About

Archive for December, 2009

Amilo mini sucks

28.12.2009 16:00 | 0 comments | 0 pingbacks | , ,

Yes, this is an X-Sucks post.

Around May 2009, i bought a Fujitsu-Siemens Amilo Mini UI-3520. This is a small netbook. It was probably the cheapest netbook i could find at this time, but it was also one of the smaller and lighter ones.

My experience with it has not been a happy one however.

  • Upon arrival, the battery was dead. I had to send the whole thing back, and get a new one.
  • After a few months the screen begun flickering. Note that I’ve used it very little (it mostly sits on my bookshelf). Since it is still in the warranty i sent it back for repair. I was told today that the motherboard needs replacing and there is none in stock, either here or in the factory in Germany. No word on when i’ll have it back.
  • The keyboard is rather horrible. The keys are very small and i keep making typos. My sister’s Acer Aspire One has a far better keyboard, and it was marginally more expensive.
  • The pre-installed Windows XP came with broken WiFi drivers that required an update to work. How could they miss that before shipping?

Hi5 security issues.

11.12.2009 21:57 | 1 comment | 0 pingbacks | , ,

One of my servers had a lot of traffic due to image hotlinkers (they are now being served Goatse) and while examining the logs i noticed an unusual referer from hi5. It had get variables like loginToken , loginid and reviewCommentLink. I thought that was a little strange and thought, could it be?

One click later i was logged in as some Mexican guy.

I never liked Hi5, but i can’t deny its one of the big social networking sites. Using information in links that can log someone in without any validation (or, at least, expiring them upon first use), is a serious mistake. Its not a mistake i would expect from the likes of Hi5.

I thought about reporting it, but after a google search i came upon this blog post which describes the same issue and that guy has already reported it. So, there’s no point of reporting it again. They know and don’t care. That post is from 2006.

This is really sad. This seems like a very exploitable hole. Host an image in your server that enough people will click ( keira knightley is a great choice :p ) and just wait until you get this kind of link in your referer log. It doesn’t get any simpler. (the image on my server was probably used as a profile image for someone else)