Yet another flaw in IE6 (including SP2) has been found and disclosed and may already be getting used to exploit users. This new flaw involves using an onclick event to initiate a createElement event, which is used to create an iframe to a remote web server which can download anything it likes to your computer, bypassing IE’s protection systems in the process.

The solution at this stage, is to turn off active scripting, unfortunately that renders IE mostly useless as you can’t even use it for WindowsUpdate in that state. Another solution is to avoid untrusted links, but doing that renders most of the Internet as a no go zone. A better solution is to go and get yourself a free copy of Firefox and spend your time browsing instead of worrying about browsing.

According to the statistics on their site, the Firefox web browser has hit the 19 million downloads mark, and will have passed 20 million by the end of this month. That likely makes it one of the most popular Open Source programs ever. There are a ton of people out there that will tell you that Open Source cannot produce applications with the quality of their proprietary cousins. Firefox is an excellent example that not only is it possible to make excellent Open Source apps, more often then not, they end up surpassing their proprietary competitors. (Linux, Apache, OpenOffice and MySQL are other well known examples of well accepted Open Source projects.)

Update:
According to Websidestory, Firefox has now over 5% of the browser market, and has just about pushed IE6 below 90% for the first time in years, not bad for a web browser that was officially released last November. (less then 3 months ago at the time of writing.) 5% doesn’t sound like that much, but if you consider that there are more then a couple of hundred million users on the Internet, 5% is quiet a significant number. (Also keep in mind that Tech people are leading the charge for Firefox, and we don’t download it again each time we give it to someone, so that 20 million number is probably a conservative estimate.)

WEP cracks are on the rise with new tools that are available. SecurityFocus highlights some tools that now break WEP codes with very few packets.

War Driving, that act of driving around and finding open wlan’s has a new challenge. Paint that will block the wireless signal, presumably in or out. I guess for industrial or business models, it may make sense to shield signals. The article is silly saying $69 dollars a gallon is a lot. If it works, that is basically nothing compared to even a simple leak.

Ebay has announced a significant hike in the fees it charges sellers to list an item for sale. The most significant up front increase is the gallery picture increase from $0.25 to $0.35. While the gallery picture size is apparently to be increased, one would have to wonder what increase in cost at Ebay is causing the fee hikes. On the backend, they are increasing the base percentage of each sale taken from 5.25% in most cases to 8%, a significant hike. Ebay answers questions here, but the one they don’t really ever answer is why should the cost of delivery not be declining instead of increasing? They of course have employees and hardware, but the main commodity is electrons and the cost of delivering them should be declining.

Or does it. The FTC claims victory in shutting down 6 porn spammers. However, they cannot find most of the people involved. It is good that they go after the businesses advertised of course, but most of the actors in these plays just pop up tomorrow under a different business name. Good luck tracking it down and shutting it off. We can hope — foolish though we may be.

Techworld has an article here, detailing security flaws in both Apple iTunes, and Microsoft media player. The iTunes flaw affects both Windows and OSX versions and involves downloading malicious playlists. The MS Media player flaw involves the DRM (Digital Rights Management) subsystem that Microsoft created to force you to comply with the recording and movie industries draconian policies. So now it can not only stop you from backing up your legally own digital media, it can also give you Trojan horse that can totally compromise your PC, or even worse, your online banking.

Be sure to load any updates provided by both Apple and Microsoft if you do not wish to be affected by this.