Windows Live Messenger WTF [ + Microsoft rant ]


  • Considered Harmful

    I just discovered this accidentally when trying to paste the HTML snippet <a href="http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" onclick="window.scrollTo(0,0); return false;">Back To Top</a> to a coworker so I could explain that no scripting was necessary.  The server rejected my message.  I tried it a few times, varying the message slightly, and found that the characters [period] s c r would cause the send to fail, regardless of surrounding characters.  I use Pidgin, a multiprotocol IM client, so I'm fairly sure this filtering takes place on Microsoft's servers rather than on the client (the "server error" message also pointed in that direction).

    I know .scr is the extension for a Windows screensaver, which is really an executable file in disguise.  It's a common vessel for viruses and I imagine the purpose of this nonsense is to prevent virus/spyware spam on their IM network.  Of course the result was that a perfectly legitimate message was rejected with no explanation, and I had to figure out what was going on so I could circumvent it.  I couldn't make any reference to the JavaScript function window.scrollTo at all, just in case I had some vague malicious intent.

    I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

    I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

    It doesn't even work, so far as I've heard.  Windows, IE, and Outlook exploits continue to crop up despite the weekly automatic vaccinations (which force a restart unless you figure out how to disable it.)  Intrusive-yet-ineffective security measures like this one just make my work more unpleasant, and steadily drain my enthusiasm until I consider converting to the Linux camp -- I installed it on my laptop and love the level of customization possible.



  • iirc window'scrollTo' should work. Also I would have to agree; one thing that Microsoft doesn't realize that if it allows for more user-friendly tweaking it can pretty much crush Linux (as a few people who use Linux like the tweak-ability aspect more than the open source part, of the people I know that is). Also the force-restart thing is definitely a kick in the pants (it's killed a number of long operations (like downloads) that it's a major pain in the ass, I think it's also corrupted a backup on me once (which wasn't too bad as I only held one of the back ups). Also the are you sure you want to change the extension is a major peeve.



  • At least concerning the e-mail client (which name rhymes with "Toutlook"), Microsoft eventually accepted that it was a bad idea. There is some really obscure registry option that lets you disable that "feature". Also, as far as I know, it has been removed (or at least alleviated to a sane form) in newer versions.

    I agree however that it tells quite a bit about the attitude that they put it in in the first place.


  • Considered Harmful

    Nice of the forum software to expand "#" to "http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" for me.  Oh, the forum software is powered by Community Server?  Who makes that?  Let me guess.

    [Edit: Okay, not first-party software after all.  We have Telligent to thank.]



  • Windows Live Messenger also blocks links ending in .info:

     if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
     



  • Oh, I remember stumbling across the ".scr" thing a while back. Utterly ridiculous.

    Particularly since it doesn't actually take into account whether that substring is even part of a URL, as you've mentioned. And it's not case-sensitive, either. So you can't even refer to java.awt.ScrollPane, for instance. ::headdesk::

    Apparently MSN also blocks anything with "download.php" from being sent, which, of course, blocks a bunch of legitimate download sites.



  • The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

    It's so easy to screw up a filename when trying to edit it, and Microsoft of course, as usual, work around that by putting in another layer of inconvenience. Not only a dialog box, but one that does nothing useful. If you hit Yes, you lose your original extension. For an average user, they probably have no idea what it should be or that Explorer has undo, even the desktop (ctrl-Z or right-click on the desktop, Undo, despite no menu bar). If you hit No, the original name is restored and you have to type it all over again. I think Apple started this stupidity, not Microsoft -- the Finder was just as moronic. The only change is that OS X now lets you click which extension you want to keep.

    Of course, if you lose the extension entirely, there isn't even a warning in Windows (unlike Mac OS X, IIRC) that the new name will render the file unable to be launched by its default action.

    I wonder, do any of the X11 file managers get all this right?

