How do these people manage to even tie their own shoelaces? Major Microsoft security flaw exposed.

“The flaw, in Passport’s password recovery mechanism, allowed an attacker to change the password on any account to which the user name is known…It is hardly an exploit or even vulnerability; it’s just a flaw in their web-application logic.”

I also note that:

“Microsoft moved quickly to prevent online vandals from exploiting the issue. The advisory was posted just before 20:00(PDT), and by 23:30(PDT), the software giant had essentially turned off the vulnerable feature. “We have shut down all ability to reset passwords,” said Sean Sundwall, spokesman for the company.”

Three and a half hours to remove a page? IMHO the quickest fix would have been to remove the ‘page’ to which this exploit submitted and live with a 404. It should have taken about 5 minutes to confirm the problem, 5 minutes to remove it, 5 minutes to test and maybe 15 minutes to deploy to live.

Andrew Orlowski over at The Register makes some wild assumptions based on a single sentence about Google and Blogs in a report on Yahoo News otherwise concentrating on Google’s financial plans.

“Google allows people to search Web pages, as well as search specific types of content such as news sources, shopping sites through its “Froogle” service, Usenet groups. Soon the company will also offer a service for searching Web logs, known as “blogs,” Schmidt said.”

Orlowski manages to read an awful lot about his own problems with weblogs and Google into that last sentence. He even claims it is an announcement: “CEO Eric Schmidt made the announcement on Monday”, and then goes on to quote extensively from his own interviews with Chris Roddy, a politics and linguistics undergraduate at the University of Emory. and Gary Stock, chief technology office for Nexcerpt, Inc. (who incidently publishes his own blog) enough snippets to back his own points of view.
He also misquotes a conversation on slashdot in which someone says “In your search string, add the term -blog” (which is standard search engine syntax to exclude results that contain the word blog) and which Orlowski misquotes to be “a suggestion that Google add a -noblog option, which it effectively appears to be introducing by default.” That latter phrase presumably referring to his own interpretation of Google’s plans for a new Blog only search tab and removal of blog results from the main search which he derives from the single sentence quoted above!
This is major case of a ‘reporter’ airing his own prejudices as ‘news’.

I’m still looking for a suitable CMS for Jan’s site. I found a great web site during my investigations today: opensource CMS. This site is great! They have nearly 40 CMS applications installed on their server which you can play with; login as admin, add pages and articles, edit menus, etc. Most of the features seem to be enabled. All systems are reset once an hour on the hour but that is plenty to get a good feel for how the application works. They also have reviews of some of the systems, tons of useful information, CMS news, a forum, and so on. Highly recommended.

I forgot to mention that wildcard subdomains are now working on zed1.net. It’s only taken them 13 days since my original support request to sort this out. I was that close ( *holds up two touching fingers* ) to cancelling and looking for yet another hosting service.