not know if it will be worth it over the longhaul as it takes up valuable evening programming time but I suppose a little moderation is in order in my life.

Sometimes I want to look like this. I got the chest hair part going, lol.

Today (e:enknot) and I were talking about how we are not just professional but also recreational programmers. Speaking of recreational programming, I was so thrilled with fixing the mobile post from email bug followed by solving the PPC 6700 jpeg corruption error all in my spare moments within the last 24 hours. I think tomorrow I plan on turning the corrupt jpeg fixer into a native mobile phone application. I have a feeling that it will be ueber addictive. If microsoft won't fix it, I will fix it for them - which is ridiculous.

I also started writing about my mobile phone soap opera on my new web site which is barely populated with data yet.
print add/read comments

Permalink: The_Gym_and_Programming.html
Words: 229
Location: Buffalo, NY

Category: programming

02/22/06 07:40 - 36ºF - ID#32491

PPC 6700 extraneous data in jpegs

The PPC 6700 which runs Windows Mobile 5.0 is my first truly futuristisic phone. I had a sidekick, I had a blackberry, I had a Nokia 7710 but this phone blows the other ones away in tersm of features, network speed (~200-500kps), includes Wifi, bluetooth, keyboard, IR. It is amazing.


The only problem is that the 1.3 Megapixel camera produces faulty jpegs that have 16 extraneous bytes in their EXIF data. The unfortunately cause the photos to not work with many web sites which use open source Jpeg libraries to resize images. I heard they even have problems being viewed in gmail.

In order for the phone to be truly useful I had to be be able to take images from the phone and use them on my journal. So it was time to get out the old fashioned hex editor and begin experimenting with which bytes were the extraneous ones. Turns out it was a regular sequence right at the end of the EXIF data. The etxra string looks like this:


I found that this string identifies the images as from the PPC 6700


Unfortunately, the string is sometimes repeated but only the first one was extraneous, so you can't just doa blind search and replace. instead you have to just repalce the first one. here is some PHP code that would allow you to use these images as normal ones using GD. You an find a copy of this

function checkFixPPC6700($orig){
    //get the file contents
    $data = file_get_contents($orig);
    //if its a PPC 6700 image cut out the extraneous 16 bits
    if(strstr($data, "x41x70x61x63x68x65x00x48")){
        $bad_data = "x00x10x4Ax46x49x46x00x01x01x00x00x01x00x01x00x00";
        return substr_replace($data, "", strpos($data, $bad_data), strlen($bad_data));
    } else {
        //if not from a PPC 6700 return data unaltered
        return $data;

$data = checkFixPPC6700('IMAGE_006452.jpg');
//$im = imagecreatefromstring($data);

if (($im = imagecreatefromstring($data)) !== false) {
header('Content-Type: image/jpeg');


print addComment

Permalink: PPC_6700_extraneous_data_in_jpegs.html
Words: 368
Location: Buffalo, NY

Category: photos

02/21/06 07:24 - 30ºF - ID#32490

When flickr, boyscouts and vintage mix


They have lots of old pics

I can't believe how few people paid attention to my journal about the clipboard reading flaw in IE. I have read about 3000 clipboards to use in my newest epoem for the epoetry symposium at UB. It is entitled, "Microsoft Security" with a refrain of get firefox, get firefox.
print add/read comments

Permalink: When_flickr_boyscouts_and_vintage_mix.html
Words: 65
Location: Buffalo, NY

Category: elmwood

02/19/06 01:29 - 17ºF - ID#32489

Standing on the corner

Welcome to the site new peeps. The latest one (e:dragonfire) wrote [inlink]dragonfire1024,1[/inlink] about the demolition of the first section of elmwood after forrest to put in a new hotel. It is so sad that a part of elmwood that I remember as being "the elmwoodstrip" as a kid is going to disappear. I signed the petition but I honestly have no hope anymore after the coop destroyed the old brick brid house to make their store. I figure it is just a matter of time.


Once that is done the Atwater hosue will come down. The sticky buns that used to come from the bakery in there was one of the original reasons I would skip school and ride the bus down elmwood. (e:iriesara), remember when you used to live there with the ghosts, lol.

[size=m]Allen Street[/size]
I seem to spend a lot of time standing on the corner of Allen and Franklin on the way home from work recently. Sometimes, I think I want to go to Cafe 59 but then I don't because for some reason it feels weird to go out alone. Does anyone rememeber when it used to be Java Temple?

I have a feeling a lot of prositutes stand near this corner here or around here by the way the people seem to drive by and stare over and over sometimes.

There is a nice tile floor there. I like to stare at it while I wait.