    And yes, trying to get URLs to go through MSN in Pidgin can be really frustrating. I've barely touched Microsoft's two official MSN clients (Windows Messenger, MSN Messenger/Windows Live Messenger) so I don't know whether they have the same problem.

    I think the funniest one was this:

    Trying to open a PNG image in Internet Explorer, with QuickTime set to render them (perhaps so you can have true 32-bit PNGs?) Of course, this was not the first and not the last time that Windows Explorer or Internet Explorer could not understand what the Internet was (like being told that by Windows Explorer that a particular .txt file on some \\SERVER was a dangerous file on the Intenet that I shouldn't open ...)

    [Edit: yes, the PNG file in the screenshot above was itself a screenshot of another bug, a bug in MSN Messenger ;-)]



  • Thunar (xfce.org) and nautallius (sp?) iirc both select only the filename section of the filename when renaming. I'm presuming konkorer does the same thing, though I don't have any systems with KDE installed to try that out.

    Also on the subject of MS's wonderful ideas is XP no longer has the find file dialog as the find file dialog, I have to click one button to start finding the files which is a pain if you opened the dialog with your keyboard as you have to move a hand over to the mouse. We could just flood MS's support site with suggestions on how to make their software better, doubt that would do anything; bigger the group though. . .


  • Considered Harmful

    Daniel Beardsmore:

    One thing to watch out for is that HTTP uses mime-types, not file extensions, to determine what a file is used for.  The extension means nothing.  You could perhaps dupe some naive individual with a safe-looking file extension in a URL, that triggers a download of executable code (though most modern user agents are too smart for this sort of thing).  I've seen dynamic HTML pages with extensions like .exe and .dll, that were simply programs running server-side.  The browser knows this because the mime-type remains text/html, as sent in the HTTP headers.

    You probably already knew that, but it's good to bear in mind.

    [Edit: Doh!  I only just now realized that was a local path in your screenshot.  Disregard my comment.]



  • @joe.edwards@imaginuity.com said:

    I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

    I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

    You are rapidly approaching the point where you discover the reason for free software. Unix platforms are better than anything MS has done, but that's not what it's all about. If you don't have the source and the right to fix it, you don't own it - it owns you. It's all about whether you're the guy driving the cart or the horse pulling the cart.



  • @Daniel Beardsmore said:

    I wonder, do any of the X11 file managers get all this right?

    Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.



  • @Daniel Beardsmore said:

    It's so easy to screw up a filename when trying to edit it, and Microsoft of course, as usual, work around that by putting in another layer of inconvenience. Not only a dialog box, but one that does nothing useful. If you hit Yes, you lose your original extension. For an average user, they probably have no idea what it should be or that Explorer has undo, even the desktop (ctrl-Z or right-click on the desktop, Undo, despite no menu bar). If you hit No, the original name is restored and you have to type it all over again. I think Apple started this stupidity, not Microsoft -- the Finder was just as moronic. The only change is that OS X now lets you click which extension you want to keep.

    Of course, if you lose the extension entirely, there isn't even a warning in Windows (unlike Mac OS X, IIRC) that the new name will render the file unable to be launched by its default action.

    This annoyance was introduced by Microsoft as the MacOS did not natively pay attention to file extensions until MacOS X. MacOS 9 and lower used 4 byte file type and creator codes to identify both the type of file and what application should open the file when the file is double clicked in the Finder.

    Also, in OS X if you delete the file extension of a file while renaming it, the Finder simply hides that file's extension leaving it unchanged.



  • Another WTF with Messenger:
    File transfers are completely messed up.
    Sometimes they fail to send a request to the other person.
    Sometimes they don't send the request, but send it after a few minutes.
    Sometimes they show up as declined when they have been accepted.
    Sometimes, they don't even appear correctly in the chatbox, and/or mess all the text up!



  • @Heron said:

    Windows Live Messenger also blocks links ending in .info:

     if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
     

    OK, I had to see if MS was as stupid here in their implementation as I expected...and I was right.

