Bert Hubert

And it turned out that Microsoft now runs a security scanner. that will actually attempt to log in for you.

And it turned out that Microsoft now runs a security scanner. that will actually attempt to log in for you.

They're posting to your website.

They're posting to your website.

And they're posting. And the weird thing is, so the strange thing is they do the post, which is already, I think, violating many people's assumptions. Yeah. You should not be posting on behalf of anyone else. But the other thing is when they do that post, my site actually used to return a cookie, a session cookie.

And they're posting. And the weird thing is, so the strange thing is they do the post, which is already, I think, violating many people's assumptions. Yeah. You should not be posting on behalf of anyone else. But the other thing is when they do that post, my site actually used to return a cookie, a session cookie.

Which means that Microsoft, with this security measure, so the reason they do this is they want to see, is there malware on this site? And might that malware only pop up after a post? Okay, well, I see where they're coming from. But when they send that post to you, my site would use to respond with a session cookie. It says, well, welcome, you're logged in now.

Which means that Microsoft, with this security measure, so the reason they do this is they want to see, is there malware on this site? And might that malware only pop up after a post? Okay, well, I see where they're coming from. But when they send that post to you, my site would use to respond with a session cookie. It says, well, welcome, you're logged in now.

Which means that Microsoft is receiving tons and tons of these session cookies right now.

Which means that Microsoft is receiving tons and tons of these session cookies right now.

Yeah, but you could actually do. These cookies are very valuable. Because these are the session cookies that allow you to do stuff. Well, it now appears that the new barrier is they will execute your JavaScript. Okay. They will execute your posts. Okay. But they will not, for now, click on a button. So you must have a button in there right now. And that button then does the post.

Yeah, but you could actually do. These cookies are very valuable. Because these are the session cookies that allow you to do stuff. Well, it now appears that the new barrier is they will execute your JavaScript. Okay. They will execute your posts. Okay. But they will not, for now, click on a button. So you must have a button in there right now. And that button then does the post.

Yeah. And, but, but, but there's no, no one, no Microsoft did not announce that they would be doing this. And they have also not announced that they're not going to click on buttons. So maybe one day they will click on buttons.

Yeah. And, but, but, but there's no, no one, no Microsoft did not announce that they would be doing this. And they have also not announced that they're not going to click on buttons. So maybe one day they will click on buttons.

And I've since heard many people, they told me that Trends Micro also does this. And actually, I ordered some hardware stuff from a store today, and they have a link that is vulnerable to this. And when you have to click, it says, I'm going to collect my hardware now. And that is already useless for them because Microsoft is doing all the clicking right now.

And I've since heard many people, they told me that Trends Micro also does this. And actually, I ordered some hardware stuff from a store today, and they have a link that is vulnerable to this. And when you have to click, it says, I'm going to collect my hardware now. And that is already useless for them because Microsoft is doing all the clicking right now.

Oh, this is a story. This is a story. So on the one hand, they have a glorious API. And actually, I didn't read the manual. They use this thing called OpenSync or something like that. And that is apparently a sort of weakly determined standard by which you can replicate a relational database to somewhere else. as a series of XML changes.

Oh, this is a story. This is a story. So on the one hand, they have a glorious API. And actually, I didn't read the manual. They use this thing called OpenSync or something like that. And that is apparently a sort of weakly determined standard by which you can replicate a relational database to somewhere else. as a series of XML changes.

And you can pull these, you can say, I'd want to get all your changes since marker such and such. And that's actually pretty nice. So it is quite convoluted because I think it would have been easier if they just said, look, this is our SQL database and you can query it. But now you get this stream of XML messages and that is actually quite glorious and good. Now, now is where the problem comes.

And you can pull these, you can say, I'd want to get all your changes since marker such and such. And that's actually pretty nice. So it is quite convoluted because I think it would have been easier if they just said, look, this is our SQL database and you can query it. But now you get this stream of XML messages and that is actually quite glorious and good. Now, now is where the problem comes.