The sky was so beautiful yesterday. It is hard to tell in these last two photos I took before the battery died on my phone but it was the really nice orange, purple, blue combo. We were driving at like 30mph int he car so they didn't come out real nice but you can still see the clouds.



The Buffalo news article is coming out on Monday or Tuesday in the city section or possibly the front page accordig to the reporter. I am excited to see what they say about the site. The geek meet is also coming up in one week and I have to really start preparing my stuff. Luckily, tomorrow is presidents day and I have off.

print add/read comments

Permalink: Standing_on_the_corner.html
Words: 374
Location: Buffalo, NY

Category: web

02/17/06 11:07 - 23ºF - ID#32488

Paul's Box

I put together some new content administration system to keep track of my content administration systems. I put one together for (e:twisted) too


print addComment

Permalink: Paul_s_Box.html
Words: 43
Location: Buffalo, NY

Category: food

02/16/06 06:39 - 40ºF - ID#32487

Washington Market

I went to the Washington Market with (e:enknot) for lunch. The food was yummy and it is in a nice central downtown location. They had these shrimp samples. Whiochi unfoprtunately has cillantro (which I am alergic to) but I ate them anyways because they were so freakin yummy and free,



My lunch was a little more expensive than the equally delicious fare I would get at roswell but I fiugured it was worth evtnuring somewhere new, The prices for non-prepared food were very reasonable and they had much of the same stuff as the coop.







Today I designed a site for people with brain tumors. I really do not want to see any more pictures of brain tumors. It is really making me nervous in fact I started using my cell phone on speaker phone. At least the site looks pretty now to see if the design will be accepted. The old site is . More than a redesign I made a new CMS backend so that the client can update, add media, etc all from the site itself.

print add/read comments

Permalink: Washington_Market.html
Words: 201
Location: Buffalo, NY

Category: birthdays

02/12/06 09:43 - 20ºF - ID#32486

My Mother's Birthday

[size=m]The gift of the internet[/size]
(e:mike), (e:terry) and I spent the day with the family in order to celebrate my mother's birthday. mike and I decided to buy her the internet for her birthday. For christmas we got the parents a computer system and now the high speed internet. Someday soon they will know it is like to actually use the internet. I don't think my father has ever actually explored the net. I am so curious where it will take them.

[size=m]Shango's Bistro[/size]
For brunch we went to Shango's Bistro at 3260 Main street (MAP TO: 3260%20MAIN%20ST) . For those of you that have not been there it is right across from UB South Campus. The food is unbelievable and the prices are quite reasonable. I had always thought it was more expensive.

The orange juice was quite fanastic. I like how it came with a slice of orange on it.

Where else can you get green eggs and ham with procuitto

We all ordered our own brunch meal but the Banana Glaze French Toast sounded so good we ordered an extra plate for the table.


(e:terry) had scrambled eggs with sausage

(e:mike) and I had sirloin and poached egg - I already weigh 145 how crazy is that. Up five pounds in like a month.

My father insisted on dessert so we all shared a balckberry cabernet sorbet
Dollar Store[/size]
Afterward we decided to go to Bingo ayt uncle Sams bingo in canada. Sorry (e:thhecarrey) we are never going again. It was definatey not nearly as fun as I rememebered the time that (e:iriesara), (e:terry) and I walked there from Buffalo.

We got there early so we took my mom on a excusrion to the dollar store. She loves those store and we just didn't feel like dressing up [inlink]pyrcedgrrl,18[/inlink] and going to walmart.


Does this look like a sex toy or what?

I never even got close to winning.

And the no smoking room in really tiny and smell worse than the gym. Its so opposite of here where the no smoking room is the big room and the smokers have a little box.

This one is for you (e:iriesara)


print add/read comments

Permalink: My_Mother_s_Birthday.html
Words: 394
Location: Buffalo, NY

Category: web

02/11/06 11:08 - 24ºF - ID#32485


So my application is coming along great.


The most fun part is the user interface for adding and removing users from your group discussion or document creation. It is all using surebert to load in users dynamically and then it lets you free drag them in or out of the group. The ones in the group get the cute little face icon and their names change font. Those outside of the discussion group are bold black.


You can already visit it at

print addComment

Permalink: Discuss.html
Words: 95
Location: Buffalo, NY



New Site Wide Comments

paul said to mike
You are welcome!...

mike said to paul
i'm glad you documented this. I was actually looking for a picture but came across this and am glad ...

mike said to paul
i'm glad you documented this. I was actually looking for a picture but came across this and am glad ...

mike said to paul
i'm glad you documented this. I was actually looking for a picture but came across this and am glad ...