    They block '.info' ANYWHERE in a message.

    Even if it's, say, www.infoworld.com. Or myPackageName.InformationRecord. Context does not matter whatsoever.

    ::sound of head hitting desk repeatedly::



  • OMFG! I wonder what other hidden blocks it has.

    I'm glad I don't use that thing...



  • @codeman38 said:

    Oh, I remember stumbling across the ".scr" thing a while back. Utterly ridiculous.

    Particularly since it doesn't actually take into account whether that substring is even part of a URL, as you've mentioned. And it's not case-sensitive, either. So you can't even refer to java.awt.ScrollPane, for instance. ::headdesk::

    Apparently MSN also blocks anything with "download.php" from being sent, which, of course, blocks a bunch of legitimate download sites.

    If it was case sensitive, it wouldn't be doing what they intend that it do*, since the extensions and file associations aren't case sensitive.

     
    *the utility of which is laughable. 



  • @AbbydonKrafts said:

    I'm glad I don't use that thing...

    I've spent a lot of time talking to contacts on MSN, but it's not the random blocking that's the biggest problem, but the general server connection reliability. It's got to be the least reliable IM system on the planet. I am not sure what's with the limit of one colour and style per message though.

    The only snag is that many of us seem to be Pidgin users, and it's no great secret that Pidgin's MSN code is painfully obsolete. It's hard to tell how much of MSN is simply Pidgin being buggy and broken, like how Yahoo file transfers die with an error despite actually completing successfully. MSN file transfers still go at pathetic speed (about 2 kB/sec often), which I do wish would get fixed.

    I wish I didn't have to use the MSN chat network, but so many people only use that one. I don't know if any of them are especially reliable or especially well-supported in Pidgin, but AIM and ICQ seem to be pretty good at the moment, file transfers notwithstanding.



  • @Daniel Beardsmore said:

    I've spent a lot of time talking to contacts on MSN, but it's not the random blocking that's the biggest problem, but the general server connection reliability. It's got to be the least reliable IM system on the planet. I am not sure what's with the limit of one colour and style per message though.

    I use BitlBee as my MSN client, and I can attest that the uptime/reliability of the MSN servers is quite good, measured in weeks (and that's mainly just reconnect-to-another-server downtime, significant downtime's only occurred a couple times in the past two years).


    As for the arbitrary blocking/dropping of messages based on random terms - happens in BitlBee too.



  • I assume this is some sort of spam filter that only affects clients that don't properly identify to the server (e.g. Pidgin).

    I guess the "side" effect, that this makes non MS-clients almost unusable is not entirely bad for MS. Other companies providing IM services have been very uncooperative towards alternative clients as well.



  • @codeman38 said:

    @Heron said:

    Windows Live Messenger also blocks links ending in .info:

     if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
     

    OK, I had to see if MS was as stupid here in their implementation as I expected...and I was right.

    They block '.info' ANYWHERE in a message.

    Even if it's, say, www.infoworld.com. Or myPackageName.InformationRecord. Context does not matter whatsoever.

    ::sound of head hitting desk repeatedly::


    Well, there is .inf in both of those addresses. Although I don't know if .inf's can be used to create any significant amount of damage...

    Now the real question is, does MS block www.microsoft.com ?
    Edit: Anyone know any .exe<something> addresses?





  • @asuffield said:

    Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

    Pfft. Command line is nice, but not really fun for all purposes. Anyone who's serious about using a Unix platform knows the [i]correct[/i] solution is to use the Right Tools for the Job.

    Finding the file if you remember it's name? "locate foo". Trying to find the file from among the bazillion documents if you Know It Was Somewhere Here? File manager. Mass renaming files? "for i in ... ; do mv $i ... ; done" and hope you didn't blew up the whole thing. Subtle name-changes for a few files in the directory? File manager. And especially, ordinary every-day opening of files for GUI application use - the [i]file manager.[/i]

    If you believe command line is the best tool for everything, your grand prize is a year's supply of auto-complete-induced backslashes (and pair of thick glasses to make sense of them). =)



  • @asuffield said:

    @Daniel Beardsmore said:

    I wonder, do any of the X11 file managers get all this right?

    Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

    Try to use command line to manage a webdav folder :D

    i particulary like the konqueror feature to filter content. Very usefull to manage content of /home/tchize/*.png and dont get bothered by other files :D 



  • @joe.edwards@imaginuity.com said:

    I just discovered this accidentally when trying to paste the HTML snippet <a href="http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" onclick="window.scrollTo(0,0); return false;">Back To Top</a> to a coworker so I could explain that no scripting was necessary.  The server rejected my message.  I tried it a few times, varying the message slightly, and found that the characters [period] s c r would cause the send to fail, regardless of surrounding characters.  I use Pidgin, a multiprotocol IM client, so I'm fairly sure this filtering takes place on Microsoft's servers rather than on the client (the "server error" message also pointed in that direction).

    I know .scr is the extension for a Windows screensaver, which is really an executable file in disguise.  It's a common vessel for viruses and I imagine the purpose of this nonsense is to prevent virus/spyware spam on their IM network.  Of course the result was that a perfectly legitimate message was rejected with no explanation, and I had to figure out what was going on so I could circumvent it.  I couldn't make any reference to the JavaScript function window.scrollTo at all, just in case I had some vague malicious intent.

    I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

    I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

    It doesn't even work, so far as I've heard.  Windows, IE, and Outlook exploits continue to crop up despite the weekly automatic vaccinations (which force a restart unless you figure out how to disable it.)  Intrusive-yet-ineffective security measures like this one just make my work more unpleasant, and steadily drain my enthusiasm until I consider converting to the Linux camp -- I installed it on my laptop and love the level of customization possible.

    You don't mention the resolution of the problem... did you witness to your coworker the gospel of XMPP? I am always foolishly hoping for a happy ending.



  • @WWWWolf said:

    Trying to find the file from among the bazillion documents if you Know It Was Somewhere Here?

    grep 

    Subtle name-changes for a few files in the directory?

    qmv

     

    And especially, ordinary every-day opening of files for GUI application use

    Passed as the final argument to the program.



  • @tchize said:

    @asuffield said:
    @Daniel Beardsmore said:

    I wonder, do any of the X11 file managers get all this right?

    Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

    Try to use command line to manage a webdav folder :D

    davfs2 or fusedav. So much better than something that only works with KDE applications.



  • I'm not sure whether I was using Pidgin when I tested that.  However, for kicks and giggles, I'm in Windows right now, using Windows Live Messenger, and my wife is sitting next to me on *her* laptop logged in to Windows Live Messenger.  We are both using the newest version.

    the string ".info" is blocked.

    the strings ".exe", ".inf", and (of course) ".com" are not blocked.

    So no, this is not an issue that only affects non-Microsoft clients.  This is a Microsoft server-side issue, which implies that it is done on purpose.

     

    I use MSN because I know a lot of people that do.  I rarely see significant server downtime (less than two or three times a year) whether I'm using Pidgin or Windows Live Messenger.



  • As a side note, has anyone ever seen a useful .info site?  The only one I can think of is [url=http://www.regular-expressions.info/]www.regular-expressions.info[/url].



  • Hm ... I think I've seen some good .info sites, but nothing specific comes to mind.

    However, this is funny — from the regular-expressions.info site:

    [You] could use the regular expression \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b Analyze this regular expression with RegexBuddy to search for an email address. Any email address, to be exact.

    Aside from the seemingly random insertion of "Analyze this regular expression with RegexBuddy" caused by inserting a link into the sentence containing an image with an alt property (which rears the ugly head of title vs. alt usage), I am amused to see their attempt to match every single e-mail address.

