Windows XSS Vulnerability, There's a Patch for That, and Who Says Close Only Counts in Horseshoes and Grenades?

[Thanks to Nerd Dennis Houseknecht for this post] – Another XSS (cross site scripting) vulnerability has been found in Windows, and there is exploit code in the wild. Although Microsoft has not yet issued a patch, there is a workaround fix available. – The average Windows user has 22 apps installed (or four times that…

Details

Nerds On Site Partners with March of Dimes for Jail and Bail Event

Nerds On Site is proud to be a part of the 2011 Jail and Bail event being held this year in Port Huron, Michigan, U.S.A!
Prisoners are charged with a “crime” (Guilty of Kindness, Guilty of Doing Good for Babies, etc), and arraigned in front of the judge, and the bail is set. They raise bail money by contacting friends, family and acquaintances and having them pledge dollars to keep you in, or get you out of jail. The Keystone Kops are ready to round up prisoners and take them on a “Jail Break” or two. The Jail & Bail Event marks its 55th year in 2011. The event boasts that it is has always been the largest Jail & Bail event in the nation.

Details

Nerds Mail Protection

Regarding the last post, Daryl Siemens asked an excellent question: Would Nerds Mail Protection protect against such an attack. I thought the answer was worth sharing with all – it really depends upon how the attack is designed. That is why defending clients is so difficult. The answers are defense in depth (multi-layered defenses), defense in width (looking at every avenue of attack), and good old commons sense.

Details

A New Facebook Privacy Threat, and Remember to Lie on Those Security Questions

Facebook wants to give away your address and your cell phone number – through a new API. True, you can opt to keep this information private, but few Facebook users fully comprehend the implications of allowing access to this information and most just go with the default and agree to make the information accessible. I hate to be a FUD farmer or a paranoia planter, but there ARE folks out there with whom you would not share that information – particularly through and API which allows companies to gather information about thousands or millions of individuals with a few mouse clicks.

Details