    I lose track of exactly which characters that expression won't match (and how many can be reasonably expected to occur in 99.999% of real addresses) but it would be nice if the site were to acknowledge the limitations of its expression. Or, hey, since it's a regular expression site, post the complete Borg Cube expression.

    In its defence, the "properly formatted email address" does at least go on to explain the limitations of then above expression. But it did say "Any". In italics.



  • @Cap'n Steve said:

    As a side note, has anyone ever seen a useful .info site? The only one I can think of is [url=http://www.regular-expressions.info/]www.regular-expressions.info[/url].

    That one is more of a misinfo site. It's a jumbled mixture of correct information, misquotes, confusion, popular-but-wrong ideas, and advertising. Don't trust what you read there. 



  • @Cap'n Steve said:

    As a side note, has anyone ever seen a useful .info site? The only one I can think of is [url=http://www.regular-expressions.info/]www.regular-expressions.info[/url].

    First one I thought of was [url=http://songtitle.info/]songtitle.info[/url] - which answers the age-old question "what was the song in that commercial?".

    There's also [url=http://colloquy.info/]colloquy.info[/url], which, granted, is only useful if you use OS X and participate in IRC chats. Given that I've shared the link with Mac folks who were dissatisfied with Ircle, I think it's useful, anyway. :-p



  • @Daniel Beardsmore said:

    The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

    Vista actually fixes this issue. When you go to rename a file it selects all but the extension. At least they got something right with it. 



  • Sheez man.

    <font color="#204A87">(10:53:59 PM) Telcontar: oo ...
    Generating gallery:
    Path: v0/v0g00 -
    Warning: chdir(): No such file or directory (errno 2) in /usr/local/...../generategallery.php on line 87
    0 images found.</font>
    <font color="red">(10:54:01 PM) Message could not be sent because a connection error occurred:</font>
    <font color="#204A87">...</font>

    The "....." is not obfuscation -- it was where I removed two instances of ".com" and other cruft to placate MSN. Still no dice.

    Seems that "generategallery.php" is considered another exploit, so I had to take ".php" off the end. Since ".php" is, well, rather commonplace on the Web, I wonder how many other valid URLs get blocked. It doesn't seem to have been too bothered about my site (all PHP pages) but a lot of my URLs end with '/' as I consider "index.*" unsightly.

    At least it's good to know that Vista's Explorer has a time-saving improvement, to make up for the time wasted moving items to the Recycle Bin ...



  • @Daniel Beardsmore said:

    The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

     

    Not in Vista. In attached image, taken immediately after right click > rename (or double click on name) top = XP, bottom = Vista. One of the few immediately noticeable improvements in my experimentation. Edit: I see I've been beaten to this point.

     



  • @AbbydonKrafts said:

    OMFG! I wonder what other hidden blocks it has.

    I'm glad I don't use that thing...


    For anyone that's wondering about this, [url=http://www.amsn-project.net/forums/viewtopic.php?t=157&postdays=0&postorder=asc&start=30]here's a full list of everything that's censored[/url]:
    .pif
    .scr
    grouppicture.php
    groupicture.php
    gallery.php
    staff.php
    pics.php
    rottentomatoes.us
    msn.php?email=
    download.php
    www.baratinha.mypets.ws
    www.messangerstats.net
    www.messengertools.org
    www.stuffplug.com/temp/downgrdr.exe
    69.56.129.67/gift.com
    xmas-2006
    miralafoto/foto.exe
    168.169.78.19
    profile.php?
    tufoto
    www.hornymatches.com
    www.iwantu.com
    www.block-checker.com
    verti2/fantasma.zip
    www.amigosparasempre.smtp.ru
    www.amigosparasempro.smtp.ru
    armazfiles.smtp.ru
    www.chinacircle.com
    www.mensagemparavc.mail15.com
    www.mprofiles.net/members.php?msn=
    www.930le.com
    www.66663.cn
    www.shusu.cn
    www.1717wan.cn
    www.995ba.com
    www.mydipan.cn
    www.51kongqi.com
    www.94nile.com/apple
    sweetpictures.myphotos.cc/katiesex.pif
    201.22.6.4/fotos/safada.html
    www.life365.com
    www.photogbase.com/pictures.php?photo656.jpg
    chnstudio.com/upload/impluse.exe
    shurl.org/myhomepage
    p1377.pic-myspace.info
    www.mypengyou.com
    pic831.mp3-myspace.com
    www.51pingguo.cn
    88chi.com
    nihao52.com
    81copy.com
    myonlinecam.net
    77885.cn
    51zhaogu.com
    51shejiao.cn
    gangen.cn
    wangw.cn
    uglyphotos.net
    funpic.de
    505united.com
    t35.com
    quicknews.info
    symantec.com/security_response/writeup.jsp?docid=2004-120714-0643-99
    members.lycos.co.uk/svy21/t/contact.php
    sonresimler1.googlepages.com/ozelresimler.htm
    viotagallery.com
    www.spotyourface.net/main/pictures/sexy
    image001.png
    image002.gif
    funbuddyicons.com
    wellwell.biz
    casedinjertionkderunhdaseo.com
    jertionkdewiondaserunf.com
    butuinkdesionmas.com
    imp.exe
    bush-gracioso.exe
    www.windowslivemessenger.biz/msn/msn.php
    memebers.lycos.co.uk/getmessenger
    get-messenger
    belgravehelpdesk.com
    xpimad.com
    album.zip
    malbranche.goracer.de
    albrahem.com
    improfile.net
    unknowntools.com
    www.dreamlife365.com/member/
    hetandunhasde.com
    www.mensageirovirtual.land.rup


    To get around a lot of the blocking, you can use "%2e" instead of "." (eg. download%2ephp).



  • @Daniel15 said:



    For anyone that's wondering about this, [url=http://www.amsn-project.net/forums/viewtopic.php?t=157&postdays=0&postorder=asc&start=30]here's a full list of everything that's censored[/url]:

    symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99



    ...

    They are clearly insane. Why that particular one? 



  • @asuffield said:

    @Daniel15 said:



    For anyone that's wondering about this, [url=http://www.amsn-project.net/forums/viewtopic.php?t=157&postdays=0&postorder=asc&start=30]here's a full list of everything that's censored[/url]:

    symantec.com/security_response/writeup.jsp?docid=2004-120714-0643-99



    ...

    They are clearly insane. Why that particular one? 

    Exactly what I thought once I read the post. What did that point to though? I just get a 404 if I try to access it now. 

    @Daniel15 said:


    To get around a lot of the blocking, you can use "%2e" instead of "." (eg. download%2ephp).

    Which shows once again how utterly pointless and moronic this kind of block is. Every halfway determined spammer can easily circumvent it. Average Joe User, however can't. So the only impact this block has at all is to annoy users. Well done. Really well done.



  • @asuffield said:

    @Daniel15 said:



    For anyone that's wondering about this, [url=http://www.amsn-project.net/forums/viewtopic.php?t=157&postdays=0&postorder=asc&start=30]here's a full list of everything that's censored[/url]:

    symantec.com/security_response/writeup.jsp?docid=2004-120714-0643-99



    ...

    They are clearly insane. Why that particular one? 

    I don't know why it's got \? in there, but here is a link to it. As far as I can tell, it's a piece of adware that adds itself to autorun under the name "MSN Messenger". Perhaps they're worried that people will see that and think their OS is insecure?



  • @rbowes said:

    I don't know why it's got ? in there ...

    In the original list, they were all regular expressions. Daniel15 probably converted all the escaped dots, but didn't also spot the escaped question marks.



  • @Daniel Beardsmore said:

    @rbowes said:

    I don't know why it's got ? in there ...

    In the original list, they were all regular expressions. Daniel15 probably converted all the escaped dots, but didn't also spot the escaped question marks.



    Yeah, my bad...
    They were regular expressions, and special characters like . and ? were escaped. I did a find and replace on the dots, but didn't notice the questions marks.



  • Oh, and here's a new list:


    .p
    .s
    grouppicture.p
    groupicture.ph
    gallery.php
    staff.ph
    pics.php
    msn.php?email
    download.ph
    xmas-2006
    miralafoto/foto.e
    profile.php
    tufoto
    verti2/fantasma.z
    armazfiles.smtp.
    chnstudio.com/upload/impluse.ex
    t35.c
    members.lycos.co.uk/svy21/t/contact.ph
    sonresimler1.googlepages.com/ozelresimler.htm
    viotagallery.c
    image001.pn
    image002.gi
    funbuddyicons.com
    wellwell.bi
    casedinjertionkderunhdaseo.co
    jertionkdewiondaserunf.com
    butuinkdesionmas.com
    imp.e
    bush-gracioso.exe
    memebers.lycos.co.uk/getmessenger
    get-messenge
    belgravehelpdesk.com
    xpimad.c
    album.zi
    malbranche.goracer.
    albrahem.co
    improfile.n
    unknowntools.c
    hetandunhasde.com
    thecoolpics.ne
    .www.provnarkotika.com.
    gratishost.com
    dreamlife365.c
    whoadmitsyou.c
    blockoo.com
    baratinha.mypets.ws
    messangerstats.ne
    messengertools.or
    stuffplug.com/temp/downgrdr.exe
    hornymatches.c
    iwantu.c
    block-checker.com
    amigosparasempre.smtp.
    amigosparasempro.smtp.
    chinacircle.co
    mensagemparavc.mail15.com
    mprofiles.net/members.php?msn=
    930le.co
    66663.cn
    shusu.cn
    1717wan.
    995ba.co
    mydipan.
    51kongqi.co
    94nile.c
    life365.com
    photogbase.com/pictures.php?photo656.j
    mypengyou.c
    51pingguo.c
    spotyourface.net/main/pictures/sexy
    windowslivemessenger.bi
    mensageirovirtual.land.ru
    provnarkotika.com
    tinyurl.com/asdkfh13
    wasedinterfunva.c
    qerunherdasfunkin.co
    photos.z
    .*2nnvc7.
    .urltea.com.
    urltea.com/p2s
    tinyurl.com/2nnvc
    linkangel.net/msn
    messenger-tips.co
    imrealm.com
    blocknblock.co
    imtract.com
    blockinri
    messaging-names
    tebloqueo.c
    mesns.co
    .*messenger-tips.com
    .*get-messenger.com.
    .hotbeachpics.net.
    .*wadesuntiondketunhasde.com.
    .*la.gg/upl
    cbswest.com
    newmsn
    cirnews.com
    .easedrunkiondehunfans.com.
    .*amazingsexy.net
    .*nishiwo.com.
    .*vetionkdesunjadefin.com.
    .*handeusjinkdewshishu.com
    .pozaseruiasterduin.com.
    .*okinyunhfeunasterfunjin.com
    .messengerscan.com.
    .
    .info.
    .messenger-scan.
    .*my-msn.servebeer.com
    .*summer2008
    .images.zip.
    .*messengerscan.net.
    .msn-csi.tk.
    .*messenger-contacts.tk
    .xedinkiontnherioplinades.com.
    .*messenger-list.com
    .*messengercheck.biz
    .*msn-contacts.tk
    .*myalbum2007.zip
    .*cirnews.com.
    .*messenger-checker.tk.
    .msn-live-scanner.tk.
    .*msn-scanner.tk.
    .bloockoo.net

    .
    means "zero or more characters", it's like a wildcard.

    As one of the aMSN developers noted on the topic I linked to, the list of censored words is retrieveable. If you use aMSN, press CTRL+S and type in "getCensoredWords".



  • @Daniel15 said:

    @AbbydonKrafts said:
    OMFG! I wonder what other hidden blocks it has.

    I'm glad I don't use that thing...


    For anyone that's wondering about this, [url=http://www.amsn-project.net/forums/viewtopic.php?t=157&postdays=0&postorder=asc&start=30]here's a full list of everything that's censored[/url]:
    .pif
    .scr
    grouppicture.php
    groupicture.php
    gallery.php
    staff.php
    pics.php
    rottentomatoes.us
    msn.php?email=
    download.php
    www.baratinha.mypets.ws
    www.messangerstats.net
    www.messengertools.org
    www.stuffplug.com/temp/downgrdr.exe
    69.56.129.67/gift.com
    xmas-2006
    miralafoto/foto.exe
    168.169.78.19
    profile.php?
    tufoto
    www.hornymatches.com
    www.iwantu.com
    www.block-checker.com
    verti2/fantasma.zip
    www.amigosparasempre.smtp.ru
    www.amigosparasempro.smtp.ru
    armazfiles.smtp.ru
    www.chinacircle.com
    www.mensagemparavc.mail15.com
    www.mprofiles.net/members.php?msn=
    www.930le.com
    www.66663.cn
    www.shusu.cn
    www.1717wan.cn
    www.995ba.com
    www.mydipan.cn
    www.51kongqi.com
    www.94nile.com/apple
    sweetpictures.myphotos.cc/katiesex.pif
    201.22.6.4/fotos/safada.html
    www.life365.com
    www.photogbase.com/pictures.php?photo656.jpg
    chnstudio.com/upload/impluse.exe
    shurl.org/myhomepage
    p1377.pic-myspace.info
    www.mypengyou.com
    pic831.mp3-myspace.com
    www.51pingguo.cn
    88chi.com
    nihao52.com
    81copy.com
    myonlinecam.net
    77885.cn
    51zhaogu.com
    51shejiao.cn
    gangen.cn
    wangw.cn
    uglyphotos.net
    funpic.de
    505united.com
    t35.com
    quicknews.info
    symantec.com/security_response/writeup.jsp?docid=2004-120714-0643-99
    members.lycos.co.uk/svy21/t/contact.php
    sonresimler1.googlepages.com/ozelresimler.htm
    viotagallery.com
    www.spotyourface.net/main/pictures/sexy
    image001.png
    image002.gif
    funbuddyicons.com
    wellwell.biz
    casedinjertionkderunhdaseo.com
    jertionkdewiondaserunf.com
    butuinkdesionmas.com
    imp.exe
    bush-gracioso.exe
    www.windowslivemessenger.biz/msn/msn.php
    memebers.lycos.co.uk/getmessenger
    get-messenger
    belgravehelpdesk.com
    xpimad.com
    album.zip
    malbranche.goracer.de
    albrahem.com
    improfile.net
    unknowntools.com
    www.dreamlife365.com/member/
    hetandunhasde.com
    www.mensageirovirtual.land.rup


    To get around a lot of the blocking, you can use "%2e" instead of "." (eg. download%2ephp).


    Notice that any .aspx stuff isn't blocked. Not even download.aspx :P
    But the wtf is symantec.com/security_response/writeup.jsp?docid=2004-120714-0643-99



  • Re: Pornovideos

    OK, now that was weird.

    E-mail arrives, from TDWTF Forums - Automat... (so it looks trustworthy), titled "Pornovideos".

    Wait, when did I participate in a thread called Pornovideos ... I mean, Morbs seems to be gone 'n all (which is a real shame of itself) ...

    The actual porn photo above (in case anyone is reading this after it's removed) ... the angle and the girl's expression make her teeth look large and really menacing. In fact, it's really quite an unflattering photo entirely. That and the felt strips for eyelashes.



  • @Daniel Beardsmore said:

    The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension.

    When? Certainly not in Snow Leopard. I just tested it—default selection did not include the file's extension.


Log in